Anchoring Trust: A Hardware Secure Boot Story
The text discusses the increasing vulnerabilities of firmware and hardware, particularly in the server industry. It highlights how secure boot technologies like Microsoft keys have been used to combat firmware-level attacks but questions their effectiveness in protecting the entire boot process. The article then delves into the boot process and explains how Cloudflare uses AMD's Platform Secure Boot (PSB) as a Hardware Root of Trust for its Gen X servers, ensuring the integrity and authenticity of System ROM image before execution. It also covers the build process, enabling PSB in the field, testing, and naming convention for signed images. The conclusion emphasizes the importance of hardware root of trust for code signing critical boot entities to ensure server hardware and software integrity through cryptographic means.
Company
Cloudflare
Date published
Nov. 17, 2020
Author(s)
Derek Chamorro, Ryan Chow
Word count
2388
Language
English
Hacker News points
4