Introduction

Secure Boot is a feature in OVMF (Open Virtual Machine Firmware) firmware that aims to enhance the security of the boot process in virtualized environments. It is an implementation of the UEFI (Unified Extensible Firmware Interface) Secure Boot specification, which is designed to prevent the execution of unauthorized or malicious code during the boot process. Secure Boot establishes a chain of trust by verifying the digital signatures of each component involved in the boot sequence, ensuring that only trusted and signed code is executed.

Confidential Boot is a new feature in enclaive's implementation of OVMF, dubbed OVMF-CB, to realize a boot chain rooted in the trust of the Security Processor. It is the SP to measure the integrity of the boot process.

Key Features

• Protection against Malicious Code: Confidential Boot protects the system from running unauthorized or tampered code during the boot process, reducing the risk of malware and ensuring the integrity of the boot chain.

• Prevention of Rootkits: By verifying the digital signatures, Confidential Boot helps prevent the installation of unauthorized or malicious rootkits that could compromise the security of the virtual machine.

Why we developed OVMF-CB

• Remote Attestation of Boot Chain: Essential for implementing confidential workloads in Buckypaper VMs is the capability to authenticate the code running within the VM, establishing the foundation for applications operating in the user space above it. Typically, this foundation consists of the OVMF firmware and kernel, collectively known as the Trusted Computing Base (TCB). This nomenclature underscores the critical importance of placing trust in the foundational elements. Without such trust, the security of applications cannot be assured. The OVMF-CB is meticulously crafted to enable Service Providers (SPs) to gauge the integrity of the OVMF firmware. This firmware is configured to automatically verify the kernel's integrity by default. Consequently, the attestation measurement serves as conclusive evidence to a third party regarding the authenticity of the TCB, eliminating the need for potentially insecure workarounds such as virtual Trusted Platform Modules (vTPMs).

• Buckypaper VMs have a unique cryptographic ID: In the spirit of branding a hardware chip with a unique id, the OVMF-CB undergoes a branding process during its build, incorporating a unique public key. This process ensures the generation of a distinct attestation measurement, irrespective of the quantity of Buckypaper VMs concurrently operating on the same platform. It is noteworthy that this method of branding the OVMF firmware is robust in the cryptographic sense, making it particularly valuable in security-sensitive scenarios.