concept

Measured Boot

Measured Boot is a security mechanism that creates a cryptographically secure record (measurement) of each component loaded during the boot process, from firmware to the operating system kernel. It uses a Trusted Platform Module (TPM) to store these measurements in Platform Configuration Registers (PCRs), enabling verification of boot integrity. This process helps detect unauthorized modifications, such as rootkits or bootkits, by ensuring that only trusted software components are executed.

Also known as: Secure Boot Measurement, TPM-based Boot, Boot Integrity Measurement, PCR Measurement, Trusted Boot
🧊Why learn Measured Boot?

Developers should learn and implement Measured Boot when building secure systems, especially in environments requiring high assurance, such as financial services, healthcare, or government applications. It is critical for compliance with standards like FIPS 140-2 or Common Criteria, and it enables features like remote attestation, where a system can prove its integrity to external parties. Use cases include securing cloud infrastructure, IoT devices, and enterprise endpoints against firmware-level attacks.

Compare Measured Boot

Measured Boot vs Secure BootMeasured Boot vs Unified Extensible Firmware InterfaceMeasured Boot vs Hardware Security Module

Learning Resources

📄
Trusted Computing Group - TPM and Measured Boot Overview
docs
📄
Microsoft Docs - Measured Boot
docs
📝
Linux Foundation - TPM and Measured Boot Tutorial
tutorial
🎓
Coursera - Hardware Security Course
course
🎬
YouTube - Measured Boot Explained
video

Related Tools

Trusted Platform ModuleSecure BootRemote AttestationFirmware SecurityCryptography

Alternatives to Measured Boot

Secure BootUnified Extensible Firmware InterfaceHardware Security Module