1. Home
  2. Mitigations
  3. Boot Integrity

Boot Integrity

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.

ID: M0946
Security Controls: IEC 62443-4-2:2019 - CR 3.14, NIST SP 800-53 Rev. 5 - SI-7
Version: 1.1
Created: 11 June 2019
Last Modified: 12 May 2026
ICS Layer
download view

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T1693 Modify Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology.[1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory.[2] Technologies such as Intel Boot Guard can assist with this.[3]
.001 System Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology.[1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory.[2] Technologies such as Intel Boot Guard can assist with this.[3]
.002 Module Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology.[1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory.[2] Technologies such as Intel Boot Guard can assist with this.[3]

References

  1. N/A Trusted Platform Module (TPM) Summary Retrieved. 2020/09/25
  2. ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25
  1. Intel ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group Retrieved. 2020/09/25 Intel Hardware-based Security Technologies for Intelligent Retail Devices Retrieved. 2020/09/25