Secure Boot Attacks and Defenses

  1. The Secure Boot Process
    1. System Initialization Phase
      1. Hardware Power-On Self-Test
        1. Firmware Initialization
          1. Security Processor Activation
            1. Platform Configuration Setup
            2. Pre-Boot Authentication
              1. UEFI Driver Verification
                1. Option ROM Authentication
                  1. Boot Service Driver Loading
                    1. Runtime Driver Validation
                    2. Boot Manager Phase
                      1. Boot Option Enumeration
                        1. Boot Device Selection
                          1. Boot Path Validation
                            1. Boot Manager Authentication
                            2. Bootloader Authentication
                              1. Signature Verification Process
                                1. Certificate Chain Validation
                                  1. Database Lookup Procedures
                                    1. Revocation List Checking
                                    2. Operating System Handoff
                                      1. Kernel Authentication
                                        1. Boot Parameter Validation
                                          1. Control Transfer Mechanisms
                                            1. Runtime Service Transition
                                            2. Boot Failure Handling
                                              1. Authentication Failure Responses
                                                1. Error Reporting Mechanisms
                                                  1. Recovery Mode Options
                                                    1. Fallback Procedures

                                                  Previous

                                                  2. UEFI Secure Boot Architecture

                                                  Go to top

                                                  Next

                                                  4. Key Management and Certificate Infrastructure