BIOS Protection Guidelines - Recommendations of the National Institute of Standards and Technology

BIOS PROTECTION GUIDELINES

[SP800-128] Draft NIST SP 800-128, Guide for Security Configuration Management of Information

Systems. March 2010.

[SP800-131A] NIST SP 800-131A, Transitions: Recommendation for Transitioning the Use of

Cryptographic Algorithms and Key Lengths. January 2011.

[Sym02] W95.CIH Technical Details. Symantec. 25 April 2002.

http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2655-99

[TCG05] PC Client Work Group Specific Implementation Specification for Conventional Bios

Specification, Version 1.2. Trusted Computing Group. July 2005.

http://www.trustedcomputinggroup.org/resources/pc_client_work_group_specific_imple

mentation_specification_for_conventional_bios_specification_version_12

[UEFI] UEFI Specification Version 2.3. Unified EFI Forum. May 2009.

http://www.uefi.org/specs/

[Wech09] F. Wecherowski. “A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers.”

Phrack. Issue 66. 6 November 2009.

http://www.phrack.com/issues.html?issue=66&id=11

[WoTe09] R. Wojtczuk and A. Tereshkin. “Attacking Intel BIOS.” Black Hat USA. Las Vegas, NV.

30 July 2009. http://www.blackhat.com/presentations/bh-usa

09/WOJTCZUK/BHUSA09-Wojtczuk-AtkIntelBios-SLIDES.pdf

D-2