Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Trusted Boot

Trusted boot (also referred to as "measured boot") starts with Core Root of Trust for Measurement (CRTM). During the boot process, the CRTM measures (computes the hash value of) the next-level firmware and securely records the measurement, for example by extending the hash value into the Platform Configuration Registers (PCRs) of the TPM.

The CRTM is the foundational measurement root in the trusted computing architecture. It performs the initial integrity measurement during system startup, establishes the starting point of the chain of trust, and enables trust propagation and secure data handling through the Root of Trust for Storage (RTS) and Root of Trust for Reporting (RTR) within the TPM chip.

The TPM chip contains multiple PCRs to store digest values of measured objects. PCRs cannot be directly modified from outside the TPM. Instead, the TPM provides a PCR extend interface. When the PCR extend interface is invoked outside the TPM, the TPM concatenates the measurement digest with the current PCR value. The resulting concatenation is then used as input for computing a digest. The computed digest becomes the new value of the PCR. This entire process is performed inside the TPM, ensuring that PCR values cannot be altered externally. Local and remote attestations are effective methods used by the TPM to verify platform integrity.

Figure 1 Trusted boot principle

Kunpeng servers support the following trusted boot capabilities:

  1. The processor owns a trust root protected by hardware. After the system is powered on, the trust root verifies the BIOS digital signature, and measures and extends the hash value.
  2. The server board BIOS measures the boot loader and extends its hash value.
  3. The TPM extends and stores measurement status values.
  4. When measurement status values are removed from the hardware or the trusted execution environment (TEE), the digital signatures of security status values are generated in the hardware or TEE.
  5. After the startup code at the next level is measured, it is executed immediately, making the time window between the measurement and execution short.