Hardware Assurance Best Practices Flashcards
Secure working in an unsecure environment involves mitigating the risks of the supply
chain
Supply Chain Assessment
A legal principle that a subject has used best practice or reasonable care when
setting up, configuring, and maintaining a system
Due Diligence
A microprocessor manufacturing utility that is part of a validated supply chain
(one where hardware and software does not deviate from its documented
function)
Trusted Foundry
The process of ensuring that hardware is procured tamper-free from trustworthy
suppliers
Hardware Source Authenticity
A cryptographic module embedded within a computer system that can endorse
trusted execution and attest to boot settings and metrics
Hardware Root of Trust (ROT)
A specification for hardware-based storage of digital certificates, keys, hashed
passwords, and other user and platform identification information
Trusted Platform Module (TPM)
An appliance for generating and storing cryptographic keys that is less susceptible
to tampering and insider threats than software-based storage
Hardware Security Module (HSM)
Methods that make it difficult for an attacker to alter the authorized execution of
software
Anti-Tamper
A firmware exploit gives an attacker an opportunity to run any code at the highest level of CPU privilege
Trusted Firmware
A type of system firmware providing support for 64-bit CPU operation at boot, full
GUI and mouse operation at boot, and better boot security
Unified Extensible Firmware Interface (UEFI)
A UEFI feature that prevents unwanted processes from executing during the boot
operation
Secure Boot
A UEFI feature that gathers secure metrics to validate the boot process in an
attestation report
Measured Boot
A claim that the data presented in the report is valid by digitally signing it using
the TPM’s private key
Attestation
A firmware update that is digitally signed by the vendor and trusted by the system
before installation
Trusted Firmware Updates
A disk drive where the controller can automatically encrypt data that is written to
it
Self-Encrypting Drives