• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • 5G
    • Automotive
    • Connectivity
    • Consumer Electronics
    • EV Engineering
    • Industrial
    • IoT
    • Medical
    • Security
    • Telecommunications
    • Wearables
    • Wireless
  • Learn
    • eBooks / Tech Tips
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Resources
    • Design Guide Library
    • DesignFast
    • LEAP Awards
    • Podcasts
    • White Papers
  • Videos
    • EE Videos & Interviews
    • Teardown Videos
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Engineering Training Days
  • Advertise
  • Subscribe

What are the elements of secure boot processes?

November 27, 2024 By Jeff Shepard Leave a Comment

The secure boot protects devices from unauthorized modification by verifying the authenticity of the boot code. Its importance is growing as society digitalizes and the number of devices on the Internet of Things (IoT) soars. A secure boot prevents an adversary from compromising device operation.

This article reviews the basic elements of secure boot processes, delves into the Unified Extensible Firmware Interface (UEFI), and examines its implementation in detail.

All secure boot processes go through a series of steps to ensure the integrity and authenticity of the boot elements incrementally. If invalid data is detected at any point in the boot process, execution is stopped (Figure 1).

secure boot
Figure 1. If invalid data is detected at any point in the secure process, including launching the operating system (OS), execution terminates. (Image: Keyfactor)

The steps included in secure boot processes include the initial bootloader, verification, establishment of the chain of trust, and component verification.  The initial bootloader stored on read-only memory (ROM) sets the process in motion. The initial bootloader verifies the integrity of the next stage using a digital signature or hash based on cryptographic algorithms.

If verification is successful, it enables the next stage of the boot process to load in a trusted execution environment (TEE) and establish the chain of trust. Component verification involves validating digital signatures or hashes for every subsequent step in the boot process. The chain of trust continuity extends to the operating system kernel, device drivers, and software libraries.

Secure boot also enforces secure configuration settings and policies set by the manufacturer or system administrator. Examples include restrictions on unsigned code, enforcing security requirements, using a whitelist to validate trusted applications, and so on.

At this point, the secure boot process is completed, and control is passed over to the operating system (OS). Some implementations continue to provide runtime services to the OS.

Booting out BIOS and using measured boot

UEFI was developed to enhance security by replacing the basic input/output system (BIOS) start-up firmware in the boot ROM of IBM PC-compatible computers. Today, it’s used on computers running Windows and Linux operating systems and on Intel-based Macs.

Measured Boot is a UEFI feature that protects computers from malware during the boot process by measuring and storing system components like the bootloader, drivers, and firmware in the Trusted Platform Module (TPM). The measurements are stored as cryptographic hashes and used to detect any unauthorized changes.

UEFI uses six boot phases. Combined, they are referred to as Platform Initialization (PI). The six phases are (Figure 2):

  • Security (SEC) begins by using the information in the TPM to create the root of trust, which ensures that any code executed during the PI is cryptographically validated, enabling a secure boot process.
  • Pre-EFI (extensible firmware interface) Initialization (PEI) uses PEI modules (PEIMs) to begin initializing permanent memory and provides the memory needed by the primary boot phase.
  • Driver Execution Environment (DXE) is the primary boot phase where most system initialization and configuration happens.
  • Boot Device Selection (BDS) initializes console devices, such as external terminals, and all remaining devices needed for system operation.
  • Transient System Load (TSL) is responsible for finalizing the boot process and passing control to the operating system (OS).
  • Runtime (RT) occurs when the OS has taken over the system. UEFI also includes runtime services that remain available to the OS during operation.
secure boot
Figure 2. Execution details of the UEFI secure boot process. (Image: Secret Club)

Summary

Secure boot is important to ensure the authenticity of the boot code and prevent an adversary from interfering with the operation of IoT devices or other computer systems. It’s a structured process that begins by establishing a root of trust and continues until control is passed to the OS. Before the development of secure boot processes, computer systems were booted up using a BIOS system that was susceptible to compromise. UEFI was developed to replace the BIOS on IPM PC-compatible computers and enhance operational robustness.

References

EFI Secure Boot Overview and Workflow, Wind River
How Secure Boot helps to Secure IoT Devices, einfochips
Introduction to UEFI: Part 1, Secret Club
Secure the Windows boot process, Microsoft
UEFI Forum Releases the UEFI 2.10 Specification and the ACPI 6.5 Specification, UEFI Forum
What is Secure Boot? It’s Where IoT Security Starts, Keyfactor
What Is the Difference Between HSM, TPM, Secure Enclave, and Secure Element or Hardware Root of Trust, wolfSSL
Why Bother with Measured Boot?, Star Lab

Related WTWH links

Four major design considerations in secure boot for IoT applications
Security for embedded systems – Virtual Roundtable (part 1 of 2)
Securing embedded systems in a hostile world
Edge computing security: Challenges and techniques
Embedded security: Do you know what you don’t know?

You may also like:


  • Wi-Fi camera reference design features 4K video

  • April 2024 Issue: Internet of Things Handbook

  • Build a 5G Open RAN test lab with open-source software…

  • Securing devices for the IoT — IEC 62443, SESIP, and…

  • Securing devices for the IoT – firmware, software, and OTA

Filed Under: FAQ, Featured Tagged With: FAQ

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Featured Contributions

Five challenges for developing next-generation ADAS and autonomous vehicles

Securing IoT devices against quantum computing risks

RISC-V implementation strategies for certification of safety-critical systems

What’s new with Matter: how Matter 1.4 is reshaping interoperability and energy management

Edge AI: Revolutionizing real-time data processing and automation

More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: Internet of Things
Explore practical strategies for minimizing attack surfaces, managing memory efficiently, and securing firmware. Download now to ensure your IoT implementations remain secure, efficient, and future-ready.

EE Learning Center

EE Learning Center

EE ENGINEERING TRAINING DAYS

engineering
“bills
“microcontroller
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

RSS Current EDABoard.com discussions

  • How to calculate Gate Driver's propagation delay time?
  • Bidirectional data bus
  • Editing posts
  • avoiding mixer compression when acting as a phase detector
  • Crude Powerline FSK comms literally shorts the power bus at a certain frequency?

RSS Current Electro-Tech-Online.com Discussions

  • RS485 bus: common ground wire needed or not?
  • Kawai KDP 80 Electronic Piano Dead
  • Good Eats
  • What part is this marked .AC ?
  • Photo interrupter Connections

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

Footer

Microcontroller Tips

EE World Online Network

  • 5G Technology World
  • EE World Online
  • Engineers Garage
  • Analog IC Tips
  • Battery Power Tips
  • Connector Tips
  • DesignFast
  • EDA Board Forums
  • Electro Tech Online Forums
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy