BIOS Integrity Measurement Guidelines
Client computers such as desktops and laptops rely on the Basic Input/Output System (BIOS) to initialize their hardware during boot. The BIOS is firmware, and it can be configured. If the BIOS code or configuration is altered from the intended state, either maliciously or accidentally, the desktop or laptop may experience losses of confidentiality, integrity and availability, including system instability, system failure and information leakage. Also, the desktop or laptop could be vulnerable to more elaborate attacks such as covert monitoring, and it could be used as a stepping stone for attacking other systems. These consequences underscore why it is so important to detect changes to the BIOS code and configuration—and this can be accomplished by measuring and monitoring the integrity of the BIOS.
This publication explains the fundamentals of BIOS integrity measurement, such as basic requirements that must be met in order to measure BIOS integrity, and typical data flows for BIOS integrity measurement and reporting. This material provides a foundation for the core of the document, which presents guidelines to hardware and software vendors that develop products that can support secure BIOS integrity measurement mechanisms. These guidelines define in detail the requirements and recommendations for vendors to follow in support of BIOS integrity measurement.
Included in this ZIP file are:
- Intro Page.pdf
- Terms and Conditions.pdf
- BIOS Integrity Measurement Guidelines.pdf