TPM
Trusted Platform Module
Physical chip installed on a motherboard that acts as a hardware root of trust
Manages cryptographic keys and ensures secure system boot
vTPMs
Virtual TPM
Managed via platforms like VMWare or Microsoft Hyper-V
Allow virtual instances to maintain individual security postures
HSM
Hardware Security Module
Dedicated hardware root of trust managing cryptographic keys and performing cryptographic operations across machines in an enterprise
Centralized, secure key management
Secure Boot
Ensures that each component loaded during the boot process has a valid digital signature
Measured Boot
Records cryptographic hashes of each component loaded during the boot process into a TPM to create a verifiable log of the boot sequence
Does not block software, but provides visibility into what has loaded
UEFI
Extensible Firmware Interface
Modern type of system firmware that offers advanced features such as a graphical user interface, mouse support during boot, and improved security compare to BIOS
Secure Boot’s three key verifications
1) UEFI/OS Loader integrity
2) Windows boot component integrity
3) Boot-critical driver integrity
-
Governance28
-
Risk Management19
-
Compliance33
-
Resilient System Design45
-
Secure Architecture Design16
-
Security in Systems38
-
Access, Authentication, Authorization5
-
Hardware Security7
-
PKI Architecture39
-
Troubleshooting IAM15
-
Troubleshooting Network Infrastructure26
-
Cloud Security31
-
Specialized System Security9
-
Automated Security Operations7
-
Integrated Security and Automation16
-
Artificial Intelligence17
-
Vulnerabilities and Attacks26
-
Detection and Mitigation7
-
Threat Modeling Considerations5
-
Threat Modeling Frameworks15
-
Attack Surface Determination11
-
Indication Analysis19
-
REVIEW217
-
Cryptographic Types13
-
802.1x and Authentication Protocols9
