Questions tagged [trusted-boot]
The trusted-boot tag has no usage guidance.
31
questions
0
votes
0
answers
29
views
The Boot Process - Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption
Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I've done some digging, and have been unable to find a good resource ...
4
votes
1
answer
331
views
How does measured boot work using TPM
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so ...
0
votes
1
answer
312
views
Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?
For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and ...
1
vote
1
answer
188
views
Is it possible to allow only a certain secure USB boot media to boot an UEFI system?
I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key.
Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets ...
1
vote
2
answers
1k
views
TPM Endorsement Key usage in secure and trusted boot
Taking into account a Root of Trust in a device using a TPM.
My understanding is that the bootloader, firmware, operating system, applications etc. are all verified on startup by validating signatures ...
-1
votes
1
answer
288
views
Booting from removeable media, evil maid, and others? [closed]
I am having a problem understanding some security techniques and was hoping someone could clarify some things. For instance, in terms of an evil maid attack, what are some solutions to preventing ...
0
votes
0
answers
846
views
Can an OS implement Trusted Boot without TPM given Secure Boot?
Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI ...
0
votes
0
answers
149
views
How to execute Android verified boot during first boot after updating OS in Android?
I need to execute AVB (Android verified boot) during first boot after updating Android OS. BOARD_AVB_ENABLE = true is already present in the mk file device/hikey/common/BoardConfigCommon.mk in the ...
0
votes
0
answers
400
views
What is the difference betwen a Trusted Computing Base and a Root of Trust?
What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:
Totality of protection ...
2
votes
1
answer
190
views
Root of Trust - The general Mechanism of how RoT Authenticates higher levels of software
I've been reading many research articles about RoT - Root of Trust - for establishing a chained root of trust going up from BIOS to the Kernel.
However, most of the article go briefly on how RoT works ...
1
vote
0
answers
230
views
Does (UEFI) secure boot provide security advantages over TPM measured boot?
Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM.
As i read into each, it appears to me that the TPM measurements to each stage would provide ...
1
vote
1
answer
264
views
What are the threats addressed by a Hardware Root-of-Trust?
SoC's have begun integrating a hardware Root-of-Trust to mitigate attacks on Secure Boot. Examples include Google's OpenTitan & Intel PFR. What are the threats addressed by discrete "Secure ...
0
votes
1
answer
1k
views
What kind of "actions" can a TPM2 policy authorize?
I've been instructed to use the state of our system's TPM's PCR registers to prevent the system we're working on from booting if one of the PCR registers is different from what we expect. In service ...
2
votes
0
answers
361
views
TPM & Windows BitLocker: how does it work and is it secure?
When starting a BitLocker-encrypted machine with a TPM and Windows 10 installed, you aren't prompted to enter a decryption key. The system relies on Windows lockscreen for authentication instead. My ...
1
vote
0
answers
188
views
"Trusted memory" What does it mean?
It is often cited "to load from untrusted memory to a trusted system memory" when describing the secure boot process. I wonder, when can we consider a memory as "trusted"?