Security from the ground up

A Non-Secure Boot

The boot process is the initial part of firmware and the process of a digital system to start up.

The content of the boot is held in a flash memory which is called a BIOS. If you can change the content of BIOS through malware, then you can also change the behavior of the system. This has recently become a popular attack point for hackers.

Developers have claimed a boot process that provides some level of security. However, they have failed to provide a truly secure system start up, since they do not authenticate the user executing the BIOS update nor the integrity of the boot code, and they do not guarantee that the code is free of malware or that it has not been tampered with.


Axiado's Secure Boot

Axiado’s truly secure boot requires authentication of the code, the person or organization executing the BIOS update, and full cloaking of the code itself.




  • Axiado’s system authenticates the person or organization executing the BIOS update.

    Authenticate User

  • A trustworthy organization, like Axiado, has to sign the code to verify its correctness and that it is free of backdoors and malicious code.

    Authenticate Content

  • Axiado’s system encrypts the boot code to a unique key, so that it is impossible for an outsider to decrypt and modify the code.

    Encryption






Unbrickability

Axiado’s boot subsystem won’t risk bricking a device. Attacks against Axiado’s secure boot will not be able to penetrate the system, and hence, not result in bricking.

In the current processors, a certain level of security is provided by a Trusted Platform Module (TPM) coprocessor. The coprocessor keeps a hash value of the BIOS content, and compares that with the hash of the BIOS itself. If the hash values differ, they have been tampered with. This prohibits booting the system, i.e., “bricks” the device, which makes the device inoperable permanently. Disabling the TPM solves this "bricking" problem, and oftentimes, allows for a recovery attempt through emergency procedures, but it also means that malicious software can be installed into the BIOS.


In-Service Firmware Updates

Systems that require continuous availability will benefit from in-service upgrades of the firmware, because restarting is not necessary.

Demo

Watch a Demo of Axiado’s secure boot.


contact us

 By clicking this box, you consent to receiving quarterly newsletters containing up-to-date information about Axiado. If you decide that you no longer want to receive a newsletter, you can unsubscribe by clicking the “Unsubscribe” link at the bottom of every newsletter.