Start trusting Your BIOS - SRTM with vboot, TPM and permanent flash protection


In this paper, we are going to introduce Static Root of Trust Measurement with
Verified Boot using different mechanisms of SPI flash protection. We shall prove
VBoot great support for coreboot, TPM usage, and cryptographical operations,
and its ability to perform measured and verified boot. We will explain why the Root Key and Recovery Key are the most important components in the VBoot and should be well protected. As a result, we will show a mechanism for automatic decryption of a disk with the assistance of TPM and policies tied to the firmware measurements stored in the TPM.