Freely subscribe to our NEWSLETTER

Central to Windows 8 is the use of Aptio, AMI’s solution for UEFI (Unified Extensible Firmware Interface), which represents an overhaul of the computer boot environment, while still bearing similarities to the legacy BIOS (Basic Input Output System) it replaces. The UEFI specification introduces advanced firmware features defining boot and runtime protocols for communications between services and device drivers, and offers a standard interface to the operating system. Providing standardized access to boot data optionally stored on either NAND flash or on a hard drive, Aptio provides more space for boot-time diagnostics and running utilities. The result is dramatically faster boot-up times and better performance.

Windows 8 takes advantage of UEFI secure boot architecture to enhance the operating system’s security capabilities. Secure boot allows only signed software to run on the device, adds cryptographic checks to each stage of the boot process and asserts the integrity of all the software images that are executed to prevent unauthorized, modified software from running. Wave solutions report on the execution of the secure boot and verify that anti-malware software has been launched before any third-party boot drivers to prevent malware from bypassing inspection.

Building a "chain of trust" requires the collaboration of multiple partners. AMI provides the first step in the trust chain by assuring that the BIOS components are registered and signed prior to the delivery of the platform. As the computer boots, each component reports its status to the Trusted Platform Module (TPM), which securely records the status measurements. This provides a critical first step that sets the stage for a more trustworthy computing environment.

Wave constitutes the next link in the trust chain with solutions designed to assure that the integrity of the secure boot is reported and attested to the enterprise network or Cloud service. Wave Endpoint Monitor, currently deployed in beta testing, uses the TPM to report on the success of the secure boot and leverages the chip to prove that the process has executed correctly. Endpoint Monitor can then prove to a Cloud service or to an enterprise application that the PC has booted in a known, good state. If a platform is compromised, IT can determine which machine is infected, and take steps to prevent it from accessing sensitive systems to ensure that critical systems and data remain safe.

AMI has spent the last year supporting the launch of Windows 8 by ensuring that AMI’s Aptio UEFI firmware is in full compliance with the latest UEFI specification, UEFI 2.3.1. New features include pre-OS security, speed and secure boot. AMI is also working with PC OEMs, developers and partners such as Wave by providing UEFI development PCs for testing within a Windows 8 ecosystem. AMI has worked in partnership with Microsoft to develop this system in order to facilitate the rapid development of Windows 8 throughout the entire developer community. These new UEFI development PCs are powered by the latest version of Aptio® UEFI BIOS, version 4.6.5.1. Aptio 4.6.5.1 not only offers full support for Windows 8, but also adds support for the latest UEFI specifications, UEFI 2.3.1 and PI 1.2. This makes the latest features of the UEFI specification, such as Secure Boot, UEFI boot mode, fully localizable user interface and more, available to manufacturers in a production-ready UEFI BIOS. Notably, this development system will be the first PC on the market with full UEFI 2.3.1 support, allowing for a complete Windows 8 experience.

In preparation for Windows 8 availability, Wave is using some of the capabilities of the TPM to enable an enterprise infrastructure to support the features in Windows 8 that take advantage of UEFI capabilities. Enterprises stand to benefit from a tool that can detect rootkits, assure the core capabilities of a platform and establish very strong device identity — capabilities that have been missing for the last 20 years and that are critical to establishing a more trustworthy computing environment.