Abstract: The Extensible Firmware Interface(EFI) specification provides a standard environment for the program before booting an OS. This paper proposes a Dual-core EFI-based Security Architecture(DESA). EFI is a secure domain that is physically and logically separate, and performs several security components services such as real-time monitoring, co-processing and auditing. A prototype for virtual disk’s secure access and real-time monitor is designed and implemented. Experimental results show that DESA can enhance performance and security improvements, and provide security services for OS with low performance cost.

Key words: dual-core, extensible firmware interface, security architecture, virtual disk, secure access

摘要： 可扩展固件接口(EFI)规范为启动操作系统之前的程序提供了一个标准环境。该文提出一个基于双核EFI的安全框架(DESA)，EFI在物理结构和逻辑概念上作为一个独立的安全域，为操作系统提供实时监控、协处理和审计等安全组件服务。实现一个虚拟磁盘安全访问与实时监控的DESA应用实例。实验结果表明，DESA可以提高系统性能和安全性，它以较小的性能代价为系统提供安全服务。

关键词: 双核, 可扩展固件接口, 安全框架, 虚拟磁盘, 安全访问

CLC Number: 

• TP393.08