1

So a secure boot process starts with a hardware based chain of trust. The root public key is baked into the ROM which is used to verify the low level boot loader which in turn boots the kernel. With this implemented, a software update will then be signed with the same key used to verify the kernel.

Are there any advantages if the key used to sign the kernel+system is different from the one used to sign the low level boot loader?

user220201
  • 893
  • 9
  • 22

1 Answers1

0

For one, it allows the boot loader and the OS to be produced and patched independently by different vendors. For example Intel and Microsoft.

Also, having a separate signing key for each product generally makes revocation easier; if for some reason you need to revoke or re-issue the key, only one product is affected.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207