Project

General

Profile

Actions

Feature #417

open

Show platform key on boot when secure boot is enabled

Added by Simon Brand about 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
10/02/2022
Due date:
% Done:

0%

Estimated time:
Affected versions:
Needs backport to:
Affected hardware:
All
Affected OS:
All but Windows

Description

I think it is useful to show the hash of the platform key, if a different platform key than default (Microsoft trusted Platform Key) is the current platform key and secure boot is enabled. It must be shown, before the operating system could have been started (to avoid the OS showing it with an older UEFI, which lacks this feature), also it makes sense to pause the screen, so you can verify the hash.

Why?
To make sure the correct operation system is loading and nobody tampered the devices platform key and disk.

Android smartphones have this feature for several years. [0]
Please keep in mind, that the screenshots are not fully up-to-date, devices show not only the first 8 digits, but the full root of trust hash since a few months. [1]
The reference source code is available here: [2]

Actions

Also available in: Atom PDF