Titanium Secure Boot
Trusted Boot, from the moment you power on
Star Lab’s Titanium Secure Boot provides the strongest boot-time authentication/trust on Intel chipsets, all while being more flexible in terms of target Linux distributions and BIOS variants. Titanium Secure Boot prevents an attacker from subverting or interposing late-load security components, only successfully booting the OS or hypervisor if the system’s state is cryptographically verified.
Trusted Boot, from the moment you power on
Star Lab’s Titanium Secure Boot provides the strongest boot-time authentication/trust on Intel chipsets, all while being more flexible in terms of target Linux distributions and BIOS variants. Titanium Secure Boot prevents an attacker from subverting or interposing late-load security components, only successfully booting the OS or hypervisor if the system’s state is cryptographically verified.
Measured, authentic, Integrity at boot
Leveraging a TPM, HSM, or other secure hardware to supplement its attestation, removing the sole verification burden from boot-time software that must trust itself, Titanium Secure Boot verifies the integrity and authenticity of boot-time components through a measured boot sequence.
- Linux kernel and initramfs can be updated without reprovisioning the secure hardware
- Protects memory regions from probing, even after booting the kernel
- Enables secure software updates
- Enables flexible sparing strategies
Titanium Secure Boot vs. UEFI Secure Boot
Titanium Secure Boot (a form of Measured Boot) and UEFI Secure Boot are similar in that they verify the authenticity of boot-time components; however, they vary greatly in terms of how verification is performed and to what level of granularity. Both UEFI Secure Boot and Titanium Secure Boot start from the foundation of the Intel hardware and BIOS working together to measure the integrity of the early boot components/firmware.
Download the datasheet
Titanium Secure Boot goes a step beyond the typical static root/chain of trust measurements used by other Secure Boot
capabilities, additionally building a dynamic chain of trust leveraging Intel’s Trusted eXecution Technology (TXT). This dynamic component significantly reduces the level of inherent trust placed in the early firmware components involved in the measurement process while also reducing the impact of runtime exploitation of boot-time components (a significant threat). Titanium Secure Boot also leverages the Trusted Platform Module (TPM) for all cryptographic key storage, providing both a hardware root of security and a very straightforward provisioning process for both diskless and diskfull systems.