Chapter 9 Trusted OSs and Apps
A high-trust Internet ecosystem must have trusted devices that are far less likely to be critically compromised and include trusted operating systems and applications. This chapter covers OS secure booting, trusted operating systems, trusted applications, and trusted actions.
OS Secure Boot
Every computing device has a “boot” process, where the hardware is initialized and the OS is loaded in pieces, starting with the critical core sections followed by the “upper layer” OS code and applications. Figure 9-1 below summarizes the common logical boot process around most computing devices and OSs today (it could vary based on the device).
Figure 9-1: Logical boot process.
The more secure and reliable devices and OS have protection and integrity checks along the entire boot process. We covered hardware and firmware booting and safety checks in the previous chapter.
After the hardware and firmware is checked and verified, operations are handed off to the OS. The best OSs have their own checks and verification, starting from the booting of the operating system and beyond. These days most OS boot code has some sort of integrity check that is securely stored and protected by the BIOS/UEFI (or other chip will be covered soon). After the OS boots, the early critical drivers and services/daemons of the OS will load, and all will be integrity checked along ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access