To do secure boot we need an immutable public key baked into the ROM. This key is used to sign the boot loader or the key used to sign the boot loader. I have these questions -
Which code does this signature check? Is this code in the ROM?
How is the public key or hash of the public key put in the ROM? Is it just burned in the factory?
How does it work if I buy an SoC from say Intel or Qualcomm, and the OS is supplied by Redhat or Ubuntu or Windows. If the OS wants to support secure boot, do these OS vendors have to go get the Private Key from the chipset vendors? For security, they shouldn't get the private key but instead have their CSR signed by the root. But the point is, the root of trust is linked to the Chipset manufacturer's Keypair.
Stupid question, is the ROM code executed directly by the CPU or is it copied into RAM first? As I see it, the sequence of operations are, the ROM first reads the bootloader (which is somewhere on disk), computes the hash of it, computes the signature with the public key stored in ROM (or a key signed with it) and then compares the signature to the one in the bootloader. If all is well the boot loader is loaded and run. Correct?
Is my understanding still relevant in the mobile world?
Reading through UEFI secure boot Wiki page, it says this --
BlockquoteWhen secure boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "Platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware.
Is the platform key really stored in the firmware? How is this firmware verified?
- Does the UEFI secure boot also use the verification starting with the signature verification in the ROM?
