![]() The firmware then verifies the signature of Windows Boot Manager (bootmgfw.efi) located at \EFI\Microsoft\Boot\ on the EFI System Partition and triggers it. The UEFI Firmware then verifies the signatures of the UEFI drivers and OEM UEFI applications before initializing them.The UEFI Boot Loader verifies the signature of UEFI Firmware Image before loading it.As a device is powered on, Core Root of Trust Management ( usually implemented in the CPU, the first code block that gets executed when a device is powered on and is implicitly trusted to form the Root of Trust) checks signature of the UEFI boot loader provided by SoC (System on Chip) vendor and triggers it.Let's go through the same boot flow again but this time with Secure Boot feature enabled in UEFI. UEFI Secure Boot, an UEFI feature as per specification 2.3.1 errata C, helps to secure the Windows pre-boot phase mitigating the risks against rootkits and bootkits. This is a key security risk and concern for any organization. Since rootkits/bootkits get executed prior to the OS Kernel loads, the OS remains unaware of their presence. This boot flow is very much susceptible to rootkits/bootkits which though appears to be legitimate but are actually malicious codes as these can create backdoors to an attacker and expose the system. The firmware then triggers the pre-OS_bootloader which reads the Boot Configuration Data to locate the OS Bootloader and launch it. ![]() In traditional BIOS boot flow, as the system is powered on, the CPU initializes the firmware bootloader which loads the firmware (BIOS/UEFI) image which then loads and executes all the firmware drivers and OEM firmware applications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |