/plushcap/analysis/cloudflare/anchoring-trust-a-hardware-secure-boot-story

Anchoring Trust: A Hardware Secure Boot Story

What's this blog post about?

The text discusses the increasing vulnerabilities of firmware and hardware, particularly in the server industry. It highlights how secure boot technologies like Microsoft keys have been used to combat firmware-level attacks but questions their effectiveness in protecting the entire boot process. The article then delves into the boot process and explains how Cloudflare uses AMD's Platform Secure Boot (PSB) as a Hardware Root of Trust for its Gen X servers, ensuring the integrity and authenticity of System ROM image before execution. It also covers the build process, enabling PSB in the field, testing, and naming convention for signed images. The conclusion emphasizes the importance of hardware root of trust for code signing critical boot entities to ensure server hardware and software integrity through cryptographic means.

Company
Cloudflare

Date published
Nov. 17, 2020

Author(s)
Derek Chamorro, Ryan Chow

Word count
2388

Language
English

Hacker News points
4


By Matt Makai. 2021-2024.