BIOS Protection Guidelines - Recommendations of the National Institute of Standards and Technology

BIOS PROTECTION GUIDELINES

Table of Contents

Executive Summary ....................................................................................................................1!

1.! Introduction.......................................................................................................................1-1!

1.1! Authority ...................................................................................................................1-1!

1.2! Purpose and Scope..................................................................................................1-1!

1.3! Audience ..................................................................................................................1-2!

1.4! Document Structure .................................................................................................1-2!

2.! Background.......................................................................................................................2-1!

2.1! System BIOS............................................................................................................2-1!

2.2! Role of System BIOS in the Boot Process ...............................................................2-1!

2.2.1! Conventional BIOS Boot Process.................................................................2-2!

2.2.2! UEFI Boot Process .......................................................................................2-4!

2.3! Updating the System BIOS ......................................................................................2-5!

2.4! Importance of BIOS Integrity ....................................................................................2-5!

2.5! Threats to the System BIOS.....................................................................................2-6!

3.! Threat Mitigation...............................................................................................................3-1!

3.1! Security Guidelines for System BIOS Implementations ...........................................3-1!

3.1.1! BIOS Update Authentication.........................................................................3-1!

3.1.2! Secure Local Update ....................................................................................3-2!

3.1.3! Integrity Protection........................................................................................3-2!

3.1.4! Non-Bypassability.........................................................................................3-3!

3.2! Recommended Practices for BIOS Management.....................................................3-3!

List of Appendices

Appendix A— Summary of Guidelines for System BIOS Implementations ...................... A-1!

Appendix B— Glossary .......................................................................................................... B-1!

Appendix C— Acronyms and Abbreviations........................................................................ C-1!

Appendix D— References ...................................................................................................... D-1!