By: Gunter Fuchs
Who has not experienced a misbehaving computer due to a virus? Or, you may have at least seen your virus protection software catching one in the act. One especially nasty type of virus is one that is executed before the anti-virus (AV) software begins its process, because it can then manipulate your AV program in a way that it does not find the virus.
Two main programs are executed before your AV program: the binary input / output system (BIOS) and the operating system (OS). The central processing unit (CPU) executes these two programs as part of the “boot” process. Making this boot process secure can increase the overall security of a system in a big way. By verifying the authenticity of the code for the OS, a secure boot process prevents any virus from sneaking in and compromising a system before the AV program can take over system security.
To be able to verify the code, it is stored along with a “signature” of it at the time of manufacturing or code update. The signature is the output of a cryptographic hash function. (A hash function is irreversible and “condenses” a big blob of information such as boot code into a quite tiny size, 32 bytes for example.) Its inputs are the code and a secret key, known only to the generator of the signature and the verifying routine inside boot code (BIOS) that gets executed immediately after power-up or system restart. This verifying routine calculates the signature the same way it was calculated before by the host (system at manufacturing plant, online site for updating, etc.), and compares it with the stored signature. Only if the calculated and stored signatures match does the boot process continue. Otherwise, the boot verification routine halts the system.
The paragraph above describes a system where the verification (calculation and key storage) is done in the boot ROM. The picture below shows a system where the calculation and key storage are loaded off into a hardware device (ATSHA204) offered by Atmel. Storing the key in very secure, tamper-safe hardware adds a big obstacle to any hack attempt.