298
edits
RidgeRun Platform Security Manual/Platform Security/TPM: Difference between revisions
RidgeRun Platform Security Manual/Platform Security/TPM (view source)
Revision as of 01:25, 21 February 2025
, 21 Februaryno edit summary
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
* Help ensure platform integrity by taking and storing security measurements of the boot process. | * Help ensure platform integrity by taking and storing security measurements of the boot process. | ||
During the boot process, the boot code can be measured to ensure the integrity of the system, which can be done by using the TPM key. In this case, "measuring" refers to the current object being analyzed in the chain of trust, computing the hash of the next object in the chain and stores it. These hashes can be retrieved later to know exactly which objects were loaded, this technique is known as '''Measured Boot'''. It is important to know that measured boot does not stop a system from booting in the same way that secure boot does. | During the boot process, the boot code can be measured to ensure the integrity of the system, which can be done by using the TPM key. In this case, "measuring" refers to the current object being analyzed in the chain of trust, computing the hash of the next object in the chain and stores it. These hashes can be retrieved later to know exactly which objects were loaded, this technique is known as '''Measured Boot'''. It is important to know that measured boot does not stop a system from booting in the same way that secure boot does. The measured hashes are stores in the TPM to ensure that they would not be modified and the information will be correct if they need to be retrieved later. | ||
[[File:Measure boot process.png|650px|thumb|center|Fig 1. Measured Boot process. Extracted from [https://learn.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation link]]] | |||
<noinclude> | <noinclude> | ||