How to trust the verification anchor

[oherrala]

Comment by @arikauppi in commit a38050d

Image is verified but how to trust the verification anchor (root of trust)?
In embedded world, some kind of root of trust (public key, public key hash etc) is stored in HW. eFUSEs or other OTP (one-time programmable memory) is typically used. However if root of trust is "burned" to HW, then key revocation and renewal become issues.
This then leads to trusted execution environment + trusted applications which could aid in storing the root of trust in a secure way. (TCG / trusted computing group, http://www.trustedcomputinggroup.org/, OP-TEE, https://wiki.linaro.org/WorkingGroups/Security/OP-TEE etc)

Also, it is not typically enough to verify the image during boot but in some applications also run-time integrity needs to be ensured. This then opens totally different can of worms.

[arikauppi]

Also one thing to consider could be verified boot vs measured boot.

In verified boot a trust anchor is available as a pre-condition before start of boot. All components in chain of trust are verified ultimately to this root of trust. If any verification check fails, boot process stops.

In measured boot a trust anchor may not be available but the boot process measures the boot process (shasums or similar) of all components. Later on this measurement can be then checked against a known good. Status of the system is unknown until the measurement has been validated.

Main difference is that measured boot does not necessarily require the root of trust / trust anchor to reside in the target/hostile environment as the measurement could be manually validated against external reference value(s).