While eating dinner today I was enjoying a TechEd session on security in Windows 8 and 8.1 and I learned something new- which of course I have to share!
There is this thing called UEFI – it stands for Unified Extensible Firmware Interface.
This is an interface that replaces some bits and pieces of the traditional BIOS and its built on top of BIOS. It is architecture independent which means that you could run Linux for example. Once you boot your computer enables devices and operation, and all firmware, applications, drivers and loaders have to be signed/trusted. It stores the trusted and untrusted keys and certificates in a database, has platform related information, as well as contains some boot and runtime services.
The database designs stores the following variables:
The platform master key which most often is set by the manufacturer.
Database update authorization key – also set by manufacturer. A certificate that allows updates.
List of authorized application signers (certificates). Programs that are allowed.
List of revoked application signers(certificates). Signed programs that later on are considered dangerous.
One of the main features of UEFI is Secure Boot. Among some of the things it does to aid a secure boot it makes sure only approved (signed) OS loaders are accepted on boot. Before OS would start any OS loader regardless of that being malware. A malware loader can provide you a fake OS, and as you probably understand that would allow them to basically do whatever they want to do with your computer and the information you provide through the usage.
Keep in mind that UEFI has some hardware requirements that not all PC manufactures have met, and therefore you aren’t guaranteed all the UEFI goodness just because you have Windows 8 installed.
As for how to know if you have UEFI , well…. I thought that was going to be an easy one, but I actually haven’t quite figured that out 100%. You might want to keep an eye on my question on StackOverflow: Does my PC have UEFI support and Secure boot?
I’ll post a new post plus an update once I know 🙂