coreboot
The open source coreboot firmware project implements verified boot, which is similar to a combination of OBB verification and UEFI Secure Boot.
Figure 3-2 shows the verified boot flow. Table 3-2 shows keys used in the verified boot flow.
Figure 3-2: coreboot Verified Boot (source: “Verified Boot in Chrome OS and how to make it work for you”)
Table 3-2: Keys used by coreboot verified boot (source: “Verified Boot: Surviving in the Internet of Insecure Things”)
| Key | Verifies | Stored in | Versioned | Notes |
|---|---|---|---|---|
| Root Key | Firmware Data Key | RO Firmware | NO | Private key in a locked room guarded by laser sharks; N of M present. RSA4096+ |
| Firmware Data Key | RW Firmware | RW FW Header | YES | Private key on signing server. RSA4096. |
| Kernel Subkey | Kernel Data Key | RW Firmware | YES (as FW) | Private key only needed to sign new kernel data key. RSA4096. |
| Kernel Data Key | OS Kernel | OS kernel Header | YES | Private key on signing server. RSA2048. |
| Recovery Key | Recovery OS Kernel | RO Firmware | NO | Locked room and laser sharks. RSA4096+. Different than all keys above. Signs recovery installer, not payload. |
Table 3-3: coreboot Verified Boot (for firmware)
| Item | Entity | Provider | Location |
|---|---|---|---|
| TP | Read/Write Firmware Verification | OEM | Flash (Read Only Region) |
| CDI | Read-Only Firmware | OEM | Flash (Read Only Region) |
| Root key | OEM | RO firmware, Google Binary Blob (GBB) | |
| UDI | Read/Write Firmware | OEM | Flash (Read Write Region) |
Table 3-4: coreboot Verified Boot (for OS)
| Item | Entity | Provider | Location |
|---|---|---|---|
| TP | OS Kernel Verification | OEM | Flash (Read Write Region) |
| CDI | Read-Write Firmware | OEM | Flash (Read Write Region) |
| Kernel Subkey | OSV | R/W firmware, Google Binary Blob (GBB) | |
| UDI | OS Kernel | OSV | External storage |