Chapter 7- Supply Chain Management

Question 1

A legal principal identifying a subject has used best practice or responsible care when setting up, configuring, and maintaining a system

Answer 1

Due Diligence

Question 2

A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function.

Answer 2

Trusted Foundry

Question 3

The process of ensuring that hardware is produced tamper-free from trustworthy suppliers

Answer 3

Hardware Source Authenticity

Question 4

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

Answer 4

Hardware Rood of Trust (ROT)

Question 5

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.

Answer 5

Trusted Platform Module (TPM)

Question 6

An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage.

Answer 6

Hardware Security Module (HSM)

Question 7

Methods that make it difficult for an attacker to alter the authorized execution of software.

Answer 7

Anti-Tamper

Question 8

FPGA

Answer 8

Field Programmable Gate Array

Question 9

PUF

Answer 9

Physically Unclonable Function

Question 10

Gives an attacker an opportunity to run any code at the highest level of CPU privilege.

Answer 10

Firmware Exploit

Question 11

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, full GUI and mouse operation at boot, and better boot security.

Answer 11

Unified Extensible Firmware Interface (UEFI)

Question 12

A UEFI feature that prevents unwanted processes from executing during the boot operation.

Answer 12

Secure Boot

Question 13

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Answer 13

Measured Boot

Question 14

A claim that the data presented in the report is valid by digitally signing it using the TPM”s private key.

Answer 14

Attestation

Question 15

A means for software of firmware to permanently alter the state of a transistor on a computer chip.

Answer 15

eFUSE

Question 16

A firmware update that is digitally signed by the vendor and trusted by the system before installation.

Answer 16

Trusted Firmware Updates

Question 17

A disk drive where the controller can automatically encrypt data that is written to it.

Answer 17

Self-Encrypting Drives

Question 18

A mechanism for ensuring the confidentiality integrity, and availability of software code and data as it is executed in volatile memory.

Answer 18

Secure Processing

Question 19

Low-level CPU changes and instructions that enable secure processing.

Answer 19

Processor Security Extensions

Question 20

Secure Memory Encryption (SME)

Secure Encrypted Virtualization (SEV)

Answer 20

AMD Processor

Question 21

Trusted Execution Technology (TXT)

Software Guard Extensions (SGX)

Answer 21

Intel Processors

Question 22

The CPU”S security extensions invoke a TPM and secure boot attestation to ensure that a trusted operating system is running.

Answer 22

Trusted Execution

Question 23

The extensions allow a trusted process to create an encrypted container for sensitive data.

Answer 23

Secure Enclave

Question 24

Certain operations that should only be performed once or not at all, such as initializing a memory location.

Answer 24

Atomic Execution

Question 25

Data is encrypted by an application prior to being placed on the data bus.

Answer 25

Bus Encryption