Can we consider the integrity check when switching on and the safe start for security reasons to be equivalent?
Safe start-up The point is that only trustworthy software is started on the processor. A chain of trust can be created as a result of the sequence of securely booted software components:
- The boot loader authenticates the operating system.
- The operating system authenticates the application.
Let us imagine that a system delivers one Integrity check when switching onThis means that when the device is switched on, the stored data (boot loader, operating system, application) is hashed and the new hash is compared with the old stored hash of the same data. In this case, the integrity of all saved software components is checked together. Then booting is only permitted if the integrity check was successful.
Does it make a difference to check the integrity / authenticity of the software one after the other? (Safe start-up) or do an integrity check for everyone when you switch on? In other words, when can we consider the integrity check and the safe start to be the same?