News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Updated BIOS-replacement firmware offers secure “root of trust”

Aug 23, 2005 — by LinuxDevices Staff — from the LinuxDevices Archive — 2 views

Phoenix Technologies has released a new version of its BIOS firmware that aims to protect x86-based computing devices and data before the operating system and applications are loaded. TrustedCore SP2 incorporates firmware security enhancements that “fundamentally transform” legacy BIOS technology, according to the company.

Phoenix claims its new BIOS core system software delivers a “root of trust,” allowing devices to be deployed that are inherently secure immediately upon startup, and that support the latest digital device authentication. It enables developers of PCs and other x86-based digital devices to create trusted and self-authenticating networked devices, Phoenix says, noting that the ability to easily certify a device as a “trusted endpoint” gives corporate and government organizations greater protection from attacks that enter a network through the endpoint device.

Phoenix claims to be the first firmware maker to fully implement key industry standards required for Windows Vista, including support for the Unified Extensible Firmware Interface (UEFI) specification through a UEFI boot loader capability, and support for the Trusted Platform Module (TPM) 1.2 specification requirements of the Trusted Computing Group. The TPM 1.2 specification ensures that malicious code can't invade a device so early in its boot process that steps can't be taken to thwart the attack. UEFI is part of an industry initiative to ensure a clean interface between a device's operating system and the platform firmware at boot time, according to the company.

Phoenix says it has also created a pre-boot authentication standard that will enable easy integration of third-party two-factor authentication devices, such as biometric fingerprint sensors and smart tokens. According to Phoenix, this standard will assist developers in creating endpoint devices that require use of a password and a second factor, such as a fingerprint, to ensure authenticated booting.

TrustedCore also supports master boot record authentication at the firmware level, which, the company says, will prevent tampering of the operating system or the hard disk. Master boot record authentication can provide specialized applications and embedded systems with a trusted boot path for the whole operating system, according to the company. This is said to contribute to meeting Microsoft's Secure Startup requirements for tamper-resistant devices.

Finally, TrustedCore includes an embedded cryptographic engine, called StrongROM, which allows authentication of the firmware itself. Phoenix says that StrongROM can complement the use of TPM 1.2 chip technology to further enhance device security or provide a level of cryptographic security by itself for systems that don't have a TPM 1.2 compliant chip.

TrustedCore now comes standard with the Phoenix CoreArchitect integrated development environment. CoreArchitect is based on the Visual Studio.NET tool, and provides drag-and-drop selection of TrustedCore features, according to Phoenix. Developers familiar with the Microsoft technology can easily adapt their programming skills to the TrustedCore platform, Phoenix says.


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.