BIOS Protection Guidelines - Recommendations of the National Institute of Standards and Technology
  —  
BIOS PROTECTION GUIDELINES 
Appendix D  References 
The list below provides references for this publication. 
[Duarte08]  G. Duarte. “How Computers Boot Up.” 5 June 2008. 
http://www.duartes.org/gustavo/blog/post/how-computers-boot-up 
[EFI]  EFI 1.10 Specification.  Intel.  1 November 2003. http://www.intel.com/technology/efi/ 
[EmSp08]  Shawn Embleton, Sherri Sparks, and Cliff C. Zou. "SMM Rootkits: A New Breed of OS 
Independent Malware," Proceedings of 4th International Conference on Security and 
Privacy in Communication Networks (SecureComm), Istanbul, Turkey, September 22-25, 
2008. 
[FIPS180-3]  FIPS 180-3, Secure Hash Standard. October 2008. 
[FIPS186-3]  FIPS 186-3, Digital Signature Standard. June 2009. 
[DuGr09]  Loïc Duflot, Olivier Grumelard, Olivier Levillain and Benjamin Morin. “ACPI and SMI 
handlers: some limits to trusted computing.”  Journal in Computer Virology. Volume 6, 
Number 4, 353-374. 
[Graw09]  D. Grawrock. Dynamics of a Trusted Platform: A Building Block Approach. Hillsboro, 
OR: Intel Press, 2009. 
[Heas07a]  J. Heasman. “Firmware Rootkits: A Threat to the Enterprise.” Black Hat DC. 
Washington, DC. 28 February 2007. 
http://www.nccgroup.com/Libraries/Document_Downloads/02_07_Firmware_Rootkits_ 
The_Threat_to_the_Enterprise_Black_Hat_Washington_2007_sflb.sflb.ashx 
[Heas07b]  J. Heasman. “Hacking the Extensible Firmware Interface.”  Black Hat USA. Las Vegas, 
NV. 2 August 2007. https://www.blackhat.com/presentations/bh-usa
-
07/Heasman/Presentation/bh-usa-07-heasman.pdf 
[Intel03]  Intel Platform Innovation Framework for EFI- Architecture Specification v0.9.  Intel. 
September 2003. http://www.intel.com/technology/framework/ 
[KGH09]  A. Kumar, G. Purushottam, and Y. Saint-Hilaire.  Active Platform Management 
Demystified.  Hillsboro, OR: Intel Press, 2009. 
[Sal07]  Salihun, Darmawan. BIOS Disassembly Ninjutsu Uncovered.  Wayne, PA: A-LIST, 2007. 
[SaOr09]  A. Sacco, A. Ortéga.  “Persistant BIOS Infection.”  Phrack. Issue 66. 6 November 2009. 
http://www.phrack.com/issues.html?issue=66&id=7 
[SP800-57]  NIST SP 800-57, Recommendation for Key Management – Part 1: General. March 2007. 
[SP800-61]  NIST SP 800-61rev1, Computer Security Incident Handling Guide. March 2008. 
[SP800-89]  NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature 
Applications. November 2006. 
D-1 










