In computer security, a measured boot process is a process that scrutinizes the configuration of a client computer by taking secure measurements in the form of cryptographic hashes of the software residing on and the hardware of the client computer, and recording those measurements in a Trusted Platform Module (TPM) of the client computer. A measured boot may utilize a Core Root of Trust for Measurement (CRTM), which is typically the first piece of software or code executed on a platform at boot time. When executed, the CRTM takes and stores, or extends, the first measurement or hash of the client software in the TPM, and thus establishes the basis for subsequent measurements. The CRTM itself, however, may not be subject to scrutiny or measurement in a measured boot process, and is simply considered or assumed to be trustworthy. The CRTM may reside in the BIOS or BIOS boot block, and thus may be vulnerable to a root kit masquerading as system BIOS and to attacks from other malware.
Since software is fairly easy to modify relative to hardware, a software-based CRTM may not be as secure as a hardware-based CRTM, and thus a hardware-based CRTM would generally be preferable. However, since hardware must be initialized and TPM protocols are relatively complicated, implementation of a hardware-based CRTM involves certain tradeoffs, and, thus, may not be efficient or practical. More particularly, since the measurements or hashes taken of the system software during a measured boot process are stored in the TPM, the TPM may first be initialized and its firmware loaded, validated and initialized prior to it being able to accept and store any measurements. Since the CPU is the first piece of hardware to initialize upon system start or reset, it would be preferable to utilize the CPU or its microcode as the CRTM. However, the time to initialize the TPM precludes utilizing the client CPU or its microcode as the CRTM since the CPU, as the first piece of hardware to be initialized, may need to store its measurement prior to the TPM being initialized and able to receive and store the measurement.
The same numbers are used throughout the disclosure and the figures to reference like components and features. Numbers in the 100 series refer to features originally found in FIG. 1; numbers in the 200 series refer to features originally found in FIG. 2; and so on.