Revision as of 09:16, 8 March 2023 by Registered User (→What is the Secure boot and firmware update)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.1. What is the Secure boot and firmware update
- Secure boot and secure firmware update, allows to ensure only authorized software can be executed on the device.
- It is the Root Of Trust that's checks and activates the security mechanisms, verifies the authenticity and integrity of the code executed in the platform.
- It uses cryptography to verify the next stage code and any metadata, and to manage the updates.
- Execution of the next stage proceeds only if any validation checks on the verified metadata pass. This include version comparison, boot conditions, …
- Update of the next stage rely on cryptography to decrypt and authenticate the received image. The installation is done following different strategies which depends on the HW capacities.
- The secure boot
- Consider reset of the platform through an immutable code.
- Immutability can be guarantied thanks to ROMCode technology, or any mechanisms that allows to make code immutable.
- Consider reset of the platform through an immutable code.
- This immutable code must be small, simple and verifiable. This minimize the risk of a vulnerability that cannot be corrected. The complex steps are handled by the next stage.
- Secure Firmware update:
- Allows to ensure the secure update of the stage following the Immutable code.
- Could be implemented following different strategies. But in all cases must take care of version control.
2. References