A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

Javier Gonzales, Michael Hölzl, Peter Riedl, Philippe Bonnet, Rene Mayrhofer

Research output: Chapter in Book/Report/Conference proceedingsChapterpeer-review

8 Citations (Scopus)


Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.
Original languageEnglish
Title of host publicationInformation Security - 17th International Conference, ISC 2014, Proceedings
EditorsSherman S.M. Chow, Jan Camenisch, Lucas C.K. Hui, Siu Ming Yiu
Number of pages13
ISBN (Electronic)9783319132563
ISBN (Print)978-3-319-13257-0
Publication statusPublished - 2014
EventInformation Security Conference (ISC) - Hong Kong, China
Duration: 12 Oct 201414 Oct 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInformation Security Conference (ISC)
CityHong Kong
Internet address


  • Secure boot
  • Secure element
  • Trusted boot
  • TrustZone


Dive into the research topics of 'A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices'. Together they form a unique fingerprint.

Cite this