Search for: All records

When a computing device, such as a server, workstation, laptop, tablet, etc. is shipped from one site to another (for example, from a vendor to a customer or from one branch location of an organization to another) it can potentially be subjected to unauthorized firmware modifications. The industry has sought to partially address this issue by focusing on securing the boot process. Secure boot provides attestation methods by a hardware root-of-trust to confirm the integrity of the device’s BIOS/UEFI firmware. However, once a device boots up, it is relatively easy for a malicious adversary to tamper with the firmware. In this paper, we address this problem by preventing a secure boot unless done by an authorized user. We extend a hardware root of trust (HRoT) processor’s ability to perform secure attestation by implementing a new functionality to securely lock and unlock the BIOS/UEFI or the BMC (Baseboard Management Controller) and implementing an authentication mechanism in the HRoT for determining authorized users. This ensures that the secure boot process won’t commence unless authorized appropriately and provides a robust mechanism for securing the device’s firmware during transit. The proposed PIT-Cerberus framework (PIT = Protection In Transit) leverages strong cryptographic techniques and has been implemented within a trusted microcontroller. We have contributed the PIT-Cerberus framework’s libraries to Project Cerberus, an open-source project that offers a security platform for server hardware.