Manualshelf

Deploying Secure Boot: Key Creation and Management

ManualsBrandsIntel ManualsOtherIntel Desktop Board DX79TO
12345678910
Hardware Security Modules
Microsoft strongly recommends using a Hardware Security Module
(HSM) for key creation
Most HSMs have Federal Information Processing Standard (FIPS)
Publication 140-2 level 3 compliance
Requires that keys are not exported or imported from the HSM.
HSMs support multiple key storage options
Local on the HSM itself
On the server attached to the HSM - for solutions which requires lots
of keys
The cryptographic module security policy shall specify a physical
security policy, including:
Tamper-evident seals, locks, tamper response and zeroization
switches, and alarms
Policy includes actions required by the operator(s) to ensure that
physical security is maintained such as periodic inspections
10 UEFI Summer Summit July 2012 www.uefi.org