BIOS' 'privileged position' makes it a target for sophisticated attacks
- By William Jackson
- Aug 01, 2012
The Basic Input/Output System (BIOS) facilitates the hardware initialization process of a computer and hands off control to the operating system, giving it a trusted status that also could present opportunities for attackers.
“Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within modern computer system architectures,” say the authors of new BIOS security guidelines for government from the National Institute of Standards and Technology. “Malicious BIOS modification could be part of a sophisticated, targeted attack on an organization -- either a permanent denial of service or a persistent malware presence.”
Security basics: Start within the BIOS
An initial draft of Special Publication 800-147B, “BIOS Protection Guidelines for Servers,” includes requirements for mitigating the execution of malicious or corrupt BIOS code on servers. They apply to firmware stored in the BIOS flash, including the code, the cryptographic keys that are part of the root of trust for updating the code, as well as static BIOS data.
Firmware often is updated by vendors to fix problems, patch vulnerabilities and support new hardware. This document focuses on the threat of BIOS corruption through update mechanisms and does not address supply-chain tampering or physical replacement of the BIOS chip.
This document is the second in a series from NIST on BIOS protections. The first publication, SP 800-147 was released last year and covers laptop and desktop PCs. The current draft covers protections for managed and blade servers, specifically those with multiple BIOS update mechanisms.
Three core principles of BIOS protection were laid out in SP 800-147 for client systems, and these also apply to server-class machines.
“However, the architectural and operational complexity in servers due to the need to remotely manage them makes it more difficult to implement BIOS security protections in the same manner as clients,” the authors wrote in the current draft. “The core reason for the increased difficulty is that servers typically possess multiple BIOS update mechanisms,” and often service processors that also can update BIOS must be protected.
The core requirements BIOS security are:
- Authenticated BIOS update mechanisms, using digital signatures to prevent the installation of counterfeited BIOS update images.
- Firmware integrity protections, to prevent unintended or malicious modification of the BIOS outside the authenticated BIOS update process.
- Non-bypassability features, to ensure that there are no mechanisms that allow the system processor or any other system component to bypass the BIOS protections.
There also is an optional secure local update mechanism, which requires that an administrator be physically present at the machine in order to install BIOS images without authentication. The current draft publication includes guidelines for incorporating these core requirements on server platforms.
Comments on draft NIST SP 800-147B should be sent by Sept. 14 to email@example.com.
NIST plans to develop a new publication providing an overview of BIOS protections for IT security professionals to be released as SP800-147rev1. At that point it will reissue the current SP800-147 as SP800-147A.
William Jackson is freelance writer and the author of the CyberEye blog.