PKI Usage in Trusted Boot

I am trying to understand how PKI is used to boot an ARM board.

The following image relates to BL1:

enter image description here

The booting steps state:

enter image description here

Also from:

enter image description here

The certificate used in step 1 appears to be a content certificate. In the diagram it suggests in contains the public key used to sign a hash, and the signed hash for BL2. Referring to X-509 certificate:

enter image description here

My question is that from the description above, is ARM not using the subject public key information in X509, and is instead adding the public key used to verify the hash in the extension field, and the signed hash in the digital signature field ?

The diagram also indicates that the trusted key certificate contains 3 keys (ROTPK, TWpub, NWpub). Does that mean that put all 3 keys in extension field, then added the signed hash of perhaps TWpub + NWpub in the digital signature and again didn’t use the subject public key information field (with certificate later verified with the ROTPK in the extension field) ?

Does (UEFI) secure boot provide security advantages over TPM measured boot?

Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM.

As i read into each, it appears to me that the TPM measurements to each stage would provide about the same level of integrity guarantee as how each secure boot stage verifies the next stage’s signature.

I get how the UEFI secure boot’s key/certificate structure may have management advantages over TPM. However, i have trouble finding security advantages against attackers. Can someone enlightens me if those statements would be valid? Thanks!

Understanding Secure Boot

I’m trying to understand the secure boot process of an OS but there are few points I can’t wrap my head around.

At a high level, afaik, secure boot ensures that the loaded OS is authenticated by its respective vendor. If an adversary modifies the OS code, the authentication checks during secure boot fails and user is notified.

What I want to understand is how’s this mechanism implemented at a low level. My understanding is as follows.

There’s a read-only memory (ROM) where the program which initiates the booting process is written along with a public key by the manufacturer. Integrity of this code is basically implicitly trusted, so this program is basically the root-of-trust. This program is loaded by CPU first and upon execution, it verifies and loads the next component in the booting process. Next component verifies the next next component and so on until all the components of OS are loaded.

However, what ensures that CPU really starts booting the system from the correct ROM? Can’t an adversary force the CPU to read a malicious initiating program that disregards the verification step? That is, there should be another component that ensures the system really starts from the root-of-trust program. What’s that component or is my understanding of the process is incorrect?

Spring Boot, Set Up Spring Properties From Java Pojo not from application.properties

I have been struggling to set up spring boot properties programmatically. I know how to set up from application.properties file.

but I would like not to use the application.properties because in my use case application properties file is encrypted I mean the file itself is encrypted. (not the industry-standard way like data encryption). So I would like to read the encrypted file and set spring properites without saving the decrypted file on the server. I am able to decrypt and save in java object but i do not know how to set those properties for app.

Way to protect from cold boot attack

After reading some research papers about cold boot attack, I got a big shock and start searching for ways to protect against that kind of vulnerability. I got one solution that is using BitLocker pin access to RAM. But I have still a concern.

  1. Windows 10 Latest patch can protect cold boot attack?
  2. DDR3 or DDR4 RAM still have vulnerability?
  3. Is there another way to protect rather than BitLocker pin?

Why do viruses that wipe boot sectors exist?

In a moment of desperation and without thinking, I executed an .exe file purporting to be a pirated version of a hard-to-find program, forgetting that I had no real-time antivirus active. A few seconds later Malwarebytes (the free version, so not real-time) had been removed from the system. I then hurriedly tried to do a System Restore but sure enough, found that my boot sector had been wiped.

Thankfully, the virus – or maybe more accurately, just malware? – hadn’t touched any of my data, including the image backups on one of my internal disks, so I was able to restore back to a working system within a few hours, but this sobering experience has left me wondering: what exactly is the purpose of such a destructive virus?

I can understand ransomware, cryptominers, or malware that turns my computer into part of a botnet, but what motivation would a malware developer have to wipe out a system’s boot sector? What’s the endgame to doing so? As a bonus question, is there known active malware that goes further and wipes out a user’s actual data?

Integrity Check on power on VS. Secure boot

Can we consider the Integrity Check on power-on and the secure boot equal from security point of view?

Secure boot is about allowing only a trusted SW to boot on the processor. A chain of trust can be built as a result of sequence of a securely booted Software components: for example:

  • Bootloader authenticates the OS.
  • The OS authenticates Application.

Let’s imagine that a system provides an Integrity check on power on, which means on power-on, the stored data (Bootloader, OS, Application) is hashed and the new hash is compared to the old stored hash of the same data. In this case, the integrity of all the stored SW component are going to be checked all together. Then a boot-up is only allowed when the integrity check was successful.

Does it make a difference to check the integrity/authenticity of the SW one after one (secure boot) or to conduct an integrity check on all of them together on power-on? In other words, when can we consider the integrity check and the secure boot equal?

Why authenticated boot not Secure boot?

Context: Secure boot is one of the important elements of Trusted Computing in computer system. One variety of the Secure boot is authenticated boot. While secure boot prevent the boot of a non trusted software, the authenticated boot detects a non trusted software but does not prevent its boot.

Questions:

What are the reasons that would encourage deploying authenticated boot in the system rather than secure boot? In my point of view, it makes more sense (from security point of view) to deploy the secure boot.

Is there other varieties of the secure boot except the authenticated boot?

Any recommendation of reading about Trusted Computing and secure boot?

Thanks!