17HOW UEFI SECURE BOOT WORKS

Image

In previous chapters, we talked about the introduction of the Kernel-Mode Code Signing Policy, which encouraged malware developers to shift from using rootkits to using bootkits, moving the attack vector from the OS kernel to unprotected boot components. This kind of malware executes before the OS loads, so it’s able to bypass or disable OS security mechanisms. In order to enforce security and ensure safety, then, the OS must be able to boot into a trusted environment whose components have not been tampered with.

This is where UEFI Secure Boot technology, the subject of this chapter, comes into play. Aimed primarily ...

Get Rootkits and Bootkits now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.