Bootloader Security Resources
This page has security information about bootloader, which is of interest to CE Linux Forum members.
There are two methods of booting
- Trusted/Authenticated Boot: just reporting
- Secure Boot: boot can be halted
Trusted Computing Group (TCG)
TCG is a hardware-based security solution not only for the PC platform, but also applicable for embedded devices. To understand the TCG, TCG Specification Architecture Overview is a good document.
Using the Trusted Platform Module(TPM) security chip and write-protected boot-code, we will be able to implement the Trusted Boot efficiently. Unfortunately, Many existing TPMs are designed for PC Platform, it requires LPC bus. Thus you have to use glue logic to use such TPM with your system. But, Atmel(R) has been released TPM chip, AT97SC3201S which has I2C/SMBus interface.
Open Source Projects/Mailing Lists
- RedBoot is a complete bootstrap environment for embedded systems. Based on the eCos. Following security enhancement was based on the RedBoot.
- High Robustness Bootloader for x86 Platform provide the capability of having signed program binary images.
Project site: u-boot
GRUB is a bootloader for PC Platform. There are two patches to enable the TCG's Trusted Boot.
(In this case, the BIOS must support TCG Trusted Boot)
GRUB provides a password feature, only administrator can start the interactive operations.
EtherBoot is a software package for creating ROM images that can download code over an Ethernet network to be executed on an x86 computer. "SafeBootMode means any NBI image that's downloaded is checked whether it contains a valid digital signature and if not, the user is notified."
- W. A. Arbaugh , D. J. Farber , J. M. Smith, A secure and reliable bootstrap architecture, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.65, May 04-07, 1997
- Security Enhanced Bootloader for Operating Systems
- Technical Overview of Windows Vista - Secure Startup