2 min read

Microsoft Measured Boot Process, Attestation Servers, etc.

Microsoft Measured Boot Process, Attestation Servers, etc.

Recently I’ve come across something called Microsoft Measured Boot which is a method of evaluating the ‘health’ of the boot related components and allowing or denying access to restricted resources based on the result. Super interesting concept, and I wanted to make the idea behind this concept available to both technical and non technical users… so without further ado, let’s explore!

My Understanding

My understanding, after watching many online videos and talks around Measured Boot implementations, is that it works as follows:

• During the boot process, each boot component such as the UEFI Firmware, TPM Firmware and TPM Software data is individually hashed and stored in a ‘boot log’ of sorts.
 - UEFI is essentially the modern version of BIOS! and we also have the TPM security chip which is often used in enterprise environments.

• The boot log is sent to an ‘Attestation Server’ which is owned by the organisation and stores expected hash values for each boot component. The address of the Attestation Server would be set somewhere in the boot configuration (as access would be required outside of the Operating System Environment). Replacing the Attestation Server address would not bypass these steps for multiple reasons ( keep reading! 🎉 )

• The Attestation Server will evaluate the values and calculate the ‘health’ of the machine in question. The AS will then return a signed token, should the values match their expected ones and the Health Score is within the defined threshold.
 - An attestation server is run within each organisation and holds the expected values for the ‘hashes’ of the boot logs for each individual PC.

• The signed ticket/token will allow the machine to complete the boot process. The signed token is valid for a set amount of time, 24 hours for example would be a probably-default value, and grants access to protected resources such as internal websites and resources held on protected servers, for that specific machine, using the token returned during the boot process.

Fool-proof, right?

I played this out in my mind, and it seemed like a pretty fool-proof approach to securing access to internal resources. And for the most part, I believe this is true. There was a few initial worries of ‘What if legitimate tickets could be forged and used on an infected machine to gain access to resources’ - but for protecting against external attackers using rootkits (malware injected at time-of-boot, used to avoid detection by antivirus loaded following the OS Boot) being used to compromise a system, I feel it would still prove very effective.

I then took to YouTube and searched ‘Microsoft Measured Boot’ to learn a little more about the subject. The first results title read ‘Hacking UEFI & Measured Boot’. Not a good look :) !

As soon as a learnt about this process initially, I took an interest as the concept is really interesting. So i’m happy to share it with you all!

I hope you enjoyed reading.