Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI NVRAM variable. If they differ, the OS halts. This comparison can be inserted into a Linux initramfs, for example. Is such an implementation inferior to a TPM-base implementation? It seems that we don't need TPM after all.
6
-
Secure boot for devices which don't have hardware security elementdefalt– defalt2021-10-17 17:28:25 +00:00Commented Oct 17, 2021 at 17:28
-
The problem with your approach is, the hardware will stay as it is but the user will replace your public key with his own. TPM and eFuse prevent physical modification of data.defalt– defalt2021-10-17 17:35:56 +00:00Commented Oct 17, 2021 at 17:35
-
@defalt (a) Interesting link, but irrelevant. I'm assuming that Secure Boot is already provided. (b) Can you clarify what do you mean by “my” key and user's key and how TPM is relevant? It's possible that the computer has only one user.beroal– beroal2021-10-17 20:36:16 +00:00Commented Oct 17, 2021 at 20:36
-
The values you are comparing against have to be signed by you or the OEM and the public key should be protected by secure boot. If the public key is not protected, the attacker or the user itself can replace that key with his own to take control over chain of trust.defalt– defalt2021-10-17 21:20:16 +00:00Commented Oct 17, 2021 at 21:20
-
@defalt Well, I already stated in the question that Secure Boot is enabled.beroal– beroal2021-10-19 05:50:49 +00:00Commented Oct 19, 2021 at 5:50
|
Show 1 more comment