The first layer of hardware security is the establishment of a Root of Trust. The Root of Trust (RoT) is a hardware-validated boot process that ensures the first executable opcode starts from an immutable source. This is the anchor of the boot process that subsequently plays a role in bootstrapping the rest of the system from BIOS to the operating system to the application. A RoT is a baseline defense against a rootkit.
Each phase validates the next phase in the boot process and builds a Chain of Trust. An RoT can have different starting methods such as:
- Boot from ROM or a non-writable memory to store the image and root key
- One-time programmable memory using fuse bits for root key storage
- Boot from a protected memory region ...