Supply Chain Assessment

Question 1

A legal principle identifying a subject has used best practice or reasonable
care when setting up, configuring, and maintaining a system

Answer 1

Due Dilligence

Question 2

A microprocessor manufacturing utility that is part of a validated supply
chain (one where hardware and software does not deviate from its
documented function)

Answer 2

Trusted Foundry

Question 3

The process of ensuring that hardware is procured tamper-free from
trustworthy suppliers

Answer 3

Hardware Source Authenticity

Question 4

A cryptographic module embedded within a computer system that can
endorse trusted execution and attest to boot settings and metrics

Answer 4

Hardware Root of Trust(ROT)

Question 5

A specification for hardware-based storage of digital certificates, keys,
hashed passwords, and other user and platform identification
information

Answer 5

Trusted Platform Module(TPM)

Question 6

An appliance for generating and storing cryptographic keys that is less
susceptible to tampering and insider threats than software-based storage

Answer 6

Hardware Security Module(HSM)

Question 7

Methods that make it difficult for an attacker to alter the authorized
execution of software

Answer 7

Anti-Tamper

Question 8

A firmware exploit gives an attacker an opportunity to run any code at the
highest level of CPU privilege

Answer 8

Trusted Firmware

Question 9

A type of system firmware providing support for 64-bit CPU
operation at boot, full GUI and mouse operation at boot, and
better boot security

Answer 9

Unified Extensible Firmware Interface(UEFI)

Question 10

A UEFI feature that prevents unwanted processes from executing
during the boot operation

Answer 10

Secure Boot

Question 11

A UEFI feature that gathers secure metrics to validate the boot
process in an attestation report

Answer 11

Measured Boot

Question 12

A claim that the data presented in the report is valid by digitally
signing it using the TPM’s private key

Answer 12

Attestation

Question 13

A means for software or firmware to permanently alter the state
of a transistor on a computer chip

Answer 13

eFuse

Question 14

A firmware update that is digitally signed by the vendor and
trusted by the system before installation

Answer 14

Trusted Firmware Updates

Question 15

A disk drive where the controller can automatically encrypt data
that is written to it

Answer 15

Self-Encrypting Drives

Question 16

A mechanism for ensuring the confidentiality, integrity, and availability of
software code and data as it is executed in volatile memory

Answer 16

Secure Processing

Question 17

§ Low-level CPU changes and instructions that enable secure processing

Answer 17

Processor Security Extensions

Question 18

The CPU’s security extensions invoke a TPM and secure boot attestation
to ensure that a trusted operating system is running

Answer 18

Trusted Execution

Question 19

The extensions allow a trusted process to create an encrypted container
for sensitive data

Answer 19

Secure Enclave

Question 20

Certain operations that should only be performed once or not at all, such
as initializing a memory location

Answer 20

Atomic Execution

Question 21

§ Data is encrypted by an application prior to being placed on the data bus

Answer 21

Bus Encryption