The secure boot protects devices from unauthorized modification by verifying the authenticity of the boot code. Its importance is growing as society digitalizes and the number of devices on the Internet of Things (IoT) soars. A secure boot prevents an adversary from compromising device operation.
This article reviews the basic elements of secure boot processes, delves into the Unified Extensible Firmware Interface (UEFI), and examines its implementation in detail.
All secure boot processes go through a series of steps to ensure the integrity and authenticity of the boot elements incrementally. If invalid data is detected at any point in the boot process, execution is stopped (Figure 1).
The steps included in secure boot processes include the initial bootloader, verification, establishment of the chain of trust, and component verification. The initial bootloader stored on read-only memory (ROM) sets the process in motion. The initial bootloader verifies the integrity of the next stage using a digital signature or hash based on cryptographic algorithms.
If verification is successful, it enables the next stage of the boot process to load in a trusted execution environment (TEE) and establish the chain of trust. Component verification involves validating digital signatures or hashes for every subsequent step in the boot process. The chain of trust continuity extends to the operating system kernel, device drivers, and software libraries.
Secure boot also enforces secure configuration settings and policies set by the manufacturer or system administrator. Examples include restrictions on unsigned code, enforcing security requirements, using a whitelist to validate trusted applications, and so on.
At this point, the secure boot process is completed, and control is passed over to the operating system (OS). Some implementations continue to provide runtime services to the OS.
Booting out BIOS and using measured boot
UEFI was developed to enhance security by replacing the basic input/output system (BIOS) start-up firmware in the boot ROM of IBM PC-compatible computers. Today, it’s used on computers running Windows and Linux operating systems and on Intel-based Macs.
Measured Boot is a UEFI feature that protects computers from malware during the boot process by measuring and storing system components like the bootloader, drivers, and firmware in the Trusted Platform Module (TPM). The measurements are stored as cryptographic hashes and used to detect any unauthorized changes.
UEFI uses six boot phases. Combined, they are referred to as Platform Initialization (PI). The six phases are (Figure 2):
- Security (SEC) begins by using the information in the TPM to create the root of trust, which ensures that any code executed during the PI is cryptographically validated, enabling a secure boot process.
- Pre-EFI (extensible firmware interface) Initialization (PEI) uses PEI modules (PEIMs) to begin initializing permanent memory and provides the memory needed by the primary boot phase.
- Driver Execution Environment (DXE) is the primary boot phase where most system initialization and configuration happens.
- Boot Device Selection (BDS) initializes console devices, such as external terminals, and all remaining devices needed for system operation.
- Transient System Load (TSL) is responsible for finalizing the boot process and passing control to the operating system (OS).
- Runtime (RT) occurs when the OS has taken over the system. UEFI also includes runtime services that remain available to the OS during operation.
Summary
Secure boot is important to ensure the authenticity of the boot code and prevent an adversary from interfering with the operation of IoT devices or other computer systems. It’s a structured process that begins by establishing a root of trust and continues until control is passed to the OS. Before the development of secure boot processes, computer systems were booted up using a BIOS system that was susceptible to compromise. UEFI was developed to replace the BIOS on IPM PC-compatible computers and enhance operational robustness.
References
EFI Secure Boot Overview and Workflow, Wind River
How Secure Boot helps to Secure IoT Devices, einfochips
Introduction to UEFI: Part 1, Secret Club
Secure the Windows boot process, Microsoft
UEFI Forum Releases the UEFI 2.10 Specification and the ACPI 6.5 Specification, UEFI Forum
What is Secure Boot? It’s Where IoT Security Starts, Keyfactor
What Is the Difference Between HSM, TPM, Secure Enclave, and Secure Element or Hardware Root of Trust, wolfSSL
Why Bother with Measured Boot?, Star Lab
Related WTWH links
Four major design considerations in secure boot for IoT applications
Security for embedded systems – Virtual Roundtable (part 1 of 2)
Securing embedded systems in a hostile world
Edge computing security: Challenges and techniques
Embedded security: Do you know what you don’t know?
Leave a Reply