Windows 8 Secure Boot Technology How do you protect your operating system from malware while it is being loaded? How do you ensure that only genuine programs get access to the operating system? For years, attackers have been trying various means to load malware into the BIOS and corrupt primary operating system services. In the previous versions of Windows, if the master boot record was corrupted due to malware, there was no way to fix it other than reinstalling the operating system. To overcome this problem, Microsoft has devised Secure Boot technology in conjunction with UEFI in Windows 8.
What is UEFI?
Basic Input Output System (BIOS) was the firmware written in assembly language with software-based interrupts that defined the way hardware and operating system interact with each other. Unified Extensible Firmware Interface (UEFI) can be considered as a successor of BIOS. UEFI is managed by the UEFI forum that maintains specifications that are to be used in different computers and its members mostly include hardware, system, firmware, and operating system vendors. [caption id="attachment_64108" align="alignnone" width="393"]UEFI based secure boot process
How Windows 8 integrity is ensured using secure boot?
- The computer is started first. It starts execution of code to configure processor, memory and other hardware devices that are attached to the system. This step is common across all architectures of Windows 8 (x86, x64 and ARM).
- Each of the attached hardware peripherals such as network cards, storage devices and video cards are assigned a key known as Option ROM.
- Each module that wishes to execute presents a key during the boot process which is verified against a database of firmware keys. The database is composed of Allowed and Disallowed list to determine what modules have the permission to execute during boot..
- The Allowed list is a set of keys that represent trusted programs. The Disallowed list is a set of malware signatures and hashes. Public Key Infrastructure (PKI) is the underlying model behind Secure Boot.