This article researches into the advent of vulnerabilities within Operating System boot processes. Specifically, the document focuses on the BIOS and UEFI boot processes and the vulnerabilities found within the implementations. The document then explains why the UEFI boot process is a much better approach as compared to BIOS boot process. Lastly, the document looks into the loopholes residing in the UEFI boot process and possible exploitation of it to carry out a rootkit infection. It then ends of by stating the importance of a UEFI boot process due to UEFI becoming a standard in the industry.
What is the BIOS?
The BIOS Boot Process
|The Conventional BIOS Boot Process |
What is UEFI?
UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification redefines the interface between PC operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications. 
The UEFI Boot Process
What is a Rootkit?
BIOS Boot Process Vulnerabilities
Besides infection, detection and removal of viruses that has its source from a BIOS infection is also difficult because the BIOS is stored in memory rather than on the hard disk drive. A BIOS rootkit, for example, can survive most attempts to remove it such as reformatting or replacing the hard drive. Even if an anti-virus detects and remove a malicious rootkit infection on the hard drive, the infection will be restored at the next system startup. An anti-virus that detects malicious codes within the BIOS needs to be totally error-proof too to prevent accidental corruption of BIOS and causing the whole computer system to be unbootable and fail. This makes the BIOS a good and effective target when aiming to compromise a system. 
With more frequent BIOS updating technologies from various vendors, BIOS firmware updating can even be done remotely. This also means that the BIOS can be updated over the internet, which allows for a new source for attacks. Once an attacker gains administrative privileges from user probably from social engineering and phishing techniques, he can flash the BIOS over the Internet with malware-laden firmware. 
How is the rootkit introduced into the BIOS?
What does a BIOS rootkit do?
Case Study : Mebromi
UEFI as a response to BIOS boot process vulnerabilities
UEFI Implementation vulnerabilities
Case Study : Windows 8 UEFI Bootkit
Consequences of a successful Rootkit exploit
Countermeasures for boot process exploits
Importance of knowing the vulnerabilities in UEFI boot process
 Korierok, C. M. (2001, April 17). System BIOS. Retrieved from PC Guide: http://www.pcguide.com/ref/mbsys/bios/index.htm
 Technology, N. A. (n.d.). Digital Forensics : Windows File System.
 Olzak, T. (2012, June 19). Chapter 8 – UEFI and the TPM: Building a foundation for platform trust. Retrieved from INFOSEC INSTITUTE RESOURCES: http://resources.infosecinstitute.com/uefi-and-tpm-2/
 (n.d.). Retrieved from UEFI: http://www.uefi.org/home/
 UEFI-Booting. (n.d.). Retrieved from Wikipedia: http://en.wikipedia.org/wiki/UEFI
 McAfee. (2006). Rootkits, Part 1 of 3: The Growing Threat. McAfee. Retrieved from http://web.archive.org/web/20060823090948/http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_akapoor_rootkits1_en.pdf
 BIOS – BIOS_chip_vulnerabilities. (n.d.). Retrieved from Wikipedia BIOS Page: http://en.wikipedia.org/wiki/BIOS#BIOS_chip_vulnerabilities
 Rouse, M. (2011, February). BIOS rootkit attack. Retrieved from SearchCloudSecurity: http://searchcloudsecurity.techtarget.com/definition/BIOS-rootkit-attack
 Giuliani, M. (n.d.). Mebromi: the first BIOS rootkit in the wild. Retrieved from Webroot : http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/
 Nicholas, P. (2012, December 18). Important Advancements Toward a Safer, More Trusted Internet. Retrieved from Microsoft Security Blog: http://blogs.technet.com/b/security/archive/2012/12/18/important-advancements-toward-a-safer-more-trusted-internet.aspx
 Shinder, D. (2012, September 12). The Secure Boot Controversy: What does it mean to IT? Retrieved from Windows Security: http://www.windowsecurity.com/articles/Secure-Boot-Controversy-What-does-mean-IT.html
 UEFI technology : say hello to the Windows 8 bootkit. (n.d.). Retrieved from ITSEC: http://www.itsec.it/2012/09/18/uefi-technology-say-hello-to-the-windows-8-bootkit/
 Griffin, D. (2012). Hacking Measured Boot and UEFI. DEFCON2012. Las Vegas.