Supply Chain Assessment

Question 1

Due Diligence

Answer 1

A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system

Question 2

Trusted Foundry

Answer 2

§ A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function)
§ Trusted Foundry Program is operated by the Department of Defense

Question 3

Hardware Root of Trust (ROT)

Answer 3

§ A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics
§ A hardware root of trust is used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report

Question 4

Trusted Platform Module (TPM)

Answer 4

§ A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information
§ A TPM can be managed in Windows via the tpm.msc console or through group policy

Question 5

Hardware Security Module (HSM)

Answer 5

An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage

Question 6

Unified Extensible Firmware Interface (UEFI)

Answer 6

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security

Question 7

Secure Boot

Answer 7

A UEFI feature that prevents unwanted processes from executing during the boot operation

Question 8

Measured Boot

Answer 8

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report

Question 9

Attestation

Answer 9

A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key

Question 10

eFUSE

Answer 10

A means for software or firmware to permanently alter the state of a transistor on a computer chip

Question 11

Secure Processing

Answer 11

A mechanism for ensuring the confidentiality, integrity, and availability of software code and data as it is executed in volatile memory

Question 12

Trusted Execution

Answer 12

The CPU’s security extensions invoke a TPM and secure boot attestation to ensure that a trusted operating system is running

Question 13

Secure Enclave

Answer 13

The extensions allow a trusted process to create an encrypted container for sensitive data

Question 14

Atomic Execution

Answer 14

Certain operations that should only be performed once or not at all, such as initializing a memory location

Question 15

Bus Encryption

Answer 15

§ Data is encrypted by an application prior to being placed on the data bus
§ Ensures that the device at the end of the bus is trusted to decrypt the data