RAS 中从 ROM 到主机安全启动故障的路径（已记录并标记为错误）.pdf

《RAS 中从 ROM 到主机安全启动故障的路径（已记录并标记为错误）.pdf》由会员分享，可在线阅读，更多相关《RAS 中从 ROM 到主机安全启动故障的路径（已记录并标记为错误）.pdf（19页珍藏版）》请在三个皮匠报告上搜索。

1、Sakul GuptaSr.Principal MTS Firmware Security Engineer,Micron Technology Inc.Manjunaatha B Harapanahalli.Silicon Firmware Architect,Intel CorporationJourney of a Secure-boot fault,logged and signaled as an Error,from ROM to the host,for RASJourney of a Secure-boot fault,logged and signaled as an Err

2、or,from ROM to the host,for RASSakul GuptaSr.Principal MTS Firmware Security Engineer,Micron Technology Inc.ManjunaathaB Harapanahalli.Silicon Firmware Architect,Intel CorporationSERVER:COMPOSABLE MEMORY SYSTEMS(CMS)Fault Detection in ROM during Secure BootROM Code Execution:The secure boot process

3、begins with immutable ROM code verifying the authenticity of the next boot stage(e.g.,bootloader/First Mutable Code).Fault Trigger:A fault may occur due to:Invalid cryptographic signatureTampered boot imageHardware malfunction Known Answer Test failure for crypto acceleratorsNormal code execution pa

4、th,fault detected by clock,voltage,EMP glitch detectorsError Classification:The ROM classifies the fault as a security-critical error and assigns an error code.Fault Detection in Secure BootMechanism to ensure only trusted firmware from the OEM is loaded during the boot process.Ensuring Integrity an

5、d authenticity of the signed Firmware.Secure Boot can optionally implement device unique encryption for confidentiality protection of firmware images.Anti-Rollback feature using security version number from the fuse.Avoids release/update of knownvulnerability firmware into the field.Optionally uses

6、a certificate-based trust hierarchy to validate firmware and OS loaders.Device security lifecycle states.Root Of Trust Immutable ROMChain Of Trust-Each stage uses digital signatures and hashes to verify the integrity and authenticity of the next stage:OCP Secure BootError Record Creation:ROM logs th