Bootloader Security Resources

From eLinux.org
Revision as of 07:56, 14 December 2006 by Wmat (talk | contribs) (Legacy Content Conversion)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page has security information about bootloader, which is of interest to CE Linux Forum members.

Technology/Project pages

Security Enhancements

There are two methods of booting

  • Trusted/Authenticated Boot: just reporting
  • Secure Boot: boot can be halted

Trusted Computing Group (TCG)

TCG is a hardware-based security solution not only for the PC platform, but also applicable for embedded devices. To understand the TCG, TCG Specification Architecture Overview is a good document.

Using the Trusted Platform Module(TPM) security chip and write-protected boot-code, we will be able to implement the Trusted Boot efficiently. Unfortunately, Many existing TPMs are designed for PC Platform, it requires LPC bus. Thus you have to use glue logic to use such TPM with your system. But, Atmel(R) has been released TPM chip, AT97SC3201S which has I2C/SMBus interface.

Open Source Projects/Mailing Lists

RedBoot/eCos

U-Boot

Project site: u-boot

GRUB

GRUB is a bootloader for PC Platform. There are two patches to enable the TCG's Trusted Boot.

(In this case, the BIOS must support TCG Trusted Boot)

GRUB provides a password feature, only administrator can start the interactive operations.

EtherBoot

EtherBoot is a software package for creating ROM images that can download code over an Ethernet network to be executed on an x86 computer. "SafeBootMode means any NBI image that's downloaded is checked whether it contains a valid digital signature and if not, the user is notified."

Other Resources