TPM, UEFI, Trusted Boot, Secure Boot

Slides:



Advertisements
Similar presentations
Vpn-info.com.
Advertisements

System Setup CGS2564. What Happens When You Start up a Computer? BIOS Basic Input Output System A set of programs stored in ROM Contain instructions on.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Tony Mangefeste Senior Program Manager SYS-005T Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot.
Host and Application Security Lesson 4: The Win32 Boot Process.
Configuration Overview The BIOS (basic input/output system) is an important motherboard component. The BIOS has the following functions: Holds and executes.
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
Week #7 Objectives: Secure Windows 7 Desktop
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
Booting. Booting is the process of powering it on and starting the operating system. power on your machine, and in a few minutes your computer will be.
BIOS. Accessing System BIOS You can use the System Setup utility to change variable BIOS information, such as the type of hard drive you have installed.
From UEFI Shell to Linux - UEFI Linux BootLoader Zhang Rui Software Engineer Sep 28 th 2011.
Hardware Boot Sequence. Vocabulary BIOS = Basic Input Output System UEFI = Unified Extensible Firmware Interface POST= Power On Self Test BR = Boot Record.
Chapter 3.2: Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as.
Basic Input/Output System
11 INSTALLING AND MANAGING HARDWARE Chapter 6. Chapter 6: Installing and Managing Hardware2 INSTALLING AND MANAGING HARDWARE  Install hardware in a Microsoft.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.
Copyright © Genetic Computer School 2008 Computer Systems Architecture SA 8- 0 Lesson 8 Secondary Management.
1 Operating System Software What, Where, Why, and How? Startup routines ROM BIOS POST Device Drivers User Interface – Text or GUI Menus and dialog boxes.
Lesson 2 Component Overview Core Hardware Fundamentals.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
WELCOME. Skills and Techniques - Session 2 Skills and Techniques Booting from Windows 8.1 and Windows 10 devices.
NT1110 Computer Structure and Logic Unit 8 (Module 5A) COMPUTER OPERATION AND SECURITY.
Tech Level Cyber Security
Parts of a Computer.
Trusted Computing and the Trusted Platform Module
Chapter Objectives In this chapter, you will learn:
Chapter 6: BIOS.
BIOS & CMOS.
Operating System Review
Memory Key Revision Points.
Operating System.
Hardware security: The use of a Trusted Platform Module
Building a Trustworthy Computer
Chapter 12: File System Implementation
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS)
Operating System Structure
Lesson Objectives Aims Key Words
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
Computer System Structures
Outline What does the OS protect? Authentication for operating systems
Introduction to Computers
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Operating System Review
Booting Up 15-Nov-18 boot.ppt.
Starting the computer. Every day we are using an operating system and most specifically a Windows operating system but most of us are not aware of the.
Chapter Overview Operating System Basics
BIOS Chapter 6.
Modern PC operating systems
Intel Active Management Technology
Lecture9: Embedded Network Operating System: cisco IOS
Motherboard BIOS and Troubleshooting
The bios.
OS Boot Sequence and File System
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
OS Boot Sequence and File System
Introduction to BIOS Prof. Shamim Ahmad Hakim
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

TPM, UEFI, Trusted Boot, Secure Boot

How Does a PC Boot? First: History http://en.wikipedia.org/wiki/Booting Code entered on Hand Switches Non-Volatile Memory; infrequent cold boot Development of ROM-based IPL PC developed multi-stage boot process

Power Up Sequence POST – Power On Self Test First code that runs http://en.wikipedia.org/wiki/Power-on_self-test First code that runs Part of the BIOS Checks hardware to prevent boot failure Runs BIOS/POST code in other devices BIOS must know how to operate devices Each BIOS crafted for each motherboard

Initial Program Load - IPL Original PC booted each device in fixed order Floppy, CD, HDD, Net Newer BIOS now can change boot order Loads boot code from device Secondary boot loader Stored in particular track of FDD/HDD Independent of software architecture

Boot Loader Knows about device architecture HDD – Partition tables, block size, File Structure: FAT16, FAT32, NTFS etc Finds the OS boot program MS Boot loader From a particular named file Linux loader

OS Loader What you see when the Operating System Starts Launches and configures the OS for the hardware Installs relevant device drivers Checks license and file system Gets network operating etc

Security BIOS is in Flash – can be changed User code can write to flash memory Attacker can control machine from 1st power HDD Boot sector can be changed (boot sector virus) OS Loader can be changed

TPM and BIOS BIOS is in control from POST BIOS asks TPM for verification BIOS can still be attacked OS/CPU must protect BIOS BIOS chip could still be changed BIOS asks TPM to verify Boot Loader BIOS could still boot something if verify failed Hardware still usable if BIOS permits

Secure Boot BIOS will only boot authenticated boot loader Boot loader only boots authentic OS BitLocker must be enabled to secure disk BIOS cannot then override TPM signing BIOS could still boot another device unless locked BIOS could be replaced to use another disc Original disc still cryptographically secured

TPM Weakness Should be tamperproof Used in Games Console Gamers motivated to break-in Hardware attack details publish Split chip open and collect key from Bus Use brute force decryption for game keys Manufacture problem not design problem?

UEFI Duplication between BIOS and OS Both need device drivers BIOS – TPM secure boot is optional UEFI addresses this UEFI is part of BIOS Performs Boot Loader function Checks OS signature without TPM Will refuse to boot Knows file structure Drivers come from OS disk

Features Larger disks / Newer Hardware Eliminates boot virus attacks Secures OS Gives manufactures' control of hardware use Can still work with BitLocker/TPM Still vulnerable Contains buffer overflow error (Samsung) BIOS reflashable/rechipable

Unified Extensible Firmware Interface

Fully Trustworthy? Anti-Evil Maid method Store signatures of BIOS etc in TPM User checks TPM signature using: Password Physical device (USB stick with crypto key) All signatures checked Detects any non-authentic code BitLocker not needed Detects compromise on any component

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.