ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During the design of an industrial control appliance that may be physically accessed by attackers, you are asked to ensure the operating system and bootloader cannot run if they have been replaced with malicious code. Which approach best fulfills this secure boot requirement at power-on?

Implement UEFI Secure Boot with a vendor-installed platform key and sign every boot component so firmware verifies each stage before execution.
Configure the bootloader to require an administrator password before it loads the kernel.
Store the expected hash of the operating-system image in a TPM PCR and perform remote attestation after startup.
Place the bootloader on a read-only disk partition that is mounted with the 'ro' option at system start.

Report Issue

Answer Description

UEFI Secure Boot establishes a chain of trust starting in firmware. A manufacturer-installed platform key (PK) and associated key-exchange keys allow the firmware to cryptographically verify digital signatures on the bootloader, option ROMs, and operating-system kernel. Only code signed by a trusted key is executed, preventing boot when tampering is detected.

Storing a hash in a TPM PCR supports measured boot and remote attestation but does not automatically block execution of altered code. Requiring a boot-loader password controls who can interact with the loader, not whether code has been modified. Mounting the boot partition read-only during runtime offers some protection against online changes but cannot stop an attacker with physical access from flashing a rogue image before power-on.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.