Trusted Boot

Background

Communication devices consist of multiple embedded computer systems. The software that runs on these devices may be vulnerable to viruses, modified by attackers, or implanted with Trojan horses.

The trusted boot function promptly detects issues that affect the trusted status of the system, helping improve the security and reliability of the system.

Related Concepts

Trusted system: A trusted system indicates that system hardware and software are running as designed. The prerequisite for a trusted system is that the system software integrity is high and free of intrusion or unauthorized modification.

Basic Principles

The trusted boot function establishes an RoT for the trusted boot platform based on the hardware capabilities of a device and an initial boot code.

During the boot process, the system establishes a complete trust chain from the RoT, BIOS, and BootLoader, to the OS kernel and system software package, with each level measuring the boot phase of the next level. The measurement results are irrevocably saved to the TPM. This implementation ensures:
  • Setup and transmission of the trust chain.
  • Recording of the system's trusted status.

Benefits

This feature offers the following security benefits:

  • Software integrity measurement

    Measures the integrity of the software during the boot process, establishes and transfers a chain of trust, and records the system's trusted status.

  • Trusted status query

    Provides query of the trusted status of the system.

  • Trusted status alarm

    Generates an alarm if the trusted status of the system is abnormal.

Parent Topic: Understanding the Trusted System
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >