# BootKeeper: Validating Software Integrity Properties on Boot Firmware   Images

**Authors:** Ronny Chevalier (CIDRE), Stefano Cristalli, Christophe Hauser (USC),, Yan Shoshitaishvili (ASU), Ruoyu Wang (ASU), Christopher Kruegel (CS-UCSB),, Giovanni Vigna (CS-UCSB), Danilo Bruschi, Andrea Lanzi

arXiv: 1903.12505 · 2019-04-01

## TL;DR

BootKeeper is a static analysis tool designed to verify security properties of boot firmware images, preventing attackers from bypassing integrity measurements and ensuring secure system boot processes.

## Contribution

It introduces a novel static analysis approach to validate firmware integrity properties before deployment, addressing vendor non-compliance issues.

## Key findings

- Successfully detects attacks on boot firmware implementations
- Verifies key security properties of firmware images
- Demonstrates applicability across multiple firmware types

## Abstract

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.12505/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1903.12505/full.md

## References

43 references — full list in the complete paper: https://tomesphere.com/paper/1903.12505/full.md

---
Source: https://tomesphere.com/paper/1903.12505