There are many Verified/Secure/Trusted/Measured boot implementations and VMM/HW/OS combinations. Most have similar use of crypto, with multiple keys. Some work with a TPM, or under a TEE. Some solutions incorporate multiple (eg, I think current Windows supports UEFI Secure Boot and TCG Trusted Boot and Intel TXT Measured Boot together), I am still unclear how to get Linux to integrate in a similar way.
A few people have asked me which firmware solution is more secure. I don’t know the answer.
I wish that some university grad student would do a comparison of the crypto used in the various solutions. A student who is focusing on hardware, software, embedded systems, and cryptography would be ideal. đŸ™‚
I think this might be too much of a request for a tech review site, like Toms Hardware or Consumer Reports. Perhaps NIST, when they next update their BIOS guidance, could give some help in this area? It would be nice if the UEFI, coreboot, U-Boot, and other projects had some detailed comparisons of their alternatives/competitors, as members of these teams are likely to be the only people who know the right answers offhand, without doing more research. Perhaps a Comparison_of_Firmware_Security_Technologies page on Wikipedia?
This data would not only be useful for helping the weaker firmware technologies improve themselves, but it’d help security-minded consumers make better product choices, and help OEMs/IBVs build more secure systems.
If you know of a grad student who fits the bill, or a professor who works in this area, please forward this request to them. Thank you very much!
Firmware Security 