Trusted boot is a combination of technologies that allows us to enhance the security posture of a running system. It is composed by FDE, Secure Boot and Measured Boot. Trusted boot is an architectural requirement of SENA (Secure Edge Native Architecture) and is a key component of Kairos. You can read more about Trusted Boot in https://0pointer.de/blog/brave-new-trusted-boot-world.html and about SENA here: https://kairos.io/blog/2023/04/18/kairos-is-now-part-of-the-secure-edge-native-architect...| kairos.io
This document describes how an administrator can prevent certain OS images from booting on their hardware in the context of “Trusted Boot”. Two different scenarios will be covered, with the process being only slightly different for each case. Scenario 1 - Signing certificate is no longer trusted The process of creating signed images that can be trusted to boot, requires the signing keys to be safe and only accessible to the vendor that produces the OS images.| kairos.io