| 主权项 |
1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode: saving, with the firmware request reception module, memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM; triggering the transition of the CPU from the normal CPU operating mode to SMM using the request reception module; verifying an identity of the firmware request reception module with the firmware verification module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request; validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM. |
