Security is an important consideration in the design of many computer systems. For example, a user who wants to access an electronic document on a desktop computer may want to ensure that opening the document does not allow some malicious actor to read and/or alter the document contents. However, if the computing environment contains malicious software, such as a virus, spyware, or even bugs, the document contents may be leaked and/or altered.
To protect against malicious actors, a user may want to insure that the computing environment contains only known, trusted software. For example, the user opening the document on a desktop computer may want to ensure that the computing environment is executing only known, trusted code, and that no malicious software may leak and/or alter the document contents. In another example, a user of a voting machine may want to ensure that the machine is executing only the trusted voting-machine software and that the software has not been corrupted to alter the user's vote or to allow an unauthorized party to view the vote.
Some systems provide hardware support for a trusted initialization procedure that ensures only trusted software is loaded. For example, a central processing unit (CPU) instruction set may include a secure kernel initialization instruction, such as SKINIT, which may be used to implement a trusted bootstrap. To implement the trusted bootstrap, a secure kernel initialization instruction may protect a small portion of memory and then load trusted software into that protected portion. The trusted software, referred to herein as the trusted boot (TBOOT) sequence, may then set up software constructs to load additional trusted software in a safe manner. For example, the SKINIT instruction is a secure kernel initialization instruction that protects a 64K region of memory by disabling interrupts, disabling direct memory access (DMA) from peripheral devices to the protected memory region, and disabling all cores but the one executing the SKINIT instruction. Once the 64K region is protected, the SKINIT may load the TBOOT sequence into the protected region. In some cases, the SKINIT instruction may instruct a system component (e.g., a trusted processing module) to store a checksum of the TBOOT sequence, which may later be used to verify whether the TBOOT sequence was safely loaded rather than altered or otherwise compromised.