Questions tagged [secure-boot]
The secure-boot tag has no summary.
60 questions
1vote
0answers
98views
U-Boot hardening - how manage U-Boot Environment Variables
I'm running on a Linux Embedded product and U-Boot Bootloader. I enabled the Secure Boot Chain of Trust, from ROM to Kernel + DM-verity and DM-Crypt partition protection. Now I'm worried about the U-...
- 11
1vote
0answers
78views
Are there any known BIOS that clear a TPM on disabling secure boot?
I noticed that when the secure boot options is disabled on a Bitlocker enabled Windows laptop with TPM, in order to boot into a forensic live OS like Kali in Forensic Mode or Parrot OS that the TPM is ...
- 7,657
4votes
2answers
258views
Do I need to verify a .ISO before flashing, if my laptop has secure boot?
My Dell XPS 9310 has secure boot enabled and the BIOS is up to date and there are no manual keys added there. Can I download a ubuntu .ISO from anywhere and flash into any computer without worrying ...
- 317
1vote
1answer
134views
Does Bitlocker provide a degree of protection from PKFail?
I have searched online, but have not been able to find anything about this. I understand the PKFail can compromise the boot process by allowing a signed key to sign malware to insert into the UEFI, ...
- 713
0votes
1answer
94views
Is the ability to use Machine Owner Keys effectively a bypass of SecureBoot security?
SecureBoot uses a PKI path to verify particular signed bootloader binaries before it runs these binaries. This PKI, as far as I understand, is basically owned by Microsoft, meaning that only Microsoft ...
1vote
0answers
51views
Is PUF Challenge-Response Authentication applied on every power-up event? [closed]
Are PUFs used, EVERY time we power on the computer to verify that nothing has been tampered with (by using CRP authentication)? Which element performs this authentication? (bios, secureboot, I don't ...
- 325
0votes
0answers
116views
The Boot Process - Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption
Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I've done some digging, and have been unable to find a good resource ...
-1votes
2answers
266views
Laptop Repair vs. Evil Maid
Suppose you need a laptop repair, so you bring it to A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks) A small chain of repair shops a small independent ...
1vote
1answer
452views
Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it's undetected
In my laptop I've set up a bios password when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I've set ...
- 137
1vote
1answer
253views
How do nonce hashes prevent replay attacks on Apple Silicon?
Apple Silicon-based Macs have a LocalPolicy file that controls the secure boot process. To prevent replay attacks of the LocalPolicy, hashes of nonces are used. From here: The lpnh is used for anti-...
- 277
0votes
2answers
259views
Secure Boot: Can Firmware verify every component?
As far as I've seen, the Secure Boot process is described like so: A firmware stored in read-only memory and therefore considered secure starts. It verifies the next software component (e.g. a ...
2votes
1answer
744views
In a secure boot bootloader chain, does a bootloader image contain the RootCA certificate of the next bootloader?
This is coming from Qualcomm's Secure Boot explanation. https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets/documents/secure-boot-image-authentication_11.30.16.pdf Within it, it explains that ...
2votes
1answer
3kviews
What does Secure Boot protect against?
As far as I understand, Secure Boot protects system from running code not signed by a specific vendor(s) during early boot stages. In order to attempt an attack on the bootloader in the first place, ...
- 123
0votes
0answers
385views
Why is Secure Boot in an ECU required when there is Secure Flashing capabilities?
it seems state of the art that the autmotive electronical Control units (ECUs) contain security features as Secure Flashing and Secure Boot. For secure flashing, each new software to be programmed is ...
0votes
1answer
186views
Successful UEFI secure boot exploitation
Are there any real examples (malware, rootkits, etc.) of exploiting the UEFI secure boot mechanism vulnerabilities such as CVE-2022-21894?
- 3,521
