Datasheets

Wind River Titanium Security Suite - Titanium Secure Boot Datasheet

Issue link: https://resources.windriver.com/i/1378180

Contents of this Issue

Navigation

Page 0 of 1

Titanium Secure Boot from Star Lab, the Wind River ® Technology Protection and Cyberse- curity Group, provides the strongest level of boot- time authentication/trust on Intel ® chipsets, while being more flexible in terms of target Linux distri- butions and BIOS variants. Titanium Secure Boot starts much the same way that other boot technologies (such as UEFI Secure Boot) do — verifying BIOS firmware; however, the target system is instructed to store measurements of these firmware level components in an off-CPU TPM. Once the bootloader launches the Titanium Secure Boot module, a signed Intel code module is measured by Titanium Secure Boot and then loaded into the boot process to measure Titanium Secure Boot and clear the CPU state. Titanium Secure Boot then regains control and authenticates the rest of the boot components and the boot-time command-line arguments. Because Titanium Secure Boot measures the initramfs and command line parameters an attacker cannot subvert or interpose late-load security com- ponents by modifying early boot components within the initramfs or disable important security features (such as intel_iommu=on). With Titanium Secure Boot, measurements (stored in the TPM Platform Configuration Registers or PCRs) are combined to unlock non-extractable key material in the TPM. The unlock attempt succeeds only if the sequence of measure- ments exactly match a prior trusted state's measurements. Leveraging a TPM to supplement its attestation, re- moving the sole verification burden from boot-time software that must trust itself, Titanium Secure Boot verifies the authenticity of boot-time com- ponents through a measured boot sequence. Titanium Secure Boot Wind River Titanium Security Suite 1

Articles in this issue

view archives of Datasheets - Wind River Titanium Security Suite - Titanium Secure Boot Datasheet