Chapter 6

SECURE BOOTSTRAP LOADING

THE NEED FOR SECURE BOOTSTRAP LOADING

Over the years, attacks on computing systems, intent on gaining access to personal or other valuable information, have included a variety of viruses and Trojan-horse applications that attack the operating system during the bootstrap process. As the use of the Internet and email has exploded in recent years, the ease with which such attacks can be propagated has increased dramatically. These attacks, coupled with various others described elsewhere in this book, have resulted in the loss of untold billions of dollars of valuable information and have caused great personal distress for individuals whose identity has been stolen. Protection against bootstrap-loading attacks, in which the bootstrap process is replaced with a compromised bootstrap that loads an infected operating system, is an essential part of the solution. The bootstrap process was introduced in Chapter 4.

In order to alleviate the demand on the CPU, many devices have built-in processors that operate autonomously—disk controllers, coprocessors, network cards, and more. Since each of these devices contains processing elements that could be replaced by compromised and infected firmware, it is important that the bootstrap process of a computer not only include the verification of the main host CPU elements but also any and all firmware-driven devices that are attached to the computer at boot-up time.

IMPLEMENTATION

Security, authenticity, and trust ...