skip to main content
research-article
Free access

Securing the boot process

Published: 24 February 2020 Publication History

Abstract

The hardware root of trust.

References

[1]
Apple. Apple T2 Security Chip, 2018; https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
[2]
Cimpanu, C. Hackers can hijack bare-metal cloud servers by corrupting their BMC firmware; https://zd.net/2MyXFLI
[3]
Common Vulnerabilities and Exposures, 2018; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12169
[4]
Garrett, M. Intel Boot Guard, 2015; Coreboot and user freedom; https://mjg59.dreamwidth.org/33981.html
[5]
Google Open Source Blog. OpenTitan---Open sourcing transparent, trustworthy, and secure silicon; https://opensource.googleblog.com/2019/11/opentitan-open-sourcing-transparent.html.
[6]
Hudson, T. Open Source Firmware Conference's Security Keynote; https://trmm.net/OSFC_2018_Security_keynote#Boot_Guard
[7]
Hudson, T. Thunderstrike EFI bootkit FAQ; https://trmm.net/Thunderstrike_FAQ#Does_anyone_actually_use_evil-maid_attacks.3F
[8]
Intel. Intel Data Center Block with Firmware Resilience, 2017; https://intel.ly/2POBjXj
[9]
ISO/IEC 11889-1:2009. Information technology---Trusted platform module; https://www.iso.org/standard/50970.html.
[10]
Kahney, L. The FBI wanted a back door to the iPhone. Tim Cook said no. Wired (Apr. 16, 2019); https://www.wired.com/story/the-time-tim-cook-stood-his-ground-against-fbi/.
[11]
Kelly, B. Open Compute Project---Project Cerberus Security Architecture Overview Specification, 2017; http://bit.ly/2sts9aO.
[12]
Krstic, I. Behind the scenes of iOS and Mac security, 2019; https://ubm.io/34rrmnY
[13]
Lattice Semiconductors. Universal Platform Firmware Resiliency (PFR)---Servers; http://www.latticesemi.com/Solutions/Solutions/SolutionsDetails02/PFR.
[14]
OpenTitan. Introduction to OpenTitan, 2019; https://docs.opentitan.org/.
[15]
Regenscheid, A. Platform firmware resiliency guidelines. NIST Special Publication 800-193, 2018; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf.
[16]
Robertson, J., Riley, M. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, 2018; https://bloom.bg/2PY108V
[17]
Strömberg, F. System transparency, 2019; https://mullvad.net/media/system-transparency-rev5.pdf.
[18]
Trusted Computing Group. TPM main, part 1, design principles, 2011; http://bit.ly/36GDQcK.
[19]
UEFI; https://uefi.org/specifications
[20]
Wang, J. Bug 1614 (CVE-2019-11098) - BootGuard TOCTOU vulnerability; https://bugzilla.tianocore.org/show_bug.cgi?id=1614
[21]
Wilkins, R. 2013. UEFI secure boot in modern computer security solutions; http://bit.ly/362a4Q2

Cited By

View all
  • (2024)Unleashing OpenTitan's Potential: a Silicon-Ready Embedded Secure Element for Root of Trust and Cryptographic OffloadingACM Transactions on Embedded Computing Systems10.1145/3690823Online publication date: 5-Sep-2024
  • (2023)Platform Attestation in Consumer Devices2023 33rd Conference of Open Innovations Association (FRUCT)10.23919/FRUCT58615.2023.10142995(198-209)Online publication date: 24-May-2023
  • (2023)IBCEB: A bi-authentication Secure Boot Scheme for IoT device based on IBC2023 3rd International Conference on Electronic Information Engineering and Computer Science (EIECS)10.1109/EIECS59936.2023.10435522(1314-1318)Online publication date: 22-Sep-2023
  • Show More Cited By

Index Terms

  1. Securing the boot process

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image Communications of the ACM
    Communications of the ACM  Volume 63, Issue 3
    March 2020
    98 pages
    ISSN:0001-0782
    EISSN:1557-7317
    DOI:10.1145/3385399
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 24 February 2020
    Published in CACM Volume 63, Issue 3

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Popular
    • Refereed

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)996
    • Downloads (Last 6 weeks)94
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Unleashing OpenTitan's Potential: a Silicon-Ready Embedded Secure Element for Root of Trust and Cryptographic OffloadingACM Transactions on Embedded Computing Systems10.1145/3690823Online publication date: 5-Sep-2024
    • (2023)Platform Attestation in Consumer Devices2023 33rd Conference of Open Innovations Association (FRUCT)10.23919/FRUCT58615.2023.10142995(198-209)Online publication date: 24-May-2023
    • (2023)IBCEB: A bi-authentication Secure Boot Scheme for IoT device based on IBC2023 3rd International Conference on Electronic Information Engineering and Computer Science (EIECS)10.1109/EIECS59936.2023.10435522(1314-1318)Online publication date: 22-Sep-2023
    • (2023)Secure Onboarding and Management of Electronic Shelf Labels in Retail2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS56262.2023.10041323(96-101)Online publication date: 3-Jan-2023
    • (2022)MicroBlind: Flexible and Secure File System Middleware for Application Sandboxes2022 IEEE International Conference on Cloud Engineering (IC2E)10.1109/IC2E55432.2022.00031(221-232)Online publication date: Sep-2022
    • (2020)Challenges and New Directions for AI and Hardware Security2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS)10.1109/MWSCAS48704.2020.9184612(277-280)Online publication date: Aug-2020

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Digital Edition

    View this article in digital edition.

    Digital Edition

    Magazine Site

    View this article on the magazine site (external)

    Magazine Site

    Login options

    Full Access

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media