Безопасность информационных технологий (Nov 2022)
Hardware protection of UEFI-firmware and NVRAM of the computer with Resident Security Component
Abstract
The issue of protecting the firmware and the memory area for storing variables (NVRAM - Non Volatile Random Access Memory) of the UEFI (Unified Extensible Firmware Interface) system are discussed in the paper. The research methodology is a deduction. The problem of trusted computer loading, in particular, the proprietarity of the UEFI stage, is relevant in the field of computer security. For an introduction to the context and subject field, the components and environment of the UEFI system, attack vectors on the system, the consequences of successful attacks for the user and built-in security tools are briefly described. The advantages and disadvantages of using two memory areas with different access modes as a way to protect critical UEFI system data are considered. As a memory area with a configurable access policy, it is proposed to use the hardware implementation of the resident security component (HRSC). Finally, the functionality of the HRSC and the applicability of this solution for ensuring the security of the UEFI system are considered. As a result, the justification of the applicability of the HRSC as a tool for differentiating access to critical parts of UEFI firmware and NVRAM was obtained. In addition, the advantages of using the HRSC as a memory area with a configurable access policy are identified. In particular those are the ease of implementation, variability of access differentiation and platform independence from the model and architecture of a computer with UEFI.
Keywords