Secure Boot Revisited

The security of mobile and embedded devices can be significantly improved by using mobile-trusted-modules (MTMs). How these MTMs can be implemented and integrated in mobile devices is subject to current research. A major part of this research addresses different implementation variants of MTMs. MTMs provide many features that enable a platform to provide a trustworthy proof of its current configuration. However, the security of mobile devices does not solely rely on MTMs - it also depends on the boot process. This process forms the foundation for trusted services that are started on the device later. Hence, the TCG´s mobile phone working group has published an approach how a secure boot process could be performed. However, their publication does not specify the required steps and components in detail, which allows device manufacturers to implement the process in many different ways - consequently, many different implementations are possible. Furthermore, we propose a software image verification concept for our approach. The concept is based on the reference-integrity-metric (RIM) certificates specified by the TCG and allows an easy verification of the loaded software images as well as easy management of RIM certificates to support the secure boot process. Additionally, we show how it is possible to to use software based MTM, with our approach.