...
Measured Boot, is another security standard, where the measurements are recorded into TPM PCRs but the boot process continues can be allowed to complete. The measurements can be later read back from TPM and the Audit log of all the measurements can also be fetched. Thus measured boot does not make any judgement about the integrity of the boot stages, but gives opportunity for an external server to inspect the TPM Audit Log and PCR values in a detailed manner to see which components were measured, what their measurements are etc., and make a decision.
Secure Boot | Measured Boot |
---|---|
Core Root of Trust is certificate embedded in Firmware by OEM | Core Root of Trust is Trusted Platform Module (TPM) |
Does not require connectivity to any remote server to establish chain of trust. | Attestation server needs to inspect TPM PCR values before booting process can be trusted |
Any new software needs to be signed by a certificate rooted to OEM certificates | An independent trusted third-party (an attestation server), can match the PCR measurements against its expected values |
Chain of trust is implicitly established if system boots up fine | Chain of trust is established after going through TPM Event Log and PCR values |
Device will become inaccessible if one of the software layers fail validation since booting process will halt. Good for devices with human presence like smartphones, laptops etc. But poses difficulty for remotely managed systems like IoT Edge gateways, where manual access to the device is limited. Since IoT gateways are managed through remotely located controllers, losing connectivity will severely impact visibility into the system. | Works well for remotely managed systems. Device will be accessible, and controller can still reach the system, and |
get visibility into the system. |
As you can see, both the standards have their own merits and demerits when considering security requirements for a remotely managed EVE system. i.e.
...