2

I'm trying to understand the secure boot process of an OS but there are few points I can't wrap my head around.

At a high level, afaik, secure boot ensures that the loaded OS is authenticated by its respective vendor. If an adversary modifies the OS code, the authentication checks during secure boot fails and user is notified.

What I want to understand is how's this mechanism implemented at a low level. My understanding is as follows.

There's a read-only memory (ROM) where the program which initiates the booting process is written along with a public key by the manufacturer. Integrity of this code is basically implicitly trusted, so this program is the root-of-trust. This program is loaded by CPU first and upon execution, it verifies and loads the next component in the booting process. Next component verifies the next next component and so on until all the components of OS are loaded.

However, what ensures that CPU really starts booting the system from the correct ROM? Can't an adversary force the CPU to read a malicious initiating program that disregards the verification step? That is, there should be another component that ensures the system really starts from the root-of-trust program. What's that component or is my understanding of the process is incorrect?

SpiderRico
  • 177
  • 5
  • Do you mean an attacker with control of the software, or hardware? In the latter case, an attacker can do whatever they want. – multithr3at3d Jun 19 '20 at 22:57
  • 1
    The location in which the CPU looks first is almost certainly hardcoded – multithr3at3d Jun 19 '20 at 22:59
  • Hardware. I was thinking even in that case tampering with secure boot is non-trivial given there are solutions such as Intel SGX etc. that make use of secure boot to start up the system with a trusted execution environment l. – SpiderRico Jun 19 '20 at 23:00
  • not sure, but I don't think SGX is relevant here? Like I said, with physical access, an adversary could disable or replace components to ensure these features are broken. I don't think secure boot is meant to protect against a physical attacker. – multithr3at3d Jun 20 '20 at 13:57

1 Answers1

3

However, what ensures that CPU really starts booting the system from the correct ROM?

Usually ROM are sorted onto motherboard. Since information once written to ROM can not be electronically altered, the only way a computer to use another ROM is change of motherboard which requires physical access to machine. As suggested by @multithr3at3d in the comments if an adversary has physical access to machine, there is no restriction to what can be done.

Can't an adversary force the CPU to read a malicious initiating program that disregards the verification step?

Rootkits may change the sequence of boot-loaders or change the boot-loader with a malicious one. The BIOS doesn't know the difference between a trusted boot-loader and a malicious one. Hence Secure boot is in place to help avoid it.

Arpit Rohela
  • 573
  • 2
  • 12