Too young to be secure: Analysis of UEFI threats and vulnerabilities

Vladimir Bashun, Anton Sergeev, Victor Minchenkov, Alexandr Yakovlev
2013 14th Conference of Open Innovation Association FRUCT  
Unified Extensible Firmware Interface (UEFI) is a software interface between an operating system and platform firmware designed to replace a traditional BIOS. In general, UEFI has many technical advantages over BIOS (pre-OS environment, boot and run-time services, CPUindependent drivers etc.) including also powerful security mechanisms (e.g. secure boot, update, etc.). They are aimed to provide platform integrity, be root of trust of security architecture, control all stages of boot process
more » ... l it pass control to authenticated OS kernel. From the other side UEFI technology is the focus of many new potential threats and exploits and presents new vulnerabilities that must be managed. The main goal of this research is to provide analysis of the UEFI security issues, find the point and source of the security problems and classify them. The paper describes the architectural and implementation troubles of UEFI which lead to threats, vulnerabilities and attacks. It also includes extensive review of the previous research activities in this area and the results of our own experiments. As the result of the work some recommendation about how to make this young technology more safe and secure are provided.
doi:10.1109/fruct.2013.6737940 dblp:conf/fruct/BashunSMY13 fatcat:w5qul3tcn5gilfolpfwcvigq6y