Appendix A Security Considerations

We will bankrupt ourselves in the vain search for absolute security.

—Dwight D. Eisenhower

This appendix describes some options for hardening the integrity of the UEFI Shell.

UEFI Shell Binary Integrity

Recall that the UEFI Shell can be stored in the platform ROM, on disk, or across the network. For the latter two scenarios, the integrity of the UEFI Shell may be a concern in that a possibly hostile agent in the operating system may corrupt the UEFI system partition or a man-in-the-middle (MITM) attack may occur during the network download of the UEFI Shell.

Signing of the UEFI Shell is one option to handle this case of ensuring integrity of code introduced into the platform, especially from a mutable disk or ...

Get Harnessing the UEFI Shell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.