Firmware Security

  1. Securing the Boot Process
    1. Legacy BIOS Boot Security
      1. BIOS Boot Process
        1. Security Limitations
          1. Lack of Authentication
            1. Susceptibility to Modification
              1. No Integrity Verification
              2. Legacy Protection Mechanisms
                1. BIOS Write Protection
                  1. Boot Sector Protection
                2. UEFI Secure Boot
                  1. Secure Boot Architecture
                    1. Public Key Infrastructure for Boot
                      1. Certificate Authorities
                        1. Key Distribution
                        2. UEFI Security Databases
                          1. Platform Key (PK)
                            1. Key Exchange Key (KEK)
                              1. Signature Database (db)
                                1. Forbidden Signatures Database (dbx)
                                2. Secure Boot Process
                                  1. Bootloader Verification
                                    1. OS Kernel Signing
                                      1. Driver Signing
                                        1. Signature Verification Process
                                        2. Key Management
                                          1. Key Enrollment
                                            1. Key Updates
                                              1. Key Revocation
                                                1. Custom Key Management
                                              2. Measured Boot
                                                1. Measurement Process
                                                  1. Component Measurement
                                                    1. Hash Calculations
                                                      1. Measurement Sequence
                                                      2. TPM Integration
                                                        1. PCR Usage
                                                          1. Measurement Storage
                                                            1. Reporting Mechanisms
                                                            2. Attestation
                                                              1. Local Attestation
                                                                1. Remote Attestation
                                                                  1. Quote Generation
                                                                    1. Verification Processes
                                                                  2. Boot Integrity Verification
                                                                    1. Integrity Checking Methods
                                                                      1. Hash Verification
                                                                        1. Digital Signatures
                                                                          1. Certificate Validation
                                                                          2. Known-Good State Establishment
                                                                            1. Baseline Creation
                                                                              1. Reference Measurements
                                                                                1. Comparison and Validation
                                                                                2. Anomaly Detection
                                                                                  1. Deviation Detection
                                                                                    1. Alert Mechanisms
                                                                                      1. Response Procedures

                                                                                  Previous

                                                                                  4. The Secure Firmware Lifecycle

                                                                                  Go to top

                                                                                  Next

                                                                                  6. Firmware Attack Vectors and Vulnerabilities