NIST requirements
Last updated August 12th, 2024
The National Institute of Standards and Technology (NIST) publishes standards that outline security requirements for PC platforms. This section describes how Samsung Galaxy Books with the Knox security platform satisfy the following requirements:
-
Firmware Resiliency:
- NIST 800-193 (Platform Firmware Resiliency)
- NIST 800-147 (BIOS Protection)
- NIST 800-155 (BIOS Integrity Measurement)
-
Cryptography Support:
- NIST 800-131A (Cryptographic Algorithms)
-
Media Sanitization Support:
- NIST 800-88 (Media Sanitization)
Platform Firmware Resiliency (NIST 800-193)
NIST 800-193 — published in 2018 — is an extensive set of guidelines that help secure platform firmware from unauthorized corruption. These guidelines outline the requirements for protecting critical firmware code and data from corruption, detecting corruption, and recovering from corruption.
NIST 800-193 is the most comprehensive standard for firmware protection, superseding the much older and narrower-in-scope NIST 800-147 (BIOS Protection) and NIST 800-155 (BIOS Integrity Measurement) standards.
Platform Requirements: Protected, Recoverable, and Resilient
The requirements for classifying a platform as Protected, Recoverable, or Resilient are as follows:
-
Protected Platform
- A Protected Platform must have a trusted component (Root of Trust for Update) that authenticates code updates and data modifications for critical platform firmware, and
- A Protected Platform must protect the integrity of critical platform firmware code and data on non-volatile storage and in runtime memory in addition to the above authenticated update mechanisms.
-
Recoverable Platform
- A Recoverable Platform must have a trusted component (Root of Trust for Detection and Recovery) that is able to detect corruption to critical platform firmware code and data and recover code and data from the corruption
-
Resilient Platform
- A Resilient platform must support both Protected and Recoverable platform requirements
The protection, detection, and resiliency properties apply to critical platform device firmware code and data:
- Firmware code
- Firmware executables in storage and in memory at runtime
- Firmware data
- Firmware configuration, settings, and policy in storage
Definition of Critical Platform Device Firmware
As stated in NIST.SP.800-193, Platform Firmware is responsible for initializing components, booting the system, and providing runtime services implemented by hardware components. While platforms support a wide range of devices with associated firmware, the scope of this document specifically covers critical platform devices and their corresponding firmware.
NIST.SP.800-193 also states that for a platform as a whole to claim resiliency to destructive attacks, the set of platform devices necessary to minimally restore operation of the system, and sufficient to restore reasonable functionality, should themselves be resilient. These devices are known as critical platform devices, and their particular resiliency properties may vary from platform to platform.
In other words, critical platform devices are responsible for booting and minimally restoring the system to a reasonable working state. Table 2 explains the critical platform device firmwares that runs on Samsung Galaxy Books with the Knox security platform.
Table 2: Critical Platform Device Firmware for Galaxy Books with the Knox security platform
Critical Platform Device Firmware1 | Why is it critical? |
---|---|
SecEP (Secure Embedded Processor) Firmware | The SecEP is a specialized security chip on Samsung Galaxy Books with the Knox security platform. It is the first code that runs during boot, is the root of trust (RoT) that starts the secure boot process chain, stores the cryptographic keys necessary to protect and detect the integrity of critical UEFI / BIOS data, and restores its own firmware and the UEFI / BIOS firmware if corruption is detected. |
Host Processor Boot Firmware (UEFI / BIOS) | The UEFI/BIOS initializes the system (including hardware) and extends the secure boot chain to the OS bootloader. Platform Runtime Firmware (SMM) | The System Management Mode (SMM) firmware provides critical services to the OS at runtime and is a trusted interface for updating UEFI / BIOS data. |
Trusted Platform Module (TPM) | The TPM stores cryptographic keys used for data decryption during boot and a secure record of boot measurements for remote attestation |
Intel Management Engine (CSME) Firmware | The Intel CSME firmware loads firmware into hardware blocks and is essential to booting a system. |
Power Delivery (PD) Firmware | The PD firmware is responsible for USB-C power delivery. |
1 The Network Interface Controller (NIC) firmware is not considered critical to booting the platform, since setups such as PXE boot are not typical for laptop PCs. However, the NIC firmware is still protected by being a part of the BIOS image.
Samsung Galaxy Books with the Knox security platform and NIST 800-193
Samsung Galaxy Books with the Knox security platform meet the firmware resiliency requirements (including protection, detection, and recovery) for critical platform code and data, as detailed in Table 3.
In summary, firmware code is protected in storage by mechanisms such as secure storage and Intel BIOS Guard. Firmware code updates are only allowed after signature verification. Firmware data is stored in secure storage, protected by integrity measurements, and access is allowed only through trusted channels. Finally, firmware code and data are restored from secure backups whenever corruption is detected.
Table 3: Satisfaction of NIST 800-193 Resiliency Requirements
Criteria | Critical Code Protection | Critical Data Protection |
---|---|---|
Protection1 |
The SecEP firmware is stored in secure internal flash. The UEFI/BIOS, SMM, CSME, and PD firmware is stored in SPI flash protected by Intel BIOS Guard and write protections The SecEP firmware is the RoT and performs SecEP self-validation and SecEP BIOS Validation to start off Intel Boot Guard and UEFI Secure Boot chain that protects all other firmware, including UEFI/BIOS, SMM, CSME, and PD. At runtime, the SMM firmware runs in a special CPU mode and is protected from the OS and other non-critical code. In addition, SMI Guard and Advanced SMM Protection protects the SMM code from any exploits at runtime. Firmware updates are packed in update capsules and are digitally signed in a Hardware Security Modules (HSMs) by cryptographic keys that are derived from a Samsung Root of Trust As part of the update process using capsules, the integrity of all platform firmware is checked using digital signatures on the update capsules. The secure update process also includes checks for build version to prevent rollback to older versions |
EFI variables can only be modified through APIs defined in SMM firmware EFI variables without RT attribute are protected from runtime updates. EFI variables with Authenticated attribute(s) are protected from any un-authorized modification and are protected by signatures The SecEP firmware's data is stored in dedicated flash storage that only the SecEP has access to |
Detection | The secure boot process checks for the integrity of all platform firmware. Only platform firmware that is digitally signed by approved authorities is allowed to boot. Otherwise, modification is detected and alerts raised. | The Secure Boot Configuration Recovery feature stores cryptographic hashes of security-critical boot configuration data, using which corruption can be detected. |
Recovery | The BIOS Auto Recovery feature recovers updatable firmware if corruption is detected, including the UEFI/BIOS, SMM, and PD firmware2 |
The Secure Boot Configuration Recovery feature recovers UEFI/BIOS security-critical boot configuration data from known-good backups in protected storage if corruption is detected. Further, factory defaults of UEFI/BIOS/SMM settings can be restored from protected storage. |
Logging | Tamper Alert alerts admins of certain security-critical events that indicate tampering with firmware data or code. Tamper Alert event logging is integrated with Windows Event Viewer |
1 The TPM firmware’s protection mechanisms for code and data are detailed in TCG TPM 2.0.
2 Recovery of the Intel CSME firmware is not supported. However, Intel CSME firmware has its own recovery mechanisms.
Support for NIST 800-147 (BIOS Protection)
NIST 800-147, published in 2011, focuses specifically on protecting the BIOS image from unauthorized modifications. The standard requires tight controls around the few approved mechanisms that can legitimately change the BIOS image. In addition, the standard lists particular threats that are commonly used to compromise the integrity of the BIOS image, and requires that these threats are addressed. A summary of the requirements is below:
- Controls around authorized mechanisms to modify BIOS image on flash.
- Authenticated BIOS Update: The BIOS update mechanism should update the BIOS image in non-volatile storage only after checking the integrity of the updated BIOS image using digital signatures generated by approved cryptographic algorithms through a Root of Trust (RoT), and
- (Optional) Secure Local BIOS Update: In cases where the above authenticated BIOS updates are not possible (e.g., due to corruption), local BIOS updates are optionally allowed. Local BIOS update should require physical presence (e.g., through administrator passwords) before updating the BIOS image in non-volatile storage
- Blocking unauthorized updates to the BIOS image.
- Integrity: The non-volatile memory storing BIOS image and the RoT keys should be write-protected from unauthorized modifications
- Non-bypassability: There should be no other mechanisms to update the BIOS image beyond the above authorized mechanisms.
NIST 800-147 is largely superseded by NIST 800-193. Whereas NIST 800-147 focuses on protecting the BIOS image, NIST 800-193 addresses all critical firmware images (including the BIOS image). However, for completeness, we list how Galaxy Books with the Knox security platform satisfy NIST 800-147 requirements in Table 4.
Table 4: Satisfaction of NIST 800-147 BIOS Protection Requirements
Criteria | Description |
---|---|
BIOS Update Authentication |
BIOS updates are packed in update capsules and are digitally signed in a Hardware Security Modules (HSMs) by cryptographic keys that are derived from a Samsung Root of Trust As part of the secure update process, the integrity of the BIOS update image is checked by verifying digital signatures on the update capsules. The secure update process also includes checks for build version to prevent rollback to older versions The secure update process is protected by itself being part of the BIOS image or in System Management Mode (SMM) memory and by UEFI Secure Boot The cryptographic keys used to verify the update capsule digital signature are part of the BIOS image, which is stored in write-protected SPI flash |
Digital Signature Strength | BIOS update images are digitally signed using RSA-2048 or higher, thus bringing the strength of the signature above 112 bits as recommended by NIST 800-131A |
Secure Local Update (Optional) | The secure BIOS recovery and update flow requires the BIOS administrator password, therefore enforcing physical presence |
Integrity Protection of Storage | The BIOS image is stored in SPI flash protected by multiple layers of write protection – Intel BIOS Guard and SPI write lock |
Non-Bypassability |
SPI flash write access is available only to authorized update code running in the secure System Management Mode (SMM) memory at runtime SPI flash write access is otherwise locked early in the boot process, and especially much before any third-party firmware driver is executed |
Support for NIST 800-155 (BIOS Integrity Measurement)
NIST 800-155 deals with integrity measurements and reporting of the BIOS. The standard requires that any changes to the BIOS code (firmware image) and data (settings) must be measured faithfully, stored securely, and reported to a verifier (IT admin). A summary of the requirements are as follows:
- Measurement — A trusted component (Root of Trust for Measurement) measures, through a cryptographic hash:
- BIOS Code — BIOS boot code modules, including the BIOS Boot Block and SMM code
- BIOS Data — User-configurable settings of the BIOS
- Storage — The integrity measurement summary must be stored in secure, tamper-evident storage managed by a trusted component (Root of Trust for Storage). A log describing the measurements may optionally also be stored.
- Reporting — A trusted component (Root of Trust for Reporting) reports the stored integrity measurements ensuring authentication, identity of the endpoint, and freshness of the report
- Requirements of remediation and restoration of the BIOS.
As mentioned, NIST 800-193 is much broader in scope than NIST 800-155 and supersedes it. However, for completeness, However, for completeness, we list how the Galaxy Books with the Knox security platform satisfy NIST 800-155 requirements in Table 5.
Table 5: Satisfaction of NIST 800-155 BIOS Integrity Measurement Requirements
Criteria | Description |
---|---|
Measurement |
BIOS Code --- During boot, all BIOS boot components are measured as part of the Secure Boot. The measurements include all components specified in NIST 800-155 (BIOS boot block, SMM, BIOS recovery and update mechanism in the SecEP, Option ROMs, ACPI/POST) BIOS Data --- During boot, the integrity of security-critical boot configuration data is not only measured and verified, but also recovered from if corruption is detected.1 |
Storage |
The integrity measurement is stored as an extended hash in secure, tamperproof Platform Configuration Registers of the TPM. Measurement log entries are added to the TPM event log. |
Reporting |
TPM Attestation reports the measurements stored in PCRs. Attestation is signed by a key provisioned into the TPM during manufacture that proves its authenticity using a certificate chain rooted in a trusted key. This attestation key also uniquely identifies the endpoint. Attestation protocol ensures freshness using a nonce. |
Remediation and Restoration | The BIOS image and data are recovered after authentication through BIOS Auto Recovery and Secure Boot Configuration Recovery. |
1 Integrity measurements of only the security-critical boot configuration data and not all user-configurable settings is supported
Other NIST Standards
- NIST 800-131A (Cryptographic Algorithms)
- This standard prescribes minimum strengths of cryptographic algorithms for various purposes such as encryption and digital signatures. Samsung Galaxy Books with the Knox security platform satisfy (or exceed) these requirements where relevant as outlined in the above sections.
- NIST 800-88 (Media Sanitization)
- This standard describes guidelines for secure media sanitization that ensures proper destruction of data. Galaxy Books with the Knox security platform support secure media sanitization for solid-state drives (SSDs) connected through SATA and NVMe.
On this page
Is this page helpful?