Difference between revisions of "Bootloader Security Resources"

From eLinux.org
Jump to: navigation, search
(Legacy Content Conversion)
 
(Other Resources: fix category)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This page has security information about bootloader, which is of interest to CE Linux Forum members.
+
== Overview ==
 +
This page has security information about bootloaders.
  
 
== Technology/Project pages ==
 
== Technology/Project pages ==
Line 26: Line 27:
 
Project site: [http://sourceforge.net/projects/u-boot/ u-boot]
 
Project site: [http://sourceforge.net/projects/u-boot/ u-boot]
  
== GRUB ==
+
=== GRUB ===
 
[http://www.gnu.org/software/grub/ GRUB] is a bootloader for PC Platform. There are two patches to enable the TCG's Trusted Boot.
 
[http://www.gnu.org/software/grub/ GRUB] is a bootloader for PC Platform. There are two patches to enable the TCG's Trusted Boot.
  
Line 46: Line 47:
  
 
[[Category:Security]]
 
[[Category:Security]]
[[Category:Bootloader Security Resources]]
+
[[Category:Bootloader]]

Latest revision as of 21:12, 3 December 2009

Overview

This page has security information about bootloaders.

Technology/Project pages

Security Enhancements

There are two methods of booting

  • Trusted/Authenticated Boot: just reporting
  • Secure Boot: boot can be halted

Trusted Computing Group (TCG)

TCG is a hardware-based security solution not only for the PC platform, but also applicable for embedded devices. To understand the TCG, TCG Specification Architecture Overview is a good document.

Using the Trusted Platform Module(TPM) security chip and write-protected boot-code, we will be able to implement the Trusted Boot efficiently. Unfortunately, Many existing TPMs are designed for PC Platform, it requires LPC bus. Thus you have to use glue logic to use such TPM with your system. But, Atmel(R) has been released TPM chip, AT97SC3201S which has I2C/SMBus interface.

Open Source Projects/Mailing Lists

RedBoot/eCos

U-Boot

Project site: u-boot

GRUB

GRUB is a bootloader for PC Platform. There are two patches to enable the TCG's Trusted Boot.

(In this case, the BIOS must support TCG Trusted Boot)

GRUB provides a password feature, only administrator can start the interactive operations.

EtherBoot

EtherBoot is a software package for creating ROM images that can download code over an Ethernet network to be executed on an x86 computer. "SafeBootMode means any NBI image that's downloaded is checked whether it contains a valid digital signature and if not, the user is notified."

Other Resources