当前位置:首页 > 报告详情

RAS 中从 ROM 到主机安全启动故障的路径(已记录并标记为错误).pdf

上传人: 明**** 编号:1011669 2025-12-21 19页 1.23MB

1、Sakul GuptaSr.Principal MTS Firmware Security Engineer,Micron Technology Inc.Manjunaatha B Harapanahalli.Silicon Firmware Architect,Intel CorporationJourney of a Secure-boot fault,logged and signaled as an Error,from ROM to the host,for RASJourney of a Secure-boot fault,logged and signaled as an Err

2、or,from ROM to the host,for RASSakul GuptaSr.Principal MTS Firmware Security Engineer,Micron Technology Inc.ManjunaathaB Harapanahalli.Silicon Firmware Architect,Intel CorporationSERVER:COMPOSABLE MEMORY SYSTEMS(CMS)Fault Detection in ROM during Secure BootROM Code Execution:The secure boot process

3、begins with immutable ROM code verifying the authenticity of the next boot stage(e.g.,bootloader/First Mutable Code).Fault Trigger:A fault may occur due to:Invalid cryptographic signatureTampered boot imageHardware malfunction Known Answer Test failure for crypto acceleratorsNormal code execution pa

4、th,fault detected by clock,voltage,EMP glitch detectorsError Classification:The ROM classifies the fault as a security-critical error and assigns an error code.Fault Detection in Secure BootMechanism to ensure only trusted firmware from the OEM is loaded during the boot process.Ensuring Integrity an

5、d authenticity of the signed Firmware.Secure Boot can optionally implement device unique encryption for confidentiality protection of firmware images.Anti-Rollback feature using security version number from the fuse.Avoids release/update of knownvulnerability firmware into the field.Optionally uses

6、a certificate-based trust hierarchy to validate firmware and OS loaders.Device security lifecycle states.Root Of Trust Immutable ROMChain Of Trust-Each stage uses digital signatures and hashes to verify the integrity and authenticity of the next stage:OCP Secure BootError Record Creation:ROM logs th

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要围绕安全启动过程中的故障检测、记录和信号传递展开。以下是关键点: 1. **故障检测**:在ROM执行安全启动过程中,检测到故障,如无效签名、篡改的引导图像或硬件故障。 2. **错误分类**:ROM将故障分类为安全关键错误,并分配错误代码。 3. **错误记录**:ROM将故障记录在安全、持久的错误日志中,包括故障类型、严重性、时间戳等。 4. **错误信号**:ROM可能通过硬件错误信号或通知早期固件来触发错误。 5. **错误传播**:固件读取错误日志,可能将其升级到更高层,并可能启动恢复操作。 6. **错误报告**:通过平台特定机制(如UEFI变量、ACPI GESB)将错误报告给主机操作系统。 7. **服务性操作**:通过遥测上传、现场诊断和固件修补来处理错误。 8. **错误注入到虚拟机管理程序**:固件将故障信息传递给虚拟机管理程序,管理程序记录故障并触发恢复操作。 9. **通信故障通知**:在启动和运行时,通过EWL和BDAT表记录CPU和CXL设备的通信故障。
**ROM安全启动故障追踪** **RAS框架在故障管理中的应用** **硬件错误信号与固件处理**
客服
商务合作
小程序
服务号
折叠