Questions tagged [trusted-boot]
The trusted-boot tag has no summary.
31 questions
1
vote
0
answers
41
views
What is the difference between Root of Trust and Trusted Computing Base (TCB)? [duplicate]
RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It's part of the TCB.
TCB: the smallest set of hardware, ...
- 547
4
votes
1
answer
2k
views
How does measured boot work using TPM
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so ...
- 141
0
votes
1
answer
477
views
Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?
For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and ...
- 31
1
vote
1
answer
276
views
Is it possible to allow only a certain secure USB boot media to boot an UEFI system?
I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key.
Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets ...
- 1,443
2
votes
2
answers
2k
views
TPM Endorsement Key usage in secure and trusted boot
Taking into account a Root of Trust in a device using a TPM.
My understanding is that the bootloader, firmware, operating system, applications etc. are all verified on startup by validating signatures ...
- 309
-1
votes
1
answer
431
views
Booting from removeable media, evil maid, and others? [closed]
I am having a problem understanding some security techniques and was hoping someone could clarify some things. For instance, in terms of an evil maid attack, what are some solutions to preventing ...
- 617
0
votes
0
answers
1k
views
Can an OS implement Trusted Boot without TPM given Secure Boot?
Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI ...
- 167
0
votes
0
answers
185
views
How to execute Android verified boot during first boot after updating OS in Android?
I need to execute AVB (Android verified boot) during first boot after updating Android OS. BOARD_AVB_ENABLE = true is already present in the mk file device/hikey/common/BoardConfigCommon.mk in the ...
- 101
1
vote
0
answers
567
views
What is the difference betwen a Trusted Computing Base and a Root of Trust?
What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:
Totality of protection ...
- 157
2
votes
1
answer
359
views
Root of Trust - The general Mechanism of how RoT Authenticates higher levels of software
I've been reading many research articles about RoT - Root of Trust - for establishing a chained root of trust going up from BIOS to the Kernel.
However, most of the article go briefly on how RoT works ...
- 21
1
vote
0
answers
295
views
Does (UEFI) secure boot provide security advantages over TPM measured boot?
Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM.
As i read into each, it appears to me that the TPM measurements to each stage would provide ...
- 11
2
votes
1
answer
445
views
What are the threats addressed by a Hardware Root-of-Trust?
SoC's have begun integrating a hardware Root-of-Trust to mitigate attacks on Secure Boot. Examples include Google's OpenTitan & Intel PFR. What are the threats addressed by discrete "Secure ...
0
votes
1
answer
2k
views
What kind of "actions" can a TPM2 policy authorize?
I've been instructed to use the state of our system's TPM's PCR registers to prevent the system we're working on from booting if one of the PCR registers is different from what we expect. In service ...
- 21
2
votes
0
answers
419
views
TPM & Windows BitLocker: how does it work and is it secure?
When starting a BitLocker-encrypted machine with a TPM and Windows 10 installed, you aren't prompted to enter a decryption key. The system relies on Windows lockscreen for authentication instead. My ...
- 251
1
vote
0
answers
228
views
"Trusted memory" What does it mean?
It is often cited "to load from untrusted memory to a trusted system memory" when describing the secure boot process. I wonder, when can we consider a memory as "trusted"?
- 279