Scribd
Upload
7 views

TPM-and-Secure-Boot

Platform Security

Uploaded by

jeremiahandrei129
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

TPM-and-Secure-Boot

Platform Security

Uploaded by

jeremiahandrei129
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

TPM AND SECURE

BOOT 01
TRUSTED PLATFORM MODULE
(TMP)
A Trusted Platform Module (TPM)
is a security chip in modern
computers. It is designed to
securely store and manage
cryptographic keys and other
sensitive data. Think of it as a
small, specialized computer within
your computer that is specifically
focused on security. 02
03
CONCEPTS OF TPM
The Trusted Platform Module
(TPM) is based on several core
concepts that support its
ability to provide secure
cryptographic functions and
maintain system integrity.
These concepts are centered
around trust, secure storage,
and cryptographic functions.
04
CONCEPTS OF TPM
• Root of Trust: Ensure the system has
strong foundational security.
• Attestation: Showing that the system is
honest to people outside.
• Key Management: Secure generation,
storage, and use of cryptographic keys.
• Sealed Storage: Data can only be
accessed when the system is trusted.
• Measured Boot: System state data is
recorded and can be verified.
• Binding and Sealing: Secure and encrypt
data connected to a specific system and
05

location.
PURPOSE OF TPM
The Trusted Platform Module
(TPM) serves several
important purposes in
enhancing system security,
protecting sensitive
information, and ensuring
the integrity of platforms.
06
PURPOSE OF TPM
• System Integrity: Checks that the boot
and system components have not been
changed.
• Data Protection: Secure sensitive data by
using encryption and sealed storage.
• Authentication: Enables secure
authentication for users and devices using
hardware-based technology.
• Attestation: Provides evidence of the
system's reliability to external parties.
• Secure Key Management: Protects
cryptographic keys and digital certificates. 07

• Anti-Tampering: Resistant to physical and


software-based attacks.
ROLE OF TPM IN HARDWARE-BASED SECURITY
The Trusted Platform
Module (TPM) is like a
security guard for
computers. It uses special
hardware to keep important
information safe and make
sure the computer works
correctly. 08
ROLE OF TPM IN HARDWARE-BASED SECURITY
• Root of Trust: Establishing a secure
system begins with building a strong
foundation at the hardware level. This
helps to create trust in the system.
• Cryptographic Operations: Safely
create, store, and manage cryptographic
keys to keep them safe from
unauthorized access.
• Data Protection: This ensures that no
one can access your protected
information or data without permission.
• System Integrity: Ensures that the
system starts and runs using trusted 09

software, and blocks malware at the


ROLE OF TPM IN HARDWARE-BASED SECURITY
• Tamper Resistance: Detects and
protects against physical and
software tampering attempts.
• Authentication: Improves
authentication processes by securely
managing credentials and keys
• Firmware Protection: Protects the
platform from unauthorized or
harmful firmware updates, ensuring
its integrity.
10
TPM CONTRIBUTES TO THE PROTECTION
OF SYSTEM INTEGRITY
The Trusted Platform Module (TPM)
contributes significantly to the
protection of system integrity by
providing hardware-based mechanisms
that ensure a system's hardware,
firmware, and software have not been
tampered with or altered in an
unauthorized way.
11
TPM CONTRIBUTES TO THE PROTECTION
OF SYSTEM INTEGRITY
• Measured Boot: It records and checks each
step of the boot process to make sure that
the system components are trusted.
• Secure Boot: During the boot process, only
trusted software is loaded to ensure
security.
• Platform Configuration Registers (PCRs):
The system stores measurements of its
state using cryptography to make sure that
any unauthorized changes can be found.
• Remote Attestation: Uses secret codes to 12

prove that the system is secure to others.


TPM CONTRIBUTES TO THE PROTECTION
OF SYSTEM INTEGRITY
• Firmware Integrity: Make sure that only
authorized updates are applied to the
firmware to prevent unauthorized changes.
• Sealed Storage: It ensures that sensitive
data can only be accessed when the system
is known and trusted, thus protecting the
data.
• Rootkit and Bootkit Protection: Prevents
malicious software from hijacking the boot
process or modifying core system
components. 13
TPM FEATURES
AND OPERATIONS 14
FEATURES OF TPM
The Trusted Platform
Module (TPM) is a
hardware security
component. It helps keep
your system safe by
ensuring its integrity,
protecting your data, and
performing cryptographic 15

operations.
FEATURES OF TPM
• Cryptographic Functions: Generate,
store, and encrypt keys securely.
• Platform Configuration Registers
(PCRs): Store system measurements for
integrity checks.
• Sealed and Binding Storage: Protect
important information on the computer
to keep it safe from attackers.
• Measured and Secure Boot: Ensures
trusted boot process and software
integrity.
• Attestation: Demonstrates the integrity
of the system to remote parties. 16
FEATURES OF TPM
• Tamper Resistance: Physically
secure hardware, resistant to attacks.
• Encryption & Digital Signatures:
Supports data protection and
authentication.
• Multi-Factor Authentication:
Enhances authentication systems.
• Key Attestation: Checking where
cryptographic keys come from and
making sure they are safe.
• Privacy Support: Protects user
privacy and ensures security. 17
OPERATIONS OF TPM
The Trusted Platform Module
(TPM) helps make a system more
secure and reliable. It does this
by performing important tasks
like using secret codes for
security, managing keys, checking
that the system is working
properly, and confirming the
identity of users.
18
OPERATIONS OF TPM
• Encryption and Decryption: Perform
secure encryption and decryption of data.
• Digital Signatures: Generate digital
signatures for authentication and
integrity checks.
• Hashing and Integrity Measurement:
Hash data and measure system integrity
by recording component hashes during
the boot process.
• Sealing and Unsealing: Encrypt data so
that it can only be accessed in a trusted
system.
• Binding and Unbinding: Lock up
information on one computer so that no 19

one else can see it on a different


computer.
OPERATIONS OF TPM
• Attestation: Prove the system’s integrity
through cryptographic reports, both
locally and remotely.
• Authentication: Store and manage user
credentials securely for multi-factor
authentication systems.
• Secure Boot Support: Ensure that only
trusted software is loaded during the
system boot process.
• Firmware Protection: Verify the integrity
of firmware to prevent malicious updates.
• Tamper Detection: Detect physical
tampering attempts and take protective 20

actions.
SECURE BOOT
21
WHAT IS SECURE BOOT?
• Secure boot is a security feature found in
modern computers that helps prevent
malicious software from loading during
the boot process. It works by verifying the
integrity of the system's firmware and
operating system components before
allowing them to run.

• Secure boot prevents a sophisticated and


dangerous type of malware—a rootkit—
from loading when you start your device.
22
PURPOSE OF SECURE BOOT
Secure Boot is an important
security feature designed to
prevent malicious software from
loading when your PC starts up
(boots).

23
HOW DOES SECURE BOOT WORK?
When you power on your device,
secure boot checks the digital
signatures of the bootloader and
operating system. If the
signatures are valid and match the
trusted keys stored in the system,
the boot process continues. If not,
secure boot halts the process to
protect against tampering. 24
HOW SECURE BOOT HELPS PROTECT AGAINST
UNAUTHORIZED OR MALICIOUS CODE?
It functions by verifying the digital
signatures of the bootloader and
operating system, allowing only
trusted and signed code to be
executed during startup. This
prevents unauthorized or
malicious software from
compromising the system early in
the boot sequence. 25
Windows
startup process

26
26

You might also like