1、BSI Standards Publication BS ISO/IEC 19678:2015 Information Technology BIOS Protection GuidelinesBS ISO/IEC 19678:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 19678:2015. The UK participation in its preparation was entrusted to Technical Committee
2、 ICT/-/1, Information systems co-ordination. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Stan
3、dards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 85780 5 ICS 35.080 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2015.
4、 Amendments/corrigenda issued since publication Date T e x t a f f e c t e dInformation Technology BIOS Protection Guidelines Technologies de linformation Lignes directrices de protection BIOS INTERNATIONAL STANDARD ISO/IEC 19678 Reference number ISO/IEC 19678:2015(E) First edition 2015-05-01 ISO/IE
5、C 2015 BS ISO/IEC 19678:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanic
6、al, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Swit
7、zerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 19678:2015(E)Contents Page Foreword v Introduction . vi 1 Scope 1 2 Conformance . 1 3 Normative references. . 2 4 Terms and definitions . 2 5 Symbols (and abbreviated terms) . 3 6 Background . 4 6.1 System BIOS .
8、 4 6.2 Role of System BIOS in the Boot Process . . 5 6.3 Updating the System BIOS . . 8 6.4 Importance of BIOS Integrity . . 8 6.5 Threats to the System BIOS . . 9 7 Threat Mitigation . 10 Bibliography . 14 ISO/IEC 2015 All rights reserved BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)Foreword ISO (the
9、 International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees es
10、tablished by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In
11、the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards
12、. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of
13、 this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Note: ITTF will provide the document number needed below ISO/IEC 19678 was prepared by the U.S. National Institute of Standards and Technology from NIST SP 800
14、- 147, BIOS Protection Guidelines. NIST SP 800-147 was reformatted in accordance with ISO/IEC Directives, Part 2, while maintaining the technical content of the NIST publication (available at http:/csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf). The resulting standard was
15、adopted under a special “fast-track procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by the national bodies of ISO and IEC. ISO/IEC 2015 All rights reserved BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)Introduction Modern computers rely on f
16、undamental system firmware, commonly known as the system Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the operating system. The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS vendors, a
17、nd is distributed to end-users by motherboard or computer manufacturers. Manufacturers frequently update system firmware to fix bugs, patch vulnerabilities, and support new hardware. This International Standard provides security requirements and guidance for preventing the unauthorized modification
18、of BIOS firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOSs unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on
19、an organizationeither a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). The move from conventional BIOS implementations to implementations based on the Unified Extensible Firmware Interface (UEFI) may make it easier for
20、 malware to target the BIOS in a widespread fashion, as these BIOS implementations are based on a common specification. This International Standard focuses on current and future x86 and x64 desktop and laptop systems, although the controls and procedures could potentially apply to any system design.
21、 Likewise, although the guide is oriented toward enterprise-class platforms, the necessary technologies are expected to migrate to consumer- grade systems over time. The security requirements do not attempt to prevent installation of unauthentic BIOSs through the supply chain, by physical replacemen
22、t of the BIOS chip, or through secure local update procedures. The intended audience for this International Standard includes BIOS and platform vendors, and information system security professionals who are responsible for managing the endpoint platforms security, secure boot processes, and hardware
23、 security modules. The material may also be of use when developing enterprise- wide procurement strategies and deployment. The material in this International Standard is technically oriented, and it is assumed that readers have at least a basic understanding of system and network security. The Inter
24、national Standard provides background information to help such readers understand the topics that are discussed. Readers are encouraged to take advantage of other resources (including those listed in this International Standard) for more detailed information. ISO/IEC 2015 All rights reserved BS ISO/
25、IEC 19678:2015 ISO/IEC 19678:2015(E)BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)Information Technology BIOS Protection Guidelines 1 Scope This International Standard provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC cl
26、ient systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOSs unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization either a
27、permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. Th
28、is International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a
29、 computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platfo
30、rms, the controls and procedures are independent of any particular system design. 2 Conformance The following terms are used in this standard to indicate mandatory requirements, recommended options, or permissible actions. The terms “shall” and “shall not” indicate requirements to be followed strict
31、ly in order to conform to this standard and from which no deviation is permitted. The terms “should” and “should not” indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not
32、 necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited. The terms “may” and “need not” indicate a course of action permissible within the limits of this standard. An implementation is conformant to this standard if it impleme
33、nts the requirements specified in subclause 7.2. ISO/IEC 2015 All rights reserved BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For und
34、ated references, the latest edition of the referenced document (including any amendments) applies. FIPS 186-4, Digital Signature Standard. July 2013. NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications. November 2006. NIST SP 800-131A, Transitions: Recommendati
35、on for Transitioning the Use of Cryptographic Algorithms and Key Lengths. January 2011. 4 Terms and definitions For the purposes of this document, the following terms and definitions apply. 4.1 Basic Input/Output System (BIOS) boot firmware, such as those based on the conventional BIOS, Extensible F
36、irmware Interface (EFI), and the Unified Extensible Firmware Interface (UEFI) 4.2 conventional BIOS legacy boot firmware used in many x86-compatible computer systems (also known as the legacy BIOS) 4.3 Core Root of Trust for Measurement (CRTM) the first piece of BIOS code that executes on the main p
37、rocessor during the boot process. On a system with a Trusted Platform Module the CRTM is implicitly trusted to bootstrap the process of building a measurement chain for subsequent attestation of other firmware and software that is executed on the computer system. 4.4 Extensible Firmware Interface (E
38、FI) a specification for the interface between the operating system and the platform firmware. Version 1.10 of the EFI specifications was the final version of the EFI specifications, and subsequent revisions made by the Unified EFI Forum are part of the UEFI specifications 4.5 firmware software that
39、is included in read-only memory (ROM) 4.6 option ROM firmware that is called by the system BIOS, such as BIOS firmware on add-on cards (e.g., video card, hard drive controller, network card) as well as modules which extend the capabilities of the system BIOS 4.7 Protected Mode an operational mode fo
40、und in x86-compatible processors with hardware support for memory protection, virtual memory, and multitasking 4.8 Real Mode a legacy high-privilege operating mode in x86-compatible processors ISO/IEC 2015 All rights reserved BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)4.9 System Management Mode (SMM
41、) a high-privilege operating mode found in x86-compatible processors used for low-level system management functions 4.10 system flash memory the non-volatile storage location of system BIOS, typically in electronically erasable programmable read- only memory (EEPROM) flash memory on the motherboard.
42、 While system flash memory is a technology- specific term, requirements and guidelines in this document referring to the system flash memory are intended to apply to any non-volatile storage medium containing the system BIOS. 4.11 Trusted Platform Module (TPM) a tamper-resistant integrated circuit b
43、uilt into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys 4.12 Unified Extensible Firmware Interface (UEFI) a specification for the interface between the opera
44、ting system and the platform firmware developed by the UEFI Forum 5 Symbols (and abbreviated terms) ACPI Advanced Configuration and Power Interface BDS Boot Device Selection BIOS Basic Input/Output System CPU Central Processing Unit CRTM Core Root of Trust for Measurement DXE Driver Execution Enviro
45、nment EEPROM Electrically Erasable Programmable Read-Only Memory EFI Extensible Firmware Interface FIPS Federal Information Processing Standard GPT GUID Partition Table GUID Globally Unique Identifier ISO/IEC 2015 All rights reserved BS ISO/IEC 19678:2015 ISO/IEC 19678:2015(E)MBR Master Boot Record
46、OEM Original Equipment Manufacturer OS Operating System PEI Pre-EFI Initialization POST Power-on self-test PXE Preboot Execution Environment ROM Read-only Memory RT Runtime RTU Root of Trust for Update SMI System Management Interrupt SMM System Management Mode TPM Trusted Platform Module UEFI Unifie
47、d Extensible Firmware Interface 6 Background 6.1 System BIOS The system BIOS is the first piece of software executed on the main central processing unit (CPU) when a computer is powered on. While the system BIOS was originally responsible for providing operating systems access to hardware, its prima
48、ry role on modern machines is to initialize and test hardware components and load the operating system. In addition, the BIOS loads and initializes important system management functions, such as power and thermal management. The system BIOS may also load CPU microcode patches during the boot process
49、. There are several different types of BIOS firmware. Some computers use a 16-bit conventional BIOS, while many newer systems use boot firmware based on the UEFI specifications 23. In this International Standard we refer to all types of boot firmware as BIOS firmware, the system BIOS, or simply BIOS. When necessary, we differentiate conventional BIOS firmware from UEFI firmware by calling them the conventional BIOS and UEFI BIOS, respectively. System BIOS is typically developed by both original
