Highest Voted 'trusted-boot' Questions - IT Security Stack Exchange

1

vote

0 answers

Does (UEFI) secure boot provide security advantages over TPM measured boot?

Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM. As i read into each, it appears to me that the TPM measurements to each stage would provide about the same level of integrity guarantee as how…

asked Aug 15 '20 at 23:32

Feiyeung

11
1

1

vote

0 answers

TPM & Windows BitLocker: how does it work and is it secure?

When starting a BitLocker-encrypted machine with a TPM and Windows 10 installed, you aren't prompted to enter a decryption key. The system relies on Windows lockscreen for authentication instead. My current understanding is that, when starting the…

disk-encryption windows-10 tpm bitlocker trusted-boot

asked May 16 '20 at 15:28

Manchineel

231
1
9

1

vote

0 answers

"Trusted memory" What does it mean?

It is often cited "to load from untrusted memory to a trusted system memory" when describing the secure boot process. I wonder, when can we consider a memory as "trusted"?

memory trust trusted-computing trusted-boot secure-boot

asked Feb 21 '20 at 21:12

Lavender

259
1
9

1

vote

1 answer

Integrity Check on power on VS. Secure boot

Can we consider the Integrity Check on power-on and the secure boot equal from security point of view? Secure boot is about allowing only a trusted SW to boot on the processor. A chain of trust can be built as a result of sequence of a securely…

authentication integrity trusted-boot secure-boot

asked Jan 28 '20 at 13:27

Lavender

259
1
9

1

vote

1 answer

Deep attestation of VM's

Hypervisors like Xen have virtual TPM (vTPM) support. In cloud environments, are there any implementations where such vTPM's are being used during remote attestation in addition to the host TPM based attestation in practice? What are the possible…

cloud-computing trusted-computing trusted-boot

asked Jul 28 '16 at 00:22

DaTaBomB

635
1
6
16

1

vote

2 answers

What is the difference between Trusted boot and Kernel Patch Protection (PatchGuard)

I have understood that Trusted boot and Kernel Patch Protection (or PatchGuard) are ways that Windows uses to protect itself from rootkit infections. But I cannot find a comparison of these two protection methods. I'm not looking for a detailed…

trusted-boot kernel-patch-protection

asked Mar 08 '16 at 13:26

pineappleman

2,279
11
21

0

votes

1 answer

Is there any security technology/technique beside tpm/secure boot which can verify the integrity of the bios or bootloader?

For any file on your OS you can get a md5 or sha256 value and if you suspect anything you get it again and compare. I was wondering if there is any way to do the same with the bios and bootloader and check their integrity manually. Can you for…

integrity rootkits bios secure-boot trusted-boot

asked Aug 06 '22 at 04:55

User4857

31
3

0

votes

0 answers

Can an OS implement Trusted Boot without TPM given Secure Boot?

Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI NVRAM variable. If they differ, the OS halts. This…

operating-systems tpm secure-boot trusted-boot

asked Oct 17 '21 at 16:29

beroal

139
6

0

votes

0 answers

How to execute Android verified boot during first boot after updating OS in Android?

I need to execute AVB (Android verified boot) during first boot after updating Android OS. BOARD_AVB_ENABLE = true is already present in the mk file device/hikey/common/BoardConfigCommon.mk in the external/AVB folder. I want to know how to check if…

android kernel boot trusted-boot

asked Aug 30 '21 at 10:00

Abracadabra

101

0

votes

0 answers

What is the difference betwen a Trusted Computing Base and a Root of Trust?

What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably? A TCB is defined by the NIST as follows: Totality of protection mechanisms within a computer system, including hardware,…

trust trusted-computing trusted-boot tee

asked Mar 24 '21 at 16:34

DurandA

107
1
10

0

votes

1 answer

What are the threats addressed by a Hardware Root-of-Trust?

SoC's have begun integrating a hardware Root-of-Trust to mitigate attacks on Secure Boot. Examples include Google's OpenTitan & Intel PFR. What are the threats addressed by discrete "Secure Enclave" type root-of-trust solutions? What are the…

trusted-boot secure-boot

asked Jun 20 '20 at 20:30

Indranil Banerjee

3
1

0

votes

1 answer

What kind of "actions" can a TPM2 policy authorize?

I've been instructed to use the state of our system's TPM's PCR registers to prevent the system we're working on from booting if one of the PCR registers is different from what we expect. In service of that goal, I'm reading over this article:…

tpm luks trusted-boot secure-boot

asked May 28 '20 at 02:51

user1733212

21
2

0

votes

0 answers

Bypassing Secure Boot in System on Chip

To bypass a secure boot for System on Chip (SoC), some attacks target the phase of copying the bootloader from where it is stored to the main memory. Instead, a malicious code will be copied to the main memory. In that case, the bootloader which is…

attacks memory trusted-computing trusted-boot secure-boot

asked Feb 03 '20 at 16:46

Lavender

259
1
9

-1

votes

1 answer

Booting from removeable media, evil maid, and others?

I am having a problem understanding some security techniques and was hoping someone could clarify some things. For instance, in terms of an evil maid attack, what are some solutions to preventing this? Is booting from removable media a solution to…

secure-boot trusted-boot cold-boot-attack

asked Nov 04 '21 at 00:00

Rideboards

559
4
7

Questions tagged [trusted-boot]