Trusted Firmware Flashcards
Why do we use trusted firmware?
What is a firmware exploit?
To prevent firmware exploits.
Firmware exploits gives an attacker an opportunity to run any code at the highest level of CPU privilege.
Note: If you have a firmware exploit at the BIOS/UEFI, you can have a rootkit that basically oversees your entire system. Your security tools would not be able to find it.
Unified Extensible Firmware Interface (UEFI)
A type of system firmware that supports 64-bit CPU operations at boot. It has full graphical user interface (GUI) and mouse operations at boot and has better boot security.
Note: Most systems use UEFI and not BIOS anymore. The following flash cards are generally assuming your computer uses UEFI and not BIOS.
Secure Boot
A UEFI feature that prevents unwanted processes from executing during the boot process.
Essentially, as the computer is booting up, it checks for digital signatures on the OS vendors before booting. If the signatures are missing or don’t match, it wont allow it to boot.
Measured Boot
A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. It collects the data, creates the report, then attests to it.
Attestation
A claim that data presented in the report is valid by digitally signing it using the TPM’s private key.
eFUSE
A means for software or firmware to permanently alter the state of a transistor on a computer chip.
Note: The idea of an eFUSE is essentially “one time programming” that’s used to seal cryptographic keys and other security information. If someone tampers with it, the eFUSE blows and the firmware/product becomes no longer valid/trusted.
Trusted Firmware Updates
A firmware update that is digitally signed by the vendor and trusted by the system before installation.
Note: Untrusted firmware can blow your eFUSE’s
Self-Encrypting Drives
A disk drive where the controller can automatically encrypt data that is written to it.
Self encrypting drives have firmware (software on a chip) in order to perform their self-named action. This firmware needs to be trusted in order to trust the integrity of the drive.
Note: The firmware offloads the processing power from the processor onto itself. In this case, for encryption/decryption.