UEFI Secure Boot helps provide an effective defense against boot malware, but to increase its effectiveness against today’s increasingly sophisticated exploits, it is important to follow today’s best practices in its implementation, deployment and configurability. This whitepaper addresses how the latest recommendations for UEFI firmware from the United States NSA (National Security Agency) can be followed to design more secure devices that are able to meet some of the most stringent national security standards in the world.
The NSA’s guidelines help IT administrators and end users correctly configure the UEFI Secure Boot and related settings in their BIOS by listing six recommendations. It is not enough to have Secure Boot, it must be enabled correctly. This whitepaper describes these in more detail and how InsydeH2O® from Insyde Software supports them.
Authored by Tim Lewis, CTO, Insyde Software.