What is the difference between Root of Trust and Trusted Computing Base (TCB)?

RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It’s part of the TCB.
TCB: the smallest set of hardware, firmware, software, and other resources (e.g.,… Continue reading What is the difference between Root of Trust and Trusted Computing Base (TCB)?

The Boot Process – Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption

Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I’ve done some digging, and have been unable to find a good resource that goes into a little more depth on how… Continue reading The Boot Process – Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption

Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?

For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and check their integrity manually. Can you… Continue reading Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?

Is it possible to allow only a certain secure USB boot media to boot an UEFI system?

I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key.
Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets a private key and checks if public key … Continue reading Is it possible to allow only a certain secure USB boot media to boot an UEFI system?

How to execute Android verified boot during first boot after updating OS in Android?

I need to execute AVB (Android verified boot) during first boot after updating Android OS. BOARD_AVB_ENABLE = true is already present in the mk file device/hikey/common/BoardConfigCommon.mk in the external/AVB folder.
I want to know how to… Continue reading How to execute Android verified boot during first boot after updating OS in Android?

What is the difference betwen a Trusted Computing Base and a Root of Trust?

What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:

Totality of protection mechanisms within a computer system, including… Continue reading What is the difference betwen a Trusted Computing Base and a Root of Trust?