What are the elements of secure boot processes?

The secure boot protects devices from unauthorized modification by verifying the authenticity of the boot code. Its importance is growing as society digitalizes and the number of devices on the Internet of Things (IoT) soars. A secure boot prevents an adversary from compromising device operation.

This article reviews the basic elements of secure boot processes, delves into the Unified Extensible Firmware Interface (UEFI), and examines its implementation in detail.

All secure boot processes go through a series of steps to ensure the integrity and authenticity of the boot elements incrementally. If invalid data is detected at any point in the boot process, execution is stopped (Figure 1).

The steps included in secure boot processes include the initial bootloader, verification, establishment of the chain of trust, and component verification. The initial bootloader stored on read-only memory (ROM) sets the process in motion. The initial bootloader verifies the integrity of the next stage using a digital signature or hash based on cryptographic algorithms.

If verification is successful, it enables the next stage of the boot process to load in a trusted execution environment (TEE) and establish the chain of trust. Component verification involves validating digital signatures or hashes for every subsequent step in the boot process. The chain of trust continuity extends to the operating system kernel, device drivers, and software libraries.

Secure boot also enforces secure configuration settings and policies set by the manufacturer or system administrator. Examples include restrictions on unsigned code, enforcing security requirements, using a whitelist to validate trusted applications, and so on.

At this point, the secure boot process is completed, and control is passed over to the operating system (OS). Some implementations continue to provide runtime services to the OS.

Booting out BIOS and using measured boot

UEFI was developed to enhance security by replacing the basic input/output system (BIOS) start-up firmware in the boot ROM of IBM PC-compatible computers. Today, it’s used on computers running Windows and Linux operating systems and on Intel-based Macs.

Measured Boot is a UEFI feature that protects computers from malware during the boot process by measuring and storing system components like the bootloader, drivers, and firmware in the Trusted Platform Module (TPM). The measurements are stored as cryptographic hashes and used to detect any unauthorized changes.

UEFI uses six boot phases. Combined, they are referred to as Platform Initialization (PI). The six phases are (Figure 2):

Security (SEC) begins by using the information in the TPM to create the root of trust, which ensures that any code executed during the PI is cryptographically validated, enabling a secure boot process.
Pre-EFI (extensible firmware interface) Initialization (PEI) uses PEI modules (PEIMs) to begin initializing permanent memory and provides the memory needed by the primary boot phase.
Driver Execution Environment (DXE) is the primary boot phase where most system initialization and configuration happens.
Boot Device Selection (BDS) initializes console devices, such as external terminals, and all remaining devices needed for system operation.
Transient System Load (TSL) is responsible for finalizing the boot process and passing control to the operating system (OS).
Runtime (RT) occurs when the OS has taken over the system. UEFI also includes runtime services that remain available to the OS during operation.

Summary

Secure boot is important to ensure the authenticity of the boot code and prevent an adversary from interfering with the operation of IoT devices or other computer systems. It’s a structured process that begins by establishing a root of trust and continues until control is passed to the OS. Before the development of secure boot processes, computer systems were booted up using a BIOS system that was susceptible to compromise. UEFI was developed to replace the BIOS on IPM PC-compatible computers and enhance operational robustness.