Update Full Verified Boot
parent
9d154c532c
commit
2ca356ec24
@ -1,11 +1,15 @@
|
||||
# What is Full Verified Boot?
|
||||
|
||||
## Overview
|
||||
|
||||
Full verified boot is a means by which all the resources involved in system bring-up are known to be valid, working, and secure. This works by performing cryptographic signatures at each step of the boot process to verify the next step's resources. A typical chain of trust will look like this:
|
||||
|
||||
- Security processor verifies system firmware
|
||||
- System firmware verifies bootloader and kernel images
|
||||
- Kernel verifies system partition hash
|
||||
|
||||
## HalogenOS's implementation
|
||||
|
||||
In HalogenOS, the root partition containing volatile data is encrypted, and the encryption key is released automatically by the TPM (Trusted Platform Module) when it verifies that the system firmware, bootloader, and kernel are all correct. Additionally, user data is encrypted separately per-user, so it is impossible to modify any data on the root partition without knowing the user's password or sniffing the TPM for the encryption key.
|
||||
|
||||
So what does the chain look like for HalogenOS?
|
||||
|
||||
Loading…
Reference in New Issue
Block a user