Tag :: Aboot

This feature supports to upgrade Aboot firmware via an Aboot Update File (AUF). The aim is to be able to provide a signed

Measured boot is an anti-tamper mechanism. It calculates the cryptographic signatures for software system components and extends the signatures into the Trusted Platform Module (TPM) security chip. Upon startup, with the feature turned on, the Aboot bootloader and EOS calculate the hash of various system components and extend the hashes into the Platform Configuration Registers (PCRs), which is one of the resources of the Trusted Platform Module (TPM) security chip. The calculation and extension event is called the measured boot event, which is associated with a revision number to help the user identify changes to the event.

Systems with support for Arista secure boot protect against tampering of the BIOS firmware & Aboot by write-protecting the BIOS SPI flash before EOS is loaded (refer to the “Security model” section in the secure boot TOI for details). While effective at protecting against unauthorized changes made from EOS, such a mechanism has limitations. For example, it is ineffective at protecting against physical reprogramming of the contents of the BIOS SPI flash, tampering through privileged serial console access, undiscovered security vulnerabilities in BIOS upgrade mechanism, etc.

Measured boot is a tamper-detection mechanism that records a system's boot process. It calculates cryptographic hashes of system components and configurations, which are then securely stored in the Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM) chip. This process creates a secure "hash chain" of the boot sequence. After the system starts, the TPM Quote operation, along with the PCR extension records, can be used to verify the PCR values, confirming that the system components are unchanged and the software is trusted.

Measured boot is a tamper-detection mechanism that records a system's boot process. It calculates cryptographic hashes of system components and configurations, which are then securely stored in the Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM) chip.

Secure boot is a security feature available in Aboot (Arista bootloader) that verifies the cryptographic signature of the EOS SWI (software image) before it is booted. Aboot embeds certificates that allow it to recognize and validate official EOS releases from Arista. If the signature verification is successful, the secure boot check passes and Aboot proceeds to boot the SWI. If the signature verification fails, the boot is aborted.

Secure boot is a security feature available in Aboot (Arista bootloader) that verifies the cryptographic signature of the EOS SWI (software image) before it is booted. Aboot embeds certificates that allow it to recognize and validate official EOS releases from Arista. If the signature verification is successful, the secure boot check passes and Aboot proceeds to boot the SWI. If the signature verification fails, the boot is aborted.