In previous chapters, we talked about the introduction of the Kernel-Mode Code Signing Policy, which encouraged malware developers to shift from using rootkits to using bootkits, moving the attack vector from the OS kernel to unprotected boot components. This kind of malware executes before the OS loads, so it’s able to bypass or disable OS security mechanisms. In order to enforce security and ensure safety, then, the OS must be able to boot into a trusted environment whose components have not been tampered with.

This is where UEFI Secure Boot technology, the subject of this chapter, comes into play. Aimed primarily ...

Get Rootkits and Bootkits now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.