Boot, BIOS, and Firmware Security
So far, we have covered TPM and LUKS disk encryption to protect the data. This chapter will push you to reflect deeper into the basest of hardware functions and your boot system itself. I’m going to warn you upfront. The settings we will review here are truly a double-edged sword, and by that, I mean simply that they can protect the system but also, they can make supporting the same system at a customer site painfully difficult.
Understanding how to best lock down and protect your BIOS (short for Basic Input Output System), its firmware, and your operating systems’ ability to boot securely will ensure that your customers are rewarded with a more resilient product and your team has reduced your company’s exposure to risks.
Locking down your BIOS and boot options, albeit a great idea, does have support implications that I feel compelled to highlight. We’ll cover some of these in greater detail.
In this chapter, we...
