Hardware Assurance Best Practices

Question 1

Secure working in an unsecure environment involves mitigating the risks of the supply
chain

Answer 1

Supply Chain Assessment

Question 2

A legal principle that a subject has used best practice or reasonable care when
setting up, configuring, and maintaining a system

Answer 2

Due Diligence

Question 3

A microprocessor manufacturing utility that is part of a validated supply chain
(one where hardware and software does not deviate from its documented
function)

Answer 3

Trusted Foundry

Question 4

The process of ensuring that hardware is procured tamper-free from trustworthy
suppliers

Answer 4

Hardware Source Authenticity

Question 5

A cryptographic module embedded within a computer system that can endorse
trusted execution and attest to boot settings and metrics

Answer 5

Hardware Root of Trust (ROT)

Question 6

A specification for hardware-based storage of digital certificates, keys, hashed
passwords, and other user and platform identification information

Answer 6

Trusted Platform Module (TPM)

Question 7

An appliance for generating and storing cryptographic keys that is less susceptible
to tampering and insider threats than software-based storage

Answer 7

Hardware Security Module (HSM)

Question 8

Methods that make it difficult for an attacker to alter the authorized execution of
software

Answer 8

Anti-Tamper

Question 9

A firmware exploit gives an attacker an opportunity to run any code at the highest level of CPU privilege

Answer 9

Trusted Firmware

Question 10

A type of system firmware providing support for 64-bit CPU operation at boot, full
GUI and mouse operation at boot, and better boot security

Answer 10

Unified Extensible Firmware Interface (UEFI)

Question 11

A UEFI feature that prevents unwanted processes from executing during the boot
operation

Answer 11

Secure Boot

Question 12

A UEFI feature that gathers secure metrics to validate the boot process in an
attestation report

Answer 12

Measured Boot

Question 13

A claim that the data presented in the report is valid by digitally signing it using
the TPM’s private key

Answer 13

Attestation

Question 14

A firmware update that is digitally signed by the vendor and trusted by the system
before installation

Answer 14

Trusted Firmware Updates

Question 15

A disk drive where the controller can automatically encrypt data that is written to
it

Answer 15

Self-Encrypting Drives

Question 16

A mechanism for ensuring the confidentiality, integrity, and availability of
software code and data as it is executed in volatile memory

Answer 16

Secure Processing

Question 17

Low-level CPU changes and instructions that enable secure processing
▪ AMD
● Secure Memory Encryption (SME)
● Secure Encrypted Virtualization (SEV)
▪ Intel
● Trusted Execution Technology (TXT)
● Software Guard Extensions (SGX)

Answer 17

Processor Security Extensions

Question 18

The CPU’s security extensions invoke a TPM and secure boot attestation to ensure
that a trusted operating system is running

Answer 18

Trusted Execution

Question 19

The extensions allow a trusted process to create an encrypted container for
sensitive data

Answer 19

Secure Enclave

Question 20

Certain operations that should only be performed once or not at all, such as
initializing a memory location

Answer 20

Atomic Execution

Question 21

Data is encrypted by an application prior to being placed on the data bus

Answer 21

Bus Encryption