All Questions
Tagged with secure-boottpm
14 questions
1vote
0answers
51views
Is PUF Challenge-Response Authentication applied on every power-up event? [closed]
Are PUFs used, EVERY time we power on the computer to verify that nothing has been tampered with (by using CRP authentication)? Which element performs this authentication? (bios, secureboot, I don't ...
- 325
1vote
1answer
452views
Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it's undetected
In my laptop I've set up a bios password when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I've set ...
- 137
0votes
1answer
1kviews
fTPM more secure than TPM when using Bitlocker?
Is fTPM more secure than a real TPM module when using Bitlocker? As far as I know, you should enable pre-boot authentication if you use a TPM module that is plugged separately onto the motherboard to ...
- 101
1vote
1answer
217views
Is it possible to allow only a certain secure USB boot media to boot an UEFI system?
I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key. Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets ...
- 1,443
1vote
2answers
1kviews
TPM Endorsement Key usage in secure and trusted boot
Taking into account a Root of Trust in a device using a TPM. My understanding is that the bootloader, firmware, operating system, applications etc. are all verified on startup by validating signatures ...
- 297
3votes
1answer
773views
Secure boot after an OTA update confusion
My understanding is that secure boot works by verifying each stage in the boot process before proceeding. So first, UEFI or booting firmware will validate the signature of the bootloader, then kernel, ...
- 297
1vote
4answers
2kviews
Can TPM2 disk encryption protect data after full server theft?
I read about TPM2 with PCR locking full-disk encryption from different sources. For example [1]. What I can't understand is how much does this protect from full server theft. If we assume that TPM2 ...
- 654
0votes
0answers
1kviews
Can an OS implement Trusted Boot without TPM given Secure Boot?
Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI ...
- 157
0votes
1answer
981views
Can I store an openssl generated public key on a TPM (2.0) device?
I've got an Infineon SLB9670 TPM module connected to a BeagleBone Board. I would like to carry out RSA signature verification on the board by using the TPM as a key store (storing the public key). W.r....
2votes
2answers
1kviews
Secure boot for devices which don't have hardware security element
I understand that Root of Trust is necessary for implementing a secure boot on a device. Root of Trust is strong and trust worthy if this comes from hardware security elements like HSM/TPM/.. So for ...
1vote
0answers
253views
Does (UEFI) secure boot provide security advantages over TPM measured boot?
Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM. As i read into each, it appears to me that the TPM measurements to each stage would provide ...
- 11
0votes
1answer
2kviews
What kind of "actions" can a TPM2 policy authorize?
I've been instructed to use the state of our system's TPM's PCR registers to prevent the system we're working on from booting if one of the PCR registers is different from what we expect. In service ...
1vote
2answers
332views
How do we know that input to TPMs actually comes from the measured code?
Suppose we're using secure boot and remote attestation to prove to a server what client software is talking to it. What stops an attacker from doing this: Start a legitimate copy of the client ...
- 192
8votes
2answers
2kviews
Is it possible to make a laptop useless to thieves?
I was robbed... That included my Linux notebook and my company's notebook. Both are encrypted. Mine is encrypted with LVM over LUKS, using a passphrase to unlock the hard drive once the kernel has ...
- 193
