File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ \# Hardware Root of Trust
2+
3+
4+
5+ \# # Overview
6+
7+ This system establishes trust at the hardware level using a TPM-backed
8+
9+ security model integrated with Secure Boot and BitLocker.
10+
11+
12+
13+ \# # Trusted Components
14+
15+ \- UEFI firmware
16+
17+ \- TPM 2.0 (AMD)
18+
19+ \- Secure Boot key hierarchy
20+
21+
22+
23+ \# # TPM Capabilities
24+
25+ The TPM is used for:
26+
27+ \- Secure key storage
28+
29+ \- Disk encryption key protection
30+
31+ \- Boot integrity anchoring
32+
33+
34+
35+ \# # Trust Guarantees
36+
37+ \- Cryptographic material is hardware-protected
38+
39+ \- Disk encryption keys are not exposed to the OS
40+
41+ \- Boot integrity is verified before OS execution
42+
43+
44+
45+ \# # Attestation Readiness
46+
47+ While remote attestation is not currently implemented,
48+
49+ the platform is technically capable of measured boot and attestation workflows.
50+
51+
52+
53+ \# # Limitations
54+
55+ TPM-backed trust does not protect against:
56+
57+ \- Authorized user misuse
58+
59+ \- Runtime exploitation of trusted code
60+
61+
62+
You can’t perform that action at this time.
0 commit comments