UEFI

The Unified Extensible Firmware Interface (UEFI) firmware is a piece of code that executes before the operating system is loaded. Its role is to initialize the system's hardware and provide services that the operating system loader consumes to launch the operating system. As is the case for the legacy BIOS, the UEFI firmware is stored in a chip, usually referred to as the SPI flash memory, soldered on the motherboard. Compared to the legacy BIOS, UEFI firmware implements additional trust mechanisms to ensure that the operating system is loaded in a secure fashion.

In September 2018, ESET researchers discovered a cyber attack that used a UEFI rootkit, named by ESET as LoJax, to establish a presence at the victims’ computers. More information about this first-ever publicly known cyberattack using a UEFI rootkit can be found in the “LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group” white paper. More information about UEFI-related security can be found at ESET’s security blog, WeLiveSecurity.