CompTIA Security+ (SY0-601): Supply Chain Management
This section emphasizes securing hardware through due diligence, trusted sourcing, and anti-tamper mechanisms. It introduces concepts like Trusted Foundries, Hardware Root of Trust (RoT), and Hardware Security Modules (HSMs), all of which ensure devices function as intended and resist unauthorized modifications or counterfeit threats.
Due Diligence
A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system
Key Terms
Due Diligence
A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and main...
Trusted Foundry
A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does no...
Hardware Source Authenticity
The process of ensuring that hardware is procured tamper-free from trustworthy suppliers
Hardware ROT
Hardware Root of Trust:
A cryptographic module embedded within a computer system that c...
HSM
Hardware Security Module:
An appliance for generating and storing cryptographic keys that is less susceptible to tamp...
Anti-Tamper
Methods that make it difficult for an attacker to alter the authorized execution of software
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Due Diligence | A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system |
Trusted Foundry | A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function) Trusted Foundry Program is operated by the Department of Defense (DoD) |
Hardware Source Authenticity | The process of ensuring that hardware is procured tamper-free from trustworthy suppliers Greater risk of inadvertently obtaining counterfeited or compromised devices when purchasing from second-hand or aftermarket sources |
Hardware ROT | Hardware Root of Trust: A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics A hardware root of trust is used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report |
HSM | Hardware Security Module: |
Anti-Tamper | Methods that make it difficult for an attacker to alter the authorized execution of software Anti-tamper mechanisms include a field programmable gate array (FPGA) and a physically unclonable function (PUF) |
UEFI | Unified Extensible Firmware Interface: Basically a new-and-improved BIOS |
Secure Boot | A UEFI feature that prevents unwanted processes from executing during the boot operation |
Measured Boot | A UEFI feature that gathers secure metrics to validate the boot process in an attestation report |
Attestation | A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key |
eFUSE | A means for software or firmware to permanently alter the state of a transistor on a computer chip Basically, the fuse will blow if the state of the software/firmware is modified |
Processor Security Extensions | AMD: Intel: |
Trusted Execution | The CPU’s security extensions invoke a TPM and secure boot attestation to ensure that a trusted operating system is running |
Secure Enclave | The extensions allow a trusted process to create an encrypted container for sensitive data |
Atomic Execution | Certain operations that should only be performed once or not at all, such as initializing a memory location |
Bus Encryption | Data is encrypted by an application prior to being placed on the data bus Ensures that the device at the end of the bus is trusted to decrypt the data |