Secure Execution Environments

Root of Trust Measurements

Static (SRTM)

This technique measures the static early boot UEFI components to ensure that the system starts with a trusted configuration.

  • Part of the BIOS/UEFI

  • The first code that runs upon a power-on

  • Initiates the boot chain of trust

Dynamic (DRTM)

This technique allows the system to freely boot into untrusted code initially and then securely transition into a trusted state.

  • ACM (Authenticated Code Module)

    • Stored in the BIOS, authenticated by the CPU

  • Requires a special, secure CPU mode

    • Intel TXT (Trusted eXecution Technology)

    • AMD SVM (Secure Virtual Machine)

SRTM and DRTM

SRTM ensures a trusted chain until a bootloader.

  • Inclusive.

  • Meaning that all the code is executed until the bootloader can be evaluated.

DRTM ensures a trusted OS boot.

  • Meaning that all the code executed during the OS boot can be evaluated.

PreviousTrusted computingNextTrusted Computing Platform Alliance (TCPA)

Last updated