Wind River Titanium Security Suite - Titanium Secure Boot Datasheet

Titanium Secure Boot from Star Lab, the Wind River® Technology Protection and Cybersecurity Group, provides the strongest level of boottime authentication/trust on Intel® chipsets, while being more flexible in terms of target Linux distributions and BIOS variants.

Titanium Secure Boot starts much the same way that other boot technologies (such as UEFI Secure Boot) do — verifying BIOS firmware; however, the target system is instructed to store measurements of these firmware level components in an off-CPU TPM. Once the bootloader launches the Titanium Secure Boot module, a signed Intel code module is measured by Titanium Secure Boot and then loaded into the boot process to measure Titanium Secure Boot and clear the CPU state. Titanium Secure Boot then regains control and authenticates the rest of the boot components and the boot-time command-line arguments.

Because Titanium Secure Boot measures the initramfs and command line parameters an attacker cannot subvert or interpose late-load security components by modifying early boot components within the initramfs or disable important security features (such as intel_iommu=on). With Titanium Secure Boot, measurements (stored in the TPM Platform Configuration Registers or PCRs) are combined to unlock non-extractable key material in the TPM. The unlock attempt succeeds only if the sequence of measurements exactly match a prior trusted state’s measurements.

Leveraging a TPM to supplement its attestation, removing the sole verification burden from boot-time software that must trust itself, Titanium Secure Boot verifies the authenticity of boot-time components through a measured boot sequence.

Wind River Titanium Security Suite - Titanium Secure Hypervisor Datasheet
Wind River Titanium Security Suite - Titanium Secure Hypervisor Datasheet

Titanium Secure Hypervisor enables system engineers to leverage virtualization to enhance the integrity and...

Next Video
10 Properties of Secure Embedded Systems
10 Properties of Secure Embedded Systems

Learn the latest threats to your embedded systems and how to protect against them — even when attackers hav...

Secure at Rest.

Protected During Boot.

Hardened at Runtime.

Request an Eval