Deploying Secure Boot: Key Creation and Management

ManualsBrandsIntel ManualsOtherIntel Desktop Board DB75EN

1

2

3

4

5

6

7

8

9

5

Bootmgfw.efi

(Win8)

UEFI Boot

Windows Kernel

and Drivers

AM Software

AM software is

started before all

3

rd

party software

Boot Policy

AM Policy

3

rd

Party

Software/Drivers

Secure Boot

prevents

malicious Boot

code and OS

loader

1

3

TPM

4

Measurements of

components

including AM

software are

stored in the TPM

Client

Attestation

Service

5

Client retrieves TPM

measurements of

client state on

demand

Client Health

Claim

Windows Logon

2

BitLocker

Unlocks Disk if

TPM and

Secure Boot

Integrity in

place

Trusted Boot Architecture

UEFI Summer Summit – July 2012 www.uefi.org