Implementing Boot Security is Complicated, Time-Consuming, and Expensive
While most modern processors include some capability for built-in boot security, these features are rarely configured, enabled and delivered by hardware suppliers. Each boot security feature must be carefully implemented to activate and verify its protection capabilities. System integrators that choose products where the original equipment manufacturer (OEM) hardware vendor has already implemented the required boot security features can skip this arduous undertaking to reduce risks and get secure products to market faster.
Figure 1: Secure Boot is a key component of protection against physical and remote attacks, and hardware and software failures
Security is a constantly evolving landscape with ever-changing threats and increasingly complex research and development (R&D) requirements. Staying abreast of advancements on all fronts is a time-consuming endeavor that requires significant expertise and effort. In development environments, the trial and error process required to properly implement security features can result in “bricked” hardware and lost time. It can easily take many person-months of effort to understand and implement even one boot security feature, and in a robust system with many security layers, this effort grows. These delays can seriously impede system integrators’ ability to get systems to market in a timely and cost-effective way.
- Implementing Root of Trust and Trusted Platform Module (TPM)
- Intel Boot Guard, Trusted Boot and Secure Boot
- Tying Boot Guard features to application requirements
Examples of Curtiss-Wright products including Intel Boot Guard technologies: