Trusted Firmware Services Based on TPM 231 TPM Stueage sra年lalfrm islegrit in a pretected locatin Platferm Aflestalios Platfurs Integrity Key speratians protected b时TPA.hardnar Fig.4.TPM Features and Functions 3 Trusted Firmware Services Attacks on software have been shown to be quite popular,but attacks on firmware and hardware have been less prolific.However,attacks on firmware are increasing com- mon for UEFI source code is exposed to programmers,and firmware attack could continue to overwhelm the operating system.For instance,many DVD players have hacked firmware to support DVDs from any region [6]. Trusted firmware service is mainly for providing the secure firmware services which could protect computer from attack. 3.1 Biometric Password Protection User authentication has always be the most important issue in computing security. The most common way to protect a PC is to use a password.Later more secure approach like USB token,fingerprint device are also used.Relatively speaking the biometric method is more convenient and more secure.But in a PC most of the pass- word check is during the period of booing to OS.This gives a intruder the chance to boot to an alternative device [8,9]with loaded tools to attack the system.In this paper we demonstrated the use of fingerprint device in the firmware level well before the boot device is selected.Since the biometric password protection is burned into the flash chip on the PC platform.It will require hardware specific and proprietary infor- mation to update the flash and bypass the password checking. Before the UEFI firmware was introduced the implementation of fingerprint device in Firmware level were relatively complicated since it requires full source code dis- closure to include a fingerprint device support.This presented major problem when different combination of CPU,Chipset and fingerprint device have to be chosen.In UEFI firmware,each device is supported by separated driver as long as it complies with the specification.In this case,we chose a USB fingerprint device.The UEFI driver supporting the device can be easily converted from an existing OS driver.What we did is to specify a UEFI protocol definition and help the fingerprint device provide to modify their drive according to our definition.Trusted Firmware Services Based on TPM 231 Platform Integrity PCRs Stores the platform integrity in a protected location TPM Storage Key operations protected by TPM, s hardware Other cryptographic functions Key operations protected by TPM, s hardware Platform Attestation Platform Authentication Platform Integrity TPM Authentication ƔProvides authentication of platform ƔPseudonymous identity ƔNo universal identification of platform Integrity Storage (Seal/Unseal) Protected Storage Platform Integrity Fig. 4. TPM Features and Functions 3 Trusted Firmware Services Attacks on software have been shown to be quite popular, but attacks on firmware and hardware have been less prolific. However, attacks on firmware are increasing com￾mon for UEFI source code is exposed to programmers, and firmware attack could continue to overwhelm the operating system. For instance, many DVD players have hacked firmware to support DVDs from any region [6]. Trusted firmware service is mainly for providing the secure firmware services which could protect computer from attack. 3.1 Biometric Password Protection User authentication has always be the most important issue in computing security. The most common way to protect a PC is to use a password. Later more secure approach like USB token, fingerprint device are also used. Relatively speaking the biometric method is more convenient and more secure. But in a PC most of the pass￾word check is during the period of booing to OS. This gives a intruder the chance to boot to an alternative device [8, 9] with loaded tools to attack the system. In this paper we demonstrated the use of fingerprint device in the firmware level well before the boot device is selected. Since the biometric password protection is burned into the flash chip on the PC platform. It will require hardware specific and proprietary infor￾mation to update the flash and bypass the password checking. Before the UEFI firmware was introduced the implementation of fingerprint device in Firmware level were relatively complicated since it requires full source code dis￾closure to include a fingerprint device support. This presented major problem when different combination of CPU, Chipset and fingerprint device have to be chosen. In UEFI firmware, each device is supported by separated driver as long as it complies with the specification. In this case, we chose a USB fingerprint device. The UEFI driver supporting the device can be easily converted from an existing OS driver. What we did is to specify a UEFI protocol definition and help the fingerprint device provide to modify their drive according to our definition