Understanding the UEFI Secure Boot Chain
Search…
Understanding the UEFI Secure Boot Chain
1.0.0
Understanding UEFI Secure Boot Chain
Executive Summary
Overview
Secure Boot Chain in UEFI
Additional Secure Boot Chain Implementations
Looking Forward – Platform Firmware Resiliency
Platform Firmware Resiliency
Device Firmware Boot
Device Firmware Update
Project Cerberus
Intel® Platform Firmware Resilience (Intel® PFR)
Google Titan
Other Platform Firmware Resiliency (PFR) Implementations
Glossary
References
Figures
Powered By GitBook
Project Cerberus
As part of the Open Compute Project (OCP), Project Cerberus defines a hierarchical Root of Trust (RoT) architecture. All active components are required to support both hardware and firmware combined identifing through the Device Identifier Composition Engine (DICE).
Figure 4-3 thru 4-6 describe the power on sequence, boot flow, recovery flow, and firmware update flow.

Figure 4-3: Cerberus power on sequence (source: “Project Cerberus Hardware Security”)

Figure 4-4: Cerberus boot flow (source: “Project Cerberus Hardware Security”)

Figure 4-5: Cerberus recovery flow (source: “Project Cerberus Hardware Security”)

Figure 4-6: Cerberus firmware update (source: “Project Cerberus Hardware Security”)

The concept of Cerberus is similar to Intel® Boot Guard., but there are several key differences:
  1. 1.
    Intel® Boot Guard uses Microcode as RoT, while Cerberus uses a dedicated RoT device.
  2. 2.
    Intel® Boot Guard can mitigate hardware bus attacks.
  3. 3.
    Intel® Boot Guard only verifies the host system firmware, while Cerberus verifies all boot firmware (platform firmware, BMC, etc.)
  4. 4.
    Cerberus defines a detailed flow for update and recovery.
Table 4-3: Cerberus Boot
Item
Entity
Provider
Location
TP
Boot Firmware Verification (in Cerberus Microcontroller)
OEM
Flash (Read Only Code), Device ROM.
CDI
Cerberus Microcontroller
OEM
Flash (Read Only Code), Device ROM.
Boot Firmware Signature Database (Policy)
OEM
Flash (Read Only Data), ROM
UDI
Boot Firmware (BMC, Firmware)
OEM/IHV
Flash (Read Only Data) – active area
Table 4-4: Cerberus Recovery
Item
Entity
Provider
Location
TP
Boot Firmware Verification (in Cerberus Microcontroller)
OEM
Flash (Read Only Code), Device ROM.
CDI
Cerberus Microcontroller
OEM
Flash (Read Only Code), Device ROM.
Boot Firmware Signature Database (Policy)
OEM
Flash (Read Only Data), ROM
UDI
Boot Firmware Recovery (BMC, Firmware)
OEM/IHV
Flash (Read Only Data) - recovery area
Table 4-5: Cerberus Firmware Update
Item
Entity
Provider
Location
TP
Boot Firmware Verification (in Cerberus Microcontroller)
OEM
Flash (Read Only Code), Device ROM.
CDI
Cerberus Microcontroller
OEM
Flash (Read Only Code), Device ROM.
Boot Firmware Signature Database (Policy)
OEM
Flash (Read Only Data), ROM
UDI
Boot Firmware (BMC, Firmware)
OEM/IHV
Flash (Read Only Data) – staging area
Previous
Device Firmware Update
Next
Intel® Platform Firmware Resilience (Intel® PFR)
Last modified 2yr ago
Copy link
Contents
Figure 4-3: Cerberus power on sequence (source: “Project Cerberus Hardware Security”)
Figure 4-4: Cerberus boot flow (source: “Project Cerberus Hardware Security”)
Figure 4-5: Cerberus recovery flow (source: “Project Cerberus Hardware Security”)
Figure 4-6: Cerberus firmware update (source: “Project Cerberus Hardware Security”)