M0946 Boot Integrity
Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.
| Item | Value |
|---|---|
| ID | M0946 |
| Version | 1.0 |
| Created | 11 June 2019 |
| Last Modified | 30 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| ics | T0839 | Module Firmware | Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. 3 Move system’s root of trust to hardware to prevent tampering with the SPI flash memory. 1 Technologies such as Intel Boot Guard can assist with this. 2 |
| ics | T0857 | System Firmware | Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. 3 Move system’s root of trust to hardware to prevent tampering with the SPI flash memory. 1 Technologies such as Intel Boot Guard can assist with this. 2 |
References
-
ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25 ↩↩
-
Intel ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25 Intel Hardware-based Security Technologies for Intelligent Retail Devices Retrieved. 2020/09/25 ↩↩
-
N/A Trusted Platform Module (TPM) Summary Retrieved. 2020/09/25 ↩↩