Title :
Using TPM to improve boot security at BIOS layer
Author :
Lin, Kuan-Jen ; Wang, Chin-Yi
Author_Institution :
Dept. of Electr. Eng., Fu Jen Catholic Univ., Taipei, Taiwan
Abstract :
Boot security is fundamental to system security of PC and PC-based consumer products. Current BIOS exploits TPM to establish a trusted boot. However, it does not mean a secure boot. That is, the TPM does not prohibit booting into an insecure OS or using an insecure boot loader. In this work, we extend TPM BIOS interrupt calls to support (1) performing RAS encryption and decryption and (2) accessing the NVRAM. Furthermore, the following techniques were implemented in BIOS to improve boot security: (1) enhancing the security of the encrypted BIOS password using TPM RSA engine instead of conventional encryption techniques, (2) storing the encrypted password to TPM NVRAM such that an attacker can not clear it by removing the battery, (3) always authenticating BIOS password before passing control to OS boot-loader and (4) using TPM SHA-1 engine to verify data integrity of the full MBR and determine if the booting continues.
Keywords :
computer bootstrapping; cryptography; data integrity; firmware; message authentication; random-access storage; trusted computing; BIOS layer; BIOS password authentication; MBR; OS boot-loader; PC-based consumer products; RAS decryption; RAS encryption; TPM BIOS interrupt calls; TPM NVRAM; TPM RSA engine; TPM SHA-1 engine; boot security; data integrity verification; encrypted BIOS password security enhancement; insecure boot loader; system security; trusted boot establishment; trusted computing group; Authentication; Booting; Encryption; Nonvolatile memory; Random access memory; BIOS; System security; TPM; secure boot; trusted computing;
Conference_Titel :
Consumer Electronics (ICCE), 2012 IEEE International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4577-0230-3
DOI :
10.1109/ICCE.2012.6161909
