Collaborate Disseminate
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so i know that the PCR is read and extend… Continue reading How does measured boot work using TPM
What was the first processor that Intel released that supported Boot Guard?
Intel Boot Guard provides mechanisms to authenticate the firmware on the system at boot-time. Unfortunately, I could find very little information about the history… Continue reading When did Intel release Boot Guard? [closed]
For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and check their integrity manually. Can you… Continue reading Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?
I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key.
Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets a private key and checks if public key … Continue reading Is it possible to allow only a certain secure USB boot media to boot an UEFI system?
Taking into account a Root of Trust in a device using a TPM.
My understanding is that the bootloader, firmware, operating system, applications etc. are all verified on startup by validating signatures with the vendors public key.
The TPM E… Continue reading TPM Endorsement Key usage in secure and trusted boot
Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI NVRAM variable. If they differ, the OS hal… Continue reading Can an OS implement Trusted Boot without TPM given Secure Boot?
I need to execute AVB (Android verified boot) during first boot after updating Android OS. BOARD_AVB_ENABLE = true is already present in the mk file device/hikey/common/BoardConfigCommon.mk in the external/AVB folder.
I want to know how to… Continue reading How to execute Android verified boot during first boot after updating OS in Android?
What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:
Totality of protection mechanisms within a computer system, including… Continue reading What is the difference betwen a Trusted Computing Base and a Root of Trust?
I’ve been reading many research articles about RoT – Root of Trust – for establishing a chained root of trust going up from BIOS to the Kernel.
However, most of the article go briefly on how RoT works for different brands.
A good article o… Continue reading Root of Trust – The general Mechanism of how RoT Authenticates higher levels of software
Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM.
As i read into each, it appears to me that the TPM measurements to each stage would provide about the same level of integrity guarant… Continue reading Does (UEFI) secure boot provide security advantages over TPM measured boot?