Measured Boot is a relatively new feature introduced in Windows 8 to help protect your device (PC) from rootkits and other malware. Measured Boot will check each start-up component including the firmware all the way to the boot drivers and it will store this information in what is called a Trusted Platform Module (TPM) or Intel Platform Trust Technology (PTT). The recorded measurement can be compared with a golden value, i.e. the expected unique measurement that was calculated on a known, good system. In this guide, you will learn about “Measured Boot, Secure Boot, Trusted Boot, and Early Launch Anti-Malware: How to secure the Windows 10 boot process”.
If the measurement does not match the golden measurement the system integrity is considered compromised. This ensures before anything is started up in the boot sequence it will be compared to the TPM to make sure the software is trustworthy and not infected by a virus, and then makes available a log that can be tested remotely to verify the boot state of the client. Kindly refer to these related guides: how to view BitLocker disk encryption status in Windows, “Insight on Full Disk Encryption with PBA / without PBA: UEFI, Secure Boot, BIOS, File and Directory Encryption and Container Encryption“, and how to deploy Microsoft BitLocker Administration and Monitoring Tool.
Secure Boot and Measured Boot are currently only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows also have them. When used together, Secure Boot, Trusted Boot, and Measured Boot can vouch for a reliable OS platform.
Malware Attacks on Windows
Rootkits are a sophisticated type of malware that runs in kernel mode, using the same privileges as the OS. Because rootkits have the same rights as the operating system and start before it as such, they can completely hide.
Most times, rootkits are part of an entire suite of malware that can bypass local logins, record passwords, and keystrokes, transfer private files, and capture cryptographic data. Different types of rootkits load during different phases of the startup process and they are as follows.
- Firmware rootkits. These kits overwrite the firmware of the PC’s basic input/output system or other hardware so the rootkit can start before Windows.
- Bootkits. These kits replace the operating system’s bootloader. The small piece of software starts the operating system so that the PC loads the bootkit before the operating system.
- Kernel rootkits. These kits replace a portion of the operating system kernel so the rootkit can start automatically when the OS loads.
- Driver rootkits. These kits pretend to be one of the trusted drivers that Windows uses to communicate with the PC hardware.
Secure the Windows 10 boot process: Measured Boot, Secure Boot, Trusted Boot, and Early Launch Anti-Malware
Windows 10 supports four features to help prevent
bootkits from loading during the startup process. They are as follows below.
- Secure Boot. PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system bootloaders.
- Trusted Boot. Windows checks the integrity of every component of the startup process before loading it.
- Early Launch Anti-Malware (ELAM). ELAM tests all drivers before they load and prevents unapproved drivers from loading.
- Measured Boot. The PC’s firmware logs the boot process. Then Windows can send it to a trusted server that can objectively assess the PC’s health.
When a device starts, the first step is to find the operating system (OS) bootloader. Devices without Secure Boot run whatever bootloader is on the PC’s hard drive. There isn’t any way for the device to determine if it is a trusted operating system or a rootkit.
Therefore, a device that is equipped with UEFI starts by verifying that the firmware is digitally signed thus reducing the risk of firmware rootkits.
If Secure Boot is enabled, the firmware examines the bootloader’s digital signature to verify that it hasn’t been modified. If the bootloader is intact, the firmware starts the bootloader only if one of the following conditions is true below.
- The bootloader was signed using a trusted certificate. In the case of PCs certified for Windows 10, the Microsoft certificate is trusted.
- The user has manually approved the bootloader’s digital signature. This allows the user to load non-Microsoft operating systems.
Trusted Boot takes over where Secure Boot stops.
The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component.
Note: Windows 10 can automatically repair corrupted components. Thereby restoring the integrity of Windows and allowing the PC to start correctly.
Early Launch Anti-Malware (ELAM)
Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel,
the next opportunity for malware to start is by infecting a non-Microsoft boot driver. Because traditional malware apps do not start until the boot drivers have been loaded, thereby giving
rootkits disguised as drivers to work.
ELAM can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications. Thus continuing the chain of trust established by Secure Boot and Trusted Boot.
Note: Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task to examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it.
Most antimalware software is extremely very good at detecting
runtime malware, attackers are also becoming smarter at creating rootkits that can hide from detection as well. Detecting malware that starts early in the boot cycle is a challenge that most antimalware vendors address diligently.
Typically, they create system hacks that are not supported by the host OS and can actually result in placing the computer in an unstable state. Up to this point, Windows has not provided a good way for antimalware to detect and resolve these early boot threats.
Starting from Windows 8, a new feature was introduced called “Measured Boot”, which measures each component, from the firmware up through the boot start drivers, stores those measurements in the Trusted Platform Module (TPM) on the machine, and then makes available a log that can be tested remotely to verify the boot state of the client.
Working with the TPM and non-Microsoft software, Measured Boot in Windows 10 allows a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot uses the following process:
- The PC’s UEFI firmware stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything that will be loaded before the anti-malware app.
- At the end of the startup process, Windows starts the non-Microsoft remote attestation client. The trusted attestation server sends the client a unique key.
- The TPM uses the unique key to digitally sign the log recorded by the UEFI.
- The client sends the log to the server, possibly with other security information.
The Measured Boot feature then provides antimalware apps with a trusted (resistant to spoofing and tampering) log of all boot components that started before the antimalware software.
Antimalware software uses this log to determine whether components that were initiated before it is trustworthy or if they are infected with malware in the following ways discussed below.
- The antimalware software on the local machine can send the log to a remote server for evaluation.
- The remote server may initiate remediation actions either by interacting with the software on the client or through out-of-band mechanisms, as appropriate.
Depending on the implementation and configuration, the server can now determine whether the client is healthy and grant the client access to either a limited quarantine network or to the full network.
In your environment, the system administrator has control of how Measured Boot information is used. In end-user scenarios, for example, online banking, the consumer must opt-in to use Measured Boot for the specific service.
A question that you might want to ask in the comment session: Since an operating system can only enforce its security policies only while running (active). How can it protect the data that resides in the storage drive when it is offline or when a malicious user has physical access to the system internals?
This is where Bitlocker Drive Encryption comes in. Measured Boot helps to seal the Bitlocker key to TPM using the boot measurements. If the boot parameters get changed, it will result in a different measurement.
TPM only unseals a key if the measurements match the measurement values with which the key was sealed. This ensures that even if the system is physically compromised. The malicious user won’t be able to get access to the data residing in the storage drive easily.
I hope you found this blog post helpful. In this guide, you have learned about Measured Boot, Secure Boot, Trusted Boot, Early Launch Anti-Malware, and how to secure the Windows 10 boot process. If you have any questions, please let me know in the comment session.