O'Reilly logo

Harnessing the UEFI Shell by Tim Lewis, Vincent Zimmer, Michael Rothman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix A Security Considerations

We will bankrupt ourselves in the vain search for absolute security.

—Dwight D. Eisenhower

This appendix describes some options for hardening the integrity of the UEFI Shell.

UEFI Shell Binary Integrity

Recall that the UEFI Shell can be stored in the platform ROM, on disk, or across the network. For the latter two scenarios, the integrity of the UEFI Shell may be a concern in that a possibly hostile agent in the operating system may corrupt the UEFI system partition or a man-in-the-middle (MITM) attack may occur during the network download of the UEFI Shell.

Signing of the UEFI Shell is one option to handle this case of ensuring integrity of code introduced into the platform, especially from a mutable disk or ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required