1

Context: Secure boot is one of the important elements of Trusted Computing in computer system. One variety of the Secure boot is authenticated boot. While secure boot prevent the boot of a non trusted software, the authenticated boot detects a non trusted software but does not prevent its boot.

Questions:

What are the reasons that would encourage deploying authenticated boot in the system rather than secure boot? In my point of view, it makes more sense (from security point of view) to deploy the secure boot.

Is there other varieties of the secure boot except the authenticated boot?

Any recommendation of reading about Trusted Computing and secure boot?

Thanks!

Lavender
  • 259
  • 1
  • 9

1 Answers1

1

What are the reasons that would encourage deploying authenticated boot in the system rather than secure boot?

Because the device owner owns the device, and often owners are developers. See also: people interested in "rooting" / "jailbreaking" their mobile devices.

Secure Boot is currently largely deployed, but in detail you might have some options to control the boot.

Consider for example TPM-based full disk encryption (1, 2) where the system won't necessarily refuse booting a different kernel (e.g. a recovery suite), but simply the TPM won't release the key(s) unless the boot environment is secure, so you can't snatch the key from the recovery toys. This falls in the middle of your question

Another great example is the Android ecosystem. Android has a true Secure Boot implementation where you can't boot or flash software that is not signed by the vendor. For example, a number of Nokia devices (manufactured by HMD) can't be unlocked. Why did I use bold?

Because in the Android world there are a number of ways to actively disable Secure Boot, which then becomes an optional, yet recommended, feature. As the owner, you can disable Secure Boot and install your own kernel. You will have full control over the device, and will even be able to experiment new technologies with your own device.

The goal of Secure Authenticated Boot is to provide a sane environment to applications, e.g. banking applications. If you unlock the bootloader of your device to run untrusted (e.g. rooted) software, your bank will be particularly mad and could refuse to interact with you through their mobile application because the system is not certified to their security standards.

As soon as you can revert the Authenticated into Secure boot, everything will revert back to the "trust zone".

Note that, as a security feature, most Android devices require wiping the encryption keys of storage when the bootloader security state is changed. This happens to protect the data, especially if an attacker with physical access to the device wants to exfiltrate data without user's consent (or if the user is unavailable/dead/etc) by flashing a recovery solution.

In my point of view, it makes more sense (from security point of view) to deploy the secure boot.

Points of view are always relative. In my point of view (security point of view), switchable Secure Boot is the best option. I could choose to deploy SB to my old grandparent's phone and keep it disabled for myself.

On the counterside, consider devices physically given to third parties, like POS/cash, kiosks etc. Of course, we both want Secure Boot to prevent unauthorized third parties to mess with the software and steal financial information, or create duplicate transactions.

All depends on the effective point of view. There is no "generic" security point of view

Any recommendation of reading about Trusted Computing and secure boot?

This article from the FSF seems outdated but highlights some points. Outdated because it ages from the Windows 8 era. Following is my comment.

The problem with secure computing environment, which today happens with gaming consoles, but not (yet) with mobile phones, is market barriers. It's not a real problem for the final user, but trusted computing could be leveraged in the future to create walled gardens where software vendors may be kept out.

The "app marketplaces" concentrate the offer of software applications. If a marketplace has oligopoly (e.g. Google) or monopoly (e.g. Apple), then they have power to choose who can deploy their software, ask for money, exclude certain competitors or certain parties for political reasons. This was especially true in the age where "ipa" applications could be sideloaded only via jailbreaking.

Today, no console natively allows to run "homebrew" games. Regardless of software piracy, homebrewing means the ability for a small start up born in a garage to deploy software to the martket, and not be forced to pay exhorbitant fees (e.g. 30% commission, along with Gov taxes) to the app store owner.

usr-local-ΕΨΗΕΛΩΝ
  • 5,361
  • 2
  • 18
  • 35