Question

To ensure secure boot, at what exact stage of the device startup sequence does the Secure Element or TPM verify the integrity of the bootloader?

Accepted Answer

The verification occurs during the transition between the Root of Trust and the subsequent boot stages, specifically when the Core Root of Trust for Measurement (CRTM) executes. The CRTM is the initial, immutable piece of code that the processor runs immediately upon power-on. This code is stored in read-only hardware, making it inherently trustworthy. Before the system executes the next piece of code, which is the bootloader, the CRTM calculates a cryptographic hash of the bootloader file. A cryptographic hash is a unique digital fingerprint generated from data; if even one bit of the bootloader code is altered, the hash will change completely. The CRTM or the Secure Element compares this generated hash against a known, pre-signed reference value stored in the hardware. The Secure Element or TPM, which serves as a tamper-resistant hardware vault for cryptographic keys and measurements, validates this digital signature. If the calculated hash matches the reference, the bootloader is considered authentic and the system proceeds to execute it. If the hashes do not match, the verification fails, and the device halts the boot process to prevent the execution of potentially malicious or corrupted software.

Home → All Courses → Engineering and Technology Courses → Internet of Things (IoT) Engineering → Flashcard

To ensure secure boot, at what exact stage of the device startup sequence does the Secure Element or TPM verify the integrity of the bootloader?