- Understanding UEFI Secure Boot Chain
- Executive Summary
- Overview
- Secure Boot Chain in UEFI
- Additional Secure Boot Chain Implementations
- Looking Forward – Platform Firmware Resiliency
- Glossary
- References
- Figures
- Figure 1-1: Clark-Wilson model, From Lee
- Figure 2-1: UEFI Secure Boot
- Figure 2-2: Image Verification flow
- Figure 2-3: Image Verification with timestamp signature database
- Figure 2-4: Intel® Boot Guard diagram credit CYBER-RESILIENCY IN CHIPSET AND BIOS
- Figure 2-5: Secure Boot Verification Flow
- Figure 2-6: Intel® BIOS Guard
- Figure 3-1: Linux MOK Boot, source: UEFI Secure Boot Webinar
- Figure 3-2: coreboot Verified Boot
- Figure 3-3: Android Verified Boot 1.0 without A/B source: Android Verified Boot 2.0
- Figure 3-4: Android Verified Boot 1.0 with A/B source: Android Verified Boot 2.0
- Figure 3-5: Android Verified Boot 2.0 source: Android Verified Boot 2.0
- Figure 4-1: Component and Trust Chain, from NIST SP800-193
- Figure 4-2: High-level View of PCIe® Component Authentication
- Figure 4-3: Cerberus power on sequence source: “Project Cerberus Hardware Security
- Figure 4-4: Cerberus boot flow source: “Project Cerberus Hardware Security"
- Figure 4-5: Cerberus recovery flow source: “Project Cerberus Hardware Security"
- Figure 4-6: Cerberus firmware update source: “Project Cerberus Hardware Security"
- Figure 4-7: Intel® PFR Overview source: csdn.net
- Figure 4-8: Intel® PFR boot flow source: csdn.net
- Figure 4-9: Intel® PFR Reset Sequence source: csdn.net
- Figure 4-10: Titan System Integration
- Figure 4-11: Titan Verified Boot
- Figure 4-12: Lattice PFR source: latticesemi.com/pfr