1. Home
  2. Mitigations
  3. Boot Integrity

Boot Integrity

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.

ID: M0946
Security Controls: IEC 62443-4-2:2019 - CR 3.14, NIST SP 800-53 Rev. 5 - SI-7
Version: 1.0
Created: 11 June 2019
Last Modified: 19 September 2023
Version Permalink
ICS Layer
download view

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0839 Module Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. [1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory. [2] Technologies such as Intel Boot Guard can assist with this. [3]
ICS T0857 System Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. [1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory. [2] Technologies such as Intel Boot Guard can assist with this. [3]

References

  1. N/A Trusted Platform Module (TPM) Summary Retrieved. 2020/09/25
  2. ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25
  1. Intel ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25 Intel Hardware-based Security Technologies for Intelligent Retail Devices Retrieved. 2020/09/25