"Booting" is the process of starting up a computer from the OFF state. This tag is for attacks and security measures relating to the startup routine of computer hardware, firmware, or operating systems.
Questions tagged [boot]
96 questions
27
votes
4 answers
How Do Rootkits & Other Low-Level Malware Still Manage to Load on Systems Protected by Secure Boot (and TB/MB)?
Let me try asking my question this way...
Let's say that I'm a offensive cyber Bad Guy working for a foreign state-sponsored Advanced Persistent Threat unit. My unit is charged with, say, stealing high-value intellectual property from American…
mostlyinformed
- 2,715
- 16
- 38
14
votes
2 answers
Write-protection at hardware level for security
It seems to me that to maximise server security, one ought - in addition to the usual security measures implemented in software - to prevent the overwriting of certain parts of the server system, such that only physical access will circumvent this…
sampablokuper
- 1,961
- 1
- 19
- 33
14
votes
6 answers
What's stopping someone from copying my HDD/SSD?
Let's say I have to leave my computer unattended and turned off for a while with some strangers, is it possible for someone to clone my HDD and SSD data?
Gem
- 265
- 2
- 4
14
votes
1 answer
How are TPMs provisioned for Intel Trusted Execution Environment (TXT)?
For Intel TXT to work, the TPM must be provisioned. Intel provides some tools for doing this but many are protected by non-public login or an NDA. Many OEM platform vendors provision their boards and machines at manufacturing time so an end user…
Wilbur Whateley
- 588
- 6
- 12
12
votes
3 answers
How is hibernation supported, on machines with UEFI Secure Boot?
I've been learning about UEFI Secure Boot, which attempts to prevent "bootkits" by locking down the boot process so that only signed bootloaders and kernels can be loaded.
Hibernation seems like a major attack vector. Hibernation (also known as…
D.W.
- 98,420
- 30
- 267
- 572
11
votes
3 answers
Can a physical attacker compromise a Windows machine with UEFI, secure boot and bitlocker?
Machines such as the MS Surface Pro 3 comes with bitlocker encryption and UEFI secure boot out of the box. However, the default boot order is network -> usb -> ssd.
If an attacker gets physical access to the machine (while it is locked or…
Kevin Lee
- 456
- 4
- 12
9
votes
2 answers
Android verified boot within the boot sequence
I'm interested in understanding the verified boot process in Android, yet I was unable to find insights about some properties of the process.
From what I gathered so far I get that in Android devices the verified boot process is supported using…
DannyL
- 201
- 1
- 3
9
votes
2 answers
UEFI Firmware integrity measurement
We know that UEFI measures the OS bootloader image integrity every time we power on our computer if secure boot is enabled.
With the growing attacks and discoveries of UEFI vulnerabilities, the following questions arise:
I want to know if there's a…
kub0x
- 365
- 1
- 9
8
votes
4 answers
What are the biggest security concerns on PXE?
What are the top security concerns when setting up a PXE (Preboot Execution Environment) booting environment, ordered by severity of a possible exploitation?
Things that I thought of are (in no particular order):
Rogue DHCP…
RikuXan
- 193
- 1
- 1
- 7
8
votes
1 answer
Dynamic vs Static root of trust
In TCG specification (for TPM devices) they specify how a static root of trust can be built up using secure boot and trusted boot. An alternative method appears to be Intel's Dynamic boot using their Intel TXT technology. I was just wondering from a…
Nark
- 539
- 1
- 5
- 15
7
votes
3 answers
How effective is something like Deep Freeze against boot sector infections?
I work for an embedded system manufacturer and on our older generation systems, which are powered by Windows Embedded, a number of customers have been experiencing virus infections. Due to the real time nature of these systems, anti-virus solutions…
Stephen
- 173
- 5
6
votes
2 answers
Utilman.exe command prompt hack prevention?
This trick to hack windows and reset passwords(or create new logins)has been around for ages and still works on windows 7 and windows 8. Is there any way to disable the key combination that brings up the 'Ease of access' dialogue box WindowsKey+U?…
NULLZ
- 11,426
- 17
- 77
- 111
6
votes
1 answer
How does UEFI Secure Boot prevent "evil twin" spoofing attacks?
I've been learning about UEFI Secure Boot. It is designed to prevent malware from infecting the boot process and overwriting the bootloader. It has hardware-level protections to ensure that only a signed, trusted bootloader and OS kernel will be…
D.W.
- 98,420
- 30
- 267
- 572
6
votes
1 answer
TPM bootstrap process
Assume that the file partition where the PC operating system and user data reside are sealed by a number of PCRs (Platform Configuration Registers) dedicated to BIOS measurements. What happens during the boot process if the BIOS is infected by a…
niklr
- 581
- 1
- 4
- 11
5
votes
2 answers
What is susceptible to Kon Boot hack tool?
I just learned about Kon Boot (from this YouTube video) and am wondering, how is such a hack tool guarded against? In the video the presenter claimed he had full disk encryption but was still able to by pass the password from booting to the USB…
Celeritas
- 10,039
- 22
- 77
- 144