Secure Boot Attacks and Defenses

Secure Boot is a security standard designed to ensure a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM), thereby preventing malicious code like rootkits from loading during startup. Attacks against this mechanism often involve exploiting vulnerabilities in the UEFI firmware, using leaked or compromised signing keys to authorize malicious bootloaders, or physically accessing the hardware to disable or alter the boot configuration. Defenses rely on a layered strategy that includes regularly patching firmware, maintaining an updated database of revoked signatures (DBX) to block known-bad components, leveraging a Trusted Platform Module (TPM) for measured boot to attest to the integrity of the boot process, and securing the software supply chain to prevent key compromise.

1. Fundamentals of Secure Boot
   1. Purpose and Goals of Secure Boot
      1. Preventing Pre-boot Malware
      2. Establishing Hardware Root of Trust
      3. Ensuring System Integrity
      4. Maintaining Chain of Trust
   2. Historical Context and Evolution
      1. Limitations of Legacy BIOS
      2. Evolution from BIOS to UEFI
      3. Development of Secure Boot Standard
      4. Industry Adoption Timeline
   3. Core Concepts and Terminology
      1. Root of Trust Definition
      2. Trust Anchor Concept
      3. Chain of Trust Principles
      4. Cryptographic Foundations
   4. Unified Extensible Firmware Interface (UEFI)
      1. UEFI Architecture Overview
      2. UEFI Boot Services
      3. UEFI Runtime Services
      4. UEFI System Table
      5. UEFI Boot Process Flow
   5. Secure Boot Standard Components
      1. UEFI Specification Requirements
      2. Platform Key Infrastructure
      3. Signature Database Architecture
      4. Authenticated Variables System