Editor’s Note: NIST’s Draft Special Publication 800-147B “BIOS Protection Guidelines for Servers” is attached here. Comments are due September 14, 2012 and should be sent to: firstname.lastname@example.org. Below is a story that illustrates why BIOS protection is needed.
Proof-of-concept BIOS malware can hide in PCI firmware
By Paul Mah
Hardware on the motherboard, including the BIOS and PCI firmware of devices such as network cards or CD-ROMs, can be infected by malware. This was demonstrated by security researcher Jonathan Brossard at both the Black Hat security and Defcon hacking conferences last week.