Platform Firmware Resiliency Guidelines

Published: May 04, 2018

Author(s)

Andrew R. Regenscheid

Abstract

This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platform firmware could render a system inoperable, perhaps permanently, or requiring reprogramming by the original manufacturer, resulting in significant disruptions to users. The technical guidelines in this document promote resiliency in the platform by describing security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and recovering from attacks rapidly and securely. Implementers, including Original Equipment Manufacturers (OEMs) and component/device suppliers, can use these guidelines to build stronger security mechanisms into platforms. System administrators, security professionals, and users can use this document to guide procurement strategies and priorities for future systems.
Citation: Special Publication (NIST SP) - 800-193
Report Number:
800-193
Pub Type: NIST Pubs

Keywords

BIOS, Code signing, Firmware, Option ROM, Platform Firmware
Created May 04, 2018, Updated November 10, 2018