Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI NVRAM variable. If they differ, the OS halts. This comparison can be inserted into a Linux initramfs, for example. Is such an implementation inferior to a TPM-base implementation? It seems that we don't need TPM after all.
Asked
Active
Viewed 127 times
0
-
[Secure boot for devices which don't have hardware security element](https://security.stackexchange.com/a/249354/118310) – defalt Oct 17 '21 at 17:28
-
The problem with your approach is, the hardware will stay as it is but the user will replace your public key with his own. TPM and eFuse prevent physical modification of data. – defalt Oct 17 '21 at 17:35
-
@defalt (a) Interesting link, but irrelevant. I'm assuming that Secure Boot is already provided. (b) Can you clarify what do you mean by “my” key and user's key and how TPM is relevant? It's possible that the computer has only one user. – beroal Oct 17 '21 at 20:36
-
The values you are comparing against have to be signed by you or the OEM and the public key should be protected by secure boot. If the public key is not protected, the attacker or the user itself can replace that key with his own to take control over chain of trust. – defalt Oct 17 '21 at 21:20
-
@defalt Well, I already stated in the question that Secure Boot is enabled. – beroal Oct 19 '21 at 05:50
-
You can use [Android Verified Boot 2.0](https://android.googlesource.com/platform/external/avb/+/master/README.md) implementation which is taken from [Chrome OS Verified Boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot). Make sure your public key is hardcoded into bootloader. – defalt Oct 19 '21 at 10:00