What is a root of trust?
A source within a cryptographic system that can always be trusted
What does the bootloader do?
The bootloader verifies the integrity of the boot and/or recovery partition before moving execution to the kernel
What is the problem with hashing the entire kernel in order to verify it?
It can take a long time and can consume a large amount of the device’s power
What is a trusted platform module?
An international standard for a secure cryptoprocessor, that creates and stores keys without them being readable outside of the chip.
What is the main disadvantage of a TPM?
If any problems are found, the only way to fix it is to replace the chip
What is a trusted execution enviroment?
A secure area of a main processor. Data confidentiality prevents unauthorised entities from outside the TEE from reading data, while code integrity prevents code in the TEE from being replaced or modified by unauthorised entities. This allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.
What is a UEFI?
Unified Extensible Firmware Interface
The first thing that runs when a computer runs (replaces the bios).
How does a UEFI enable a secure boot?
Prevents the loading of drivers or bootloaders that have not been signed with an acceptable signature.
What is a secure enclave processor?
A processor that can store sensitive data securely. Runs its own operating system and crypto engine but shares memory with the application processor.
