Secure/Trusted Booting

By Wade Brown, Senior Research and Design Engineer, Dedicated Computing

Secure boot is a component of the UEFI firmware package and does not exist in legacy BIOS implementations. The intended use of this component is to protect against boot kits (as opposed to root kits, which target the OS). The general boot path is: computer starts, UEFI loads, seeks first bootable device and loads it's boot sector. Depending on the architecture, the boot sector points to software (i.e. first stage boot loader) that will eventually load and execute. On a non-secure boot enabled system, the software is loaded and executed without verification.

UEFI provides non-volatile, private storage space that can be used to store public key infrastructure (PKI) based certificates. With secure boot enabled, the UEFI firmware will verify the boot loader has been digitally signed, has not been modified and the signature matches one of the certificates stored in NVRAM. If the boot loader fails verification, it will not be loaded and executed, and the boot process stops.

A boot loader implementing the Trusted Boot methodology, only concerns itself with the verification of the next software component. For example, in Windows and Linux operating systems, this next component is often called the "kernel."The kernel, in turn, can use Trusted Boot to verify every driver and other software components. In this manner, an anti-virus engine can be loaded before any other 3rd party driver/software. Trusted Boot normally uses a hardware component called a Trusted Platform Module (TPM), which is a small microprocessor dedicated to cryptographic functions, including integrated PKI keys.