Establishing a TCB
How Confidential Boot works
UEFI Confidential Boot Process:
UEFI Firmware Initialization: The Secure Boot process begins with the initialization of the UEFI firmware in the virtual machine. OVMF provides the UEFI firmware for virtualized platforms.
Platform Key (PK): The root of trust in UEFI Secure Boot is the Platform Key (PK). The PK is a cryptographic key that signs the next key in the chain, the Key Exchange Key (KEK).
Key Exchange Key (KEK): The KEK is responsible for signing the signatures of the third level, which includes the Authorized Signatures Database (db) and Forbidden Signatures Database (dbx).
Authorized Signatures Database (db): The db contains digital signatures of the bootloader and operating system binaries that are considered "authorized" or trusted. These signatures are verified during the boot process.
Forbidden Signatures Database (dbx): The dbx contains signatures of binaries that are explicitly forbidden or considered untrusted. If a binary has a signature listed in dbx, it will be rejected during the boot process.
Bootloader and Operating System Verification:
Bootloader Signature Verification: When the virtual machine starts, the UEFI firmware, with Secure Boot enabled, checks the digital signature of the bootloader against the signatures in the db. If the signature is valid, the bootloader is considered trusted, and the boot process continues.
Operating System Kernel Verification: Similarly, the UEFI firmware verifies the digital signature of the operating system kernel against the signatures in the db. If the signature is valid, the operating system is considered trusted, and the boot process proceeds.
Last updated