1. Technical Field
The present disclosure relates to encryption and more specifically to tamper-resistant booting of a computing device.
2. Introduction
Many computing devices today require some degree of information protection. Cryptography is one such method utilized in protecting computing devices. Cryptography refers to both encryption and decryption of information. Encryption is the process of changing intelligible information (plaintext) into unintelligible information (ciphertext) and decryption is the process of changing ciphertext back into plaintext.
Computing devices can encrypt data of varying sizes, from small sets to large blocks of data. Full-disk encryption (FDE) is a method that encrypts an entire disk volume on a computing device. Decryption of the entire disk volume is necessary before the disk volume is accessible. Full-disk encryption is considered more secure than file-level encryption since all files (including temporary files) are encrypted.
Although FDE is considered more secure than file-level encryption, systems with FDE employed are still vulnerable to attack. In one simple attack, a hacker can change the boot sequence of a computing device so that it boots from the hacker's own malicious code instead of performing the normal boot sequence. FDE systems must prompt the user for a password at boot time in order to unlock the FDE volume. The hacker's malicious code can display an identical looking screen that asks for the FDE password, but steals it instead of using the password to unlock the FDE volume. When the user enters the password, the hacker logs it and gains access to the computing device. The hacker can therefore surreptitiously steal the user's password. Without a chain of trust from the booter to the operating system kernel, such attacks are able to defeat even full-disk encrypted computing devices.