Revision as of 07:22, 17 February 2023 by Registered User (Escoda Michael moved page Introduction to Secure boot and firmware update to Security:Introduction to Secure boot and firmware update)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.1. What is the Secure boot and firmware update
- Secure boot and firmware update, allows to ensure only authorized software can be executed on the device.
- It uses cryptography to verify the next stage code and any metadata.
- Execution of the next stage proceeds only if any validation checks on the verified metadata pass. This include version comparison, boot conditions, …
- The secure boot
- Consider reset of the platform through an immutable code.
- Immutability can be guarantied thanks to ROMCode technology, or any mechanisms that allows to make code immutable.
- This immutable code must be small, simple and verifiable. This minimize the risk of a vulnerability that cannot be corrected. The complex steps are handled by the next stage.
- Consider reset of the platform through an immutable code.
- Secure Firmware update:
- Allows to ensure the secure update of the stage following the Immutable code.
- Could be implemented following different strategies. But in all cases must take care of version control.