boot - kunisuzaki/misc GitHub Wiki

Secure Boot

• UEFI specification "UEFI Specification Version 2.8 (Errata B) (released June 2020)"

  • The boot image is signed. If the sgign is not verified, it cannot boot.
  • Vulnerability
    • MoonBounce, 2022
    • ESPecter,2021
    • FinSpy,2021
    • MosaicRegressor,2020
    • Lojax,2018
    • HackingTeam Rkloader,2015

• Frequently Asked Questions for Secure Boot (by Intel)

• wolfboot which supports Arm TrustZone

• (Obsolete) RISC-V Secure Boot defined by SiFive

Trusted Boot

• TPM(Trusted Platform Module) based which requires TCG-BIOS and CRTM (Core Root of Trust Measurement)
  • The boot prodecures are measured and logged in a TPM PCR register. The boot is not stopped but the PCR valuses are verified to confirm the boot is trusted or not.
• Arm® Platform Security Architecture Trusted Boot and Firmware Update

Measured Boot

Verified Boot

Attested Boot

Authenticated Boot