Presentation is loading. Please wait.

Presentation is loading. Please wait.

TPM, UEFI, Trusted Boot, Secure Boot

Published byYeter Balcı Modified over 5 years ago

Similar presentations

Presentation on theme: "TPM, UEFI, Trusted Boot, Secure Boot"— Presentation transcript:

1 TPM, UEFI, Trusted Boot, Secure Boot

2 How Does a PC Boot? First: History
Code entered on Hand Switches Non-Volatile Memory; infrequent cold boot Development of ROM-based IPL PC developed multi-stage boot process

3 Power Up Sequence POST – Power On Self Test First code that runs
First code that runs Part of the BIOS Checks hardware to prevent boot failure Runs BIOS/POST code in other devices BIOS must know how to operate devices Each BIOS crafted for each motherboard

4 Initial Program Load - IPL
Original PC booted each device in fixed order Floppy, CD, HDD, Net Newer BIOS now can change boot order Loads boot code from device Secondary boot loader Stored in particular track of FDD/HDD Independent of software architecture

5 Boot Loader Knows about device architecture
HDD – Partition tables, block size, File Structure: FAT16, FAT32, NTFS etc Finds the OS boot program MS Boot loader From a particular named file Linux loader

6 OS Loader What you see when the Operating System Starts
Launches and configures the OS for the hardware Installs relevant device drivers Checks license and file system Gets network operating etc

7 Security BIOS is in Flash – can be changed
User code can write to flash memory Attacker can control machine from 1st power HDD Boot sector can be changed (boot sector virus) OS Loader can be changed

8 TPM and BIOS BIOS is in control from POST
BIOS asks TPM for verification BIOS can still be attacked OS/CPU must protect BIOS BIOS chip could still be changed BIOS asks TPM to verify Boot Loader BIOS could still boot something if verify failed Hardware still usable if BIOS permits

9 Secure Boot BIOS will only boot authenticated boot loader
Boot loader only boots authentic OS BitLocker must be enabled to secure disk BIOS cannot then override TPM signing BIOS could still boot another device unless locked BIOS could be replaced to use another disc Original disc still cryptographically secured

10 TPM Weakness Should be tamperproof Used in Games Console
Gamers motivated to break-in Hardware attack details publish Split chip open and collect key from Bus Use brute force decryption for game keys Manufacture problem not design problem?

11 UEFI Duplication between BIOS and OS
Both need device drivers BIOS – TPM secure boot is optional UEFI addresses this UEFI is part of BIOS Performs Boot Loader function Checks OS signature without TPM Will refuse to boot Knows file structure Drivers come from OS disk

12 Features Larger disks / Newer Hardware Eliminates boot virus attacks
Secures OS Gives manufactures' control of hardware use Can still work with BitLocker/TPM Still vulnerable Contains buffer overflow error (Samsung) BIOS reflashable/rechipable

13 Unified Extensible Firmware Interface

14 Fully Trustworthy? Anti-Evil Maid method
Store signatures of BIOS etc in TPM User checks TPM signature using: Password Physical device (USB stick with crypto key) All signatures checked Detects any non-authentic code BitLocker not needed Detects compromise on any component

Download ppt "TPM, UEFI, Trusted Boot, Secure Boot"

Similar presentations

Vpn-info.com.

Vpn-info.com.
System Setup CGS2564. What Happens When You Start up a Computer? BIOS Basic Input Output System A set of programs stored in ROM Contain instructions on.

System Setup CGS2564. What Happens When You Start up a Computer? BIOS Basic Input Output System A set of programs stored in ROM Contain instructions on.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.

DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.

The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.

Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Tony Mangefeste Senior Program Manager SYS-005T Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot.

Tony Mangefeste Senior Program Manager SYS-005T Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot.
Host and Application Security Lesson 4: The Win32 Boot Process.

Host and Application Security Lesson 4: The Win32 Boot Process.
Configuration Overview The BIOS (basic input/output system) is an important motherboard component. The BIOS has the following functions: Holds and executes.

Configuration Overview The BIOS (basic input/output system) is an important motherboard component. The BIOS has the following functions: Holds and executes.
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.

Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.

The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
Booting. Booting is the process of powering it on and starting the operating system. power on your machine, and in a few minutes your computer will be.

Booting. Booting is the process of powering it on and starting the operating system. power on your machine, and in a few minutes your computer will be.
BIOS. Accessing System BIOS You can use the System Setup utility to change variable BIOS information, such as the type of hard drive you have installed.

BIOS. Accessing System BIOS You can use the System Setup utility to change variable BIOS information, such as the type of hard drive you have installed.
From UEFI Shell to Linux - UEFI Linux BootLoader Zhang Rui Software Engineer Sep 28 th 2011.

From UEFI Shell to Linux - UEFI Linux BootLoader Zhang Rui Software Engineer Sep 28 th 2011.
Hardware Boot Sequence. Vocabulary BIOS = Basic Input Output System UEFI = Unified Extensible Firmware Interface POST= Power On Self Test BR = Boot Record.

Hardware Boot Sequence. Vocabulary BIOS = Basic Input Output System UEFI = Unified Extensible Firmware Interface POST= Power On Self Test BR = Boot Record.

Similar presentations

Ads by Google