Manualshelf

BIOS Protection Guidelines - Recommendations of the National Institute of Standards and Technology

ManualsBrandsIntel ManualsOtherIntel Desktop Board DP55SB
17181920212223242526
BIOS PROTECTION GUIDELINES
Appendix B Glossary
Selected terms used in the publication are defined below.
Basic Input/Output System (BIOS): In this publication, refers collectively to boot firmware based on
the conventional BIOS, Extensible Firmware Interface (EFI), and the Unified Extensible Firmware
Interface (UEFI).
Conventional BIOS: Legacy boot firmware used in many x86-compatible computer systems. Also
known as the legacy BIOS.
Core Root of Trust for Measurement (CRTM): The first piece of BIOS code that executes on the main
processor during the boot process. On a system with a Trusted Platform Module the CRTM is implicitly
trusted to bootstrap the process of building a measurement chain for subsequent attestation of other
firmware and software that is executed on the computer system.
Extensible Firmware Interface (EFI): A specification for the interface between the operating system
and the platform firmware. Version 1.10 of the EFI specifications was the final version of the EFI
specifications, and subsequent revisions made by the Unified EFI Forum are part of the UEFI
specifications.
Firmware: Software that is included in read-only memory (ROM).
Option ROM: Firmware that is called by the system BIOS. Option ROMs include BIOS firmware on
add-on cards (e.g., video card, hard drive controller, network card) as well as modules which extend the
capabilities of the system BIOS.
Protected Mode: An operational mode found in x86-compatible processors with hardware support for
memory protection, virtual memory, and multitasking.
Real Mode: A legacy high-privilege operating mode in x86-compatible processors.
System Management Mode (SMM): A high-privilege operating mode found in x86-compatible
processors used for low-level system management functions. System Management Mode is only entered
after the system generates a System Management Interrupt and only executes code from a segregated
block of memory.
System Flash Memory: The non-volatile storage location of system BIOS, typically in electronically
erasable programmable read-only memory (EEPROM) flash memory on the motherboard. While system
flash memory is a technology-specific term, guidelines in this document referring to the system flash
memory are intended to apply to any non-volatile storage medium containing the system BIOS.
Trusted Platform Module (TPM): A tamper-resistant integrated circuit built into some computer
motherboards that can perform cryptographic operations (including key generation) and protect small
amounts of sensitive information, such as passwords and cryptographic keys.
Unified Extensible Firmware Interface (UEFI): A possible replacement for the conventional BIOS that
is becoming widely deployed in new x86-based computer systems. The UEFI specifications were
preceded by the EFI specifications.
B-1