130
edits
RidgeRun Platform Security Manual/Platform Security/Secure Boot: Difference between revisions
RidgeRun Platform Security Manual/Platform Security/Secure Boot (view source)
Revision as of 19:51, 6 March 2025
, 6 March→UEFI Secure Boot
| Line 63: | Line 63: | ||
* BOOTAA64.efi: Typically used as part of the boot process when the device is trying to boot from removable media like a USB drive or an SD Card | * BOOTAA64.efi: Typically used as part of the boot process when the device is trying to boot from removable media like a USB drive or an SD Card | ||
These are the codes that are authenticated after they are loaded and before its execution. They have to be correctly signed to be executed. Like the general Secure Boot process, the keys have to be kept securely stored. And unlike the general Secure Boot process, the UEFI secure boot authentication is effective unless there is a physical access to the SoC to reflash it with the UEFI secure boot process disabled. The two boot code authentication ways could be a good combination, rather than two independent ways to secure the SoC. | These are the codes that are authenticated after they are loaded and before its execution. They have to be correctly signed to be executed. Like the general Secure Boot process, the keys have to be kept securely stored. And unlike the general Secure Boot process, the UEFI secure boot authentication is effective unless there is a physical access to the SoC to reflash it with the UEFI secure boot process disabled. The two boot code authentication ways could be a good combination, rather than two independent ways to secure the SoC as mentioned before. | ||
<br> | <br> | ||