Understanding the UEFI Secure Boot Chain
Search…
Understanding the UEFI Secure Boot Chain
1.0.0
Understanding UEFI Secure Boot Chain
Executive Summary
Overview
Secure Boot Chain in UEFI
Additional Secure Boot Chain Implementations
Looking Forward – Platform Firmware Resiliency
Glossary
References
Figures
Figure 1-1: Clark-Wilson model, From Lee
Figure 2-1: UEFI Secure Boot
Figure 2-2: Image Verification flow
Figure 2-3: Image Verification with timestamp signature database
Figure 2-4: Intel® Boot Guard diagram credit CYBER-RESILIENCY IN CHIPSET AND BIOS
Figure 2-5: Secure Boot Verification Flow
Figure 2-6: Intel® BIOS Guard
Figure 3-1: Linux MOK Boot, source: UEFI Secure Boot Webinar
Figure 3-2: coreboot Verified Boot
Figure 3-3: Android Verified Boot 1.0 without A/B source: Android Verified Boot 2.0
Figure 3-4: Android Verified Boot 1.0 with A/B source: Android Verified Boot 2.0
Figure 3-5: Android Verified Boot 2.0 source: Android Verified Boot 2.0
Figure 4-1: Component and Trust Chain, from NIST SP800-193
Figure 4-2: High-level View of PCIe® Component Authentication
Figure 4-3: Cerberus power on sequence source: “Project Cerberus Hardware Security
Figure 4-4: Cerberus boot flow source: “Project Cerberus Hardware Security"
Figure 4-5: Cerberus recovery flow source: “Project Cerberus Hardware Security"
Figure 4-6: Cerberus firmware update source: “Project Cerberus Hardware Security"
Figure 4-7: Intel® PFR Overview source: csdn.net
Figure 4-8: Intel® PFR boot flow source: csdn.net
Figure 4-9: Intel® PFR Reset Sequence source: csdn.net
Figure 4-10: Titan System Integration
Figure 4-11: Titan Verified Boot
Figure 4-12: Lattice PFR source: latticesemi.com/pfr
Powered By
GitBook
Figure 2-6: Intel® BIOS Guard
Previous
Figure 2-5: Secure Boot Verification Flow
Next
Figure 3-1: Linux MOK Boot, source: UEFI Secure Boot Webinar
Copy link