234 Z.Du,X.Li,and K.Shen and it can not be used to access the protected data on hard disk which is bound to a specific user.We have also verified that once the protect hard disk is removed from the system no other system can read the hard disk. 5 Conclusion In our UEFI firmware services we successfully established the trust chain from the root of trust which made TPM services to OS and applications.We developed the digital signature at the firmware level such that our secure firmware will only execute those extension modules with recognized signature. We implemented the biometric computer password at firmware level.A unauthor- ized person is even not able to boot the computer.The way,we have implemented the password of the hard disk,makes the hard disk data not only bounded to the user but also to the platform. Under the relatively safe firmware environment,we have demonstrated with two security applications.One is mounting the anti-virus engine inside the firmware and lunch the anti-virus program as an pre-OS application.This guarantee we can remove virus infection even when the OS/Hard disk is not bootable.The second is error reporting to specified corporation IT center.In this way the owner can catch any in- trusion,or attempt of loading unauthorized modules. Acknowledgements The research is supported by Natural science fund for colleges and universities in Jiangsu Province (09KJB52006),by State Key Laboratory of Novel Software Tech- nology at Nanjing University (KFKT2008b15),and by preliminary research plan of Nanjing University of Technology. References 1.CSI Computer Scrime&Security Survey (2008) 2.Trusted Computing Group,http://www.trustedcomputinggroup.org/ 3.Zhang,X.,Zhang,S.,Deng,Z.:Virtual Disk Monitor Based on Multi-core EFI.In:Xu, M.,Zhan,Y.-W.,Cao,J.,Liu,Y.(eds.)APPT 2007.LNCS,vol.4847,pp.60-69. Springer,Heidelberg(2007) 4.Zimmer,V.,Rothman,M.,Hale,R.:Beyond BIOS:Implementing the Unified Extensible Firmware Interface with Intel's Framework.Intel Press,Hillsboro(2006) 5.Intel MultiProcessor Specification,Version 1.4 (May 1997) 6.Intel Unified Extensible Firmware Interface Specification,Version 2.1 (January 2007) 7.Hendricks,J.,Doon,L.:Secure Bootstrap is Not Enough:Shoring up the Trusted Comput- ing Base.In:Proceedings of the Eleventh SIGOPS European Workshop,ACM SIGOPS. ACM Press,New York(2004) 8.Ball,T.,Bounimova,E.,Byron,C.,Levin,V.,et al.:Thorough static analysis of device drivers.ACM SIGOPS Operating Systems Review 40(4),73-85(2006)234 Z. Du, X. Li, and K. Shen and it can not be used to access the protected data on hard disk which is bound to a specific user. We have also verified that once the protect hard disk is removed from the system no other system can read the hard disk. 5 Conclusion In our UEFI firmware services we successfully established the trust chain from the root of trust which made TPM services to OS and applications. We developed the digital signature at the firmware level such that our secure firmware will only execute those extension modules with recognized signature. We implemented the biometric computer password at firmware level. A unauthor￾ized person is even not able to boot the computer. The way, we have implemented the password of the hard disk, makes the hard disk data not only bounded to the user but also to the platform. Under the relatively safe firmware environment, we have demonstrated with two security applications. One is mounting the anti-virus engine inside the firmware and lunch the anti-virus program as an pre-OS application. This guarantee we can remove virus infection even when the OS/Hard disk is not bootable. The second is error reporting to specified corporation IT center. In this way the owner can catch any in￾trusion, or attempt of loading unauthorized modules. Acknowledgements The research is supported by Natural science fund for colleges and universities in Jiangsu Province (09KJB52006), by State Key Laboratory of Novel Software Tech￾nology at Nanjing University (KFKT2008b15), and by preliminary research plan of Nanjing University of Technology. References 1. CSI Computer Scrime&Security Survey (2008) 2. Trusted Computing Group, http://www.trustedcomputinggroup.org/ 3. Zhang, X., Zhang, S., Deng, Z.: Virtual Disk Monitor Based on Multi-core EFI. In: Xu, M., Zhan, Y.-W., Cao, J., Liu, Y. (eds.) APPT 2007. LNCS, vol. 4847, pp. 60–69. Springer, Heidelberg (2007) 4. Zimmer, V., Rothman, M., Hale, R.: Beyond BIOS: Implementing the Unified Extensible Firmware Interface with Intel’s Framework. Intel Press, Hillsboro (2006) 5. Intel MultiProcessor Specification, Version 1.4 (May 1997) 6. Intel Unified Extensible Firmware Interface Specification, Version 2.1 (January 2007) 7. Hendricks, J., Doon, L.: Secure Bootstrap is Not Enough: Shoring up the Trusted Comput￾ing Base. In: Proceedings of the Eleventh SIGOPS European Workshop, ACM SIGOPS. ACM Press, New York (2004) 8. Ball, T., Bounimova, E., Byron, C., Levin, V., et al.: Thorough static analysis of device drivers. ACM SIGOPS Operating Systems Review 40(4), 73–85 (2006)