After so many years, it is good to see so much activity around UEFI Secure Boot and the proposed usage of this capability in upcoming operating systems. The UEFI Forum www.uefi.org has been working on refining this capability since the publication of the UEFI 2.0 specification in 2006, culminating in its present form in the UEFI 2.3.1a specification published this year.
I introduced the concept of a UEFI-based Root of Trust for Verification / Enforcement (RTV/RTE) in the 2007 paper Platform Trust Beyond BIOS Using the Unified Extensible Firmware Interface http://dblp.uni-trier.de/rec/bibtex/conf/csreaSAM/Zimmer07. As I concluded in that paper:
The paper also describes how the UEFI RTV complements a Trusted Computing Group Trusted Platform Module (TPM) Root of Trust for Storage/Recording (RTS/RTR) and a UEFI based Root of Trust for Measurement (RTM) to work in tandem with the TPM. Finally, the paper describes using formal integrity models like Clark-Wilson to decompose a system and the use of UEFI Capsule updates to have a cryptographically-assured update of the underlying UEFI Platform Initialization (PI)-based UEFI features.
I introduced the concept of a UEFI-based Root of Trust for Verification / Enforcement (RTV/RTE) in the 2007 paper Platform Trust Beyond BIOS Using the Unified Extensible Firmware Interface http://dblp.uni-trier.de/rec/bibtex/conf/csreaSAM/Zimmer07. As I concluded in that paper:
This paper has shown that the future of extensible platform firmware beyond BIOS holds many perils and opportunities. The perils include the new ability to have extensible code loading in the pre-operating system regime, but the opportunities include the use of measured and secure boot to harden the platform and authorize code loading. And in a world of ever-more-secure operating systems, the pre-OS may become a more interesting target for the Blackhat's of the world. As such, these UEFI protections are even more important to implement.
The paper also describes how the UEFI RTV complements a Trusted Computing Group Trusted Platform Module (TPM) Root of Trust for Storage/Recording (RTS/RTR) and a UEFI based Root of Trust for Measurement (RTM) to work in tandem with the TPM. Finally, the paper describes using formal integrity models like Clark-Wilson to decompose a system and the use of UEFI Capsule updates to have a cryptographically-assured update of the underlying UEFI Platform Initialization (PI)-based UEFI features.
For more recent information on a UEFI RTM, check out the IBM/Intel paper http://download.intel.com/technology/efi/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf.
In addition to that material from 2007 and 2009, article 5 of the November Intel Technology Journal describes the UEFI Secure and Measured Boot scenario in light of the UEFI 2.3.1a specification
Other interesting discussions of the Measured and Secure boot interplay can be found in http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-462T. Matt Garrett also notes "Secure boot is a valuable feature. It does neatly deal with the growing threat of pre-OS malware" http://mjg59.dreamwidth.org/6503.html.
No comments:
Post a Comment