Inferensys

Glossary

Measured Boot

A process where each component of the boot chain cryptographically measures the next before loading it, storing the hashes in a Trusted Platform Module to create an immutable log for remote attestation.
Elegant overhead shot of a polished wooden communal table in a sun-drenched WeWork lounge, laptops and tablets displaying AI workflow dashboards, plants and pendant lights in background.
CRYPTOGRAPHIC BOOT INTEGRITY

What is Measured Boot?

Measured Boot is a security process that cryptographically records the identity and integrity of every software component loaded during the startup sequence, storing these measurements in a Trusted Platform Module (TPM) for secure audit and remote attestation.

Measured Boot is a process where each component of the boot chain cryptographically measures the next component before loading it, storing the resulting hashes in a Trusted Platform Module (TPM). Unlike Secure Boot which enforces a policy, Measured Boot creates an immutable, verifiable log of the exact software state, enabling detection of tampering even if the system successfully boots.

The measurement log, stored in the TPM's Platform Configuration Registers (PCRs), allows a remote verifier to perform remote attestation—cryptographically confirming the system's integrity before releasing secrets or granting network access. This is critical in air-gapped and sovereign AI deployments where supply chain integrity must be verified without external connectivity.

CRYPTOGRAPHIC INTEGRITY

Key Features of Measured Boot

Measured Boot establishes a chain of trust from firmware to operating system by cryptographically hashing each component before execution, storing the results in a TPM for remote verification.

01

Chain of Trust Establishment

Each boot component measures the next before passing control. The Core Root of Trust for Measurement (CRTM) starts by hashing the BIOS/UEFI firmware. That firmware then measures the bootloader, which measures the OS kernel, creating an unbroken chain. Any modification—even a single bit flip—produces a different hash, immediately detectable during attestation.

02

TPM Platform Configuration Registers

The Trusted Platform Module stores measurements in Platform Configuration Registers (PCRs). These registers use an extend operation: New PCR = Hash(Old PCR || New Hash). This append-only design means historical measurements cannot be overwritten—only extended. PCRs 0-7 typically store firmware measurements, while PCRs 8-15 capture OS-level events.

03

Remote Attestation Protocol

A remote verifier challenges the TPM to prove system integrity. The TPM signs the current PCR values with an Attestation Identity Key (AIK), producing a TPM Quote. The verifier compares these hashes against a known-good golden measurement database. If PCR values match expected hashes, the system is trusted. If not, the platform is considered compromised.

04

Secure Boot vs. Measured Boot

Secure Boot enforces policy—it blocks unsigned code from executing. Measured Boot records what executed, regardless of policy. They complement each other: Secure Boot prevents unauthorized code, while Measured Boot provides an audit trail proving what actually ran. A system can fail Secure Boot verification but still produce valid measurements for forensic analysis.

05

Measured Boot Log (Event Log)

The TPM stores only hash digests, not raw data. A separate Event Log in system memory records the actual details: which component was measured, its hash, and the PCR index. During attestation, the verifier replays the log to reconstruct expected PCR values. If the replay produces the same TPM-signed PCR values, the log is proven authentic.

06

Sealing Data to PCR State

The TPM can seal encryption keys to specific PCR values. A disk encryption key, for example, can be sealed to PCRs 0-7. If malware modifies the bootloader, PCR values change, and the TPM refuses to unseal the key. This ensures encrypted data is only accessible when the system boots into a known-trusted configuration.

MEASURED BOOT INTEGRITY

Frequently Asked Questions

Explore the cryptographic mechanisms that validate the integrity of your air-gapped AI infrastructure from the moment power is applied, ensuring no undetected rootkits or firmware implants compromise your sovereign compute environment.

Measured Boot is a security process where every component of the system boot chain cryptographically measures the next component before loading it, storing the resulting hashes in a Trusted Platform Module (TPM) to create an immutable, verifiable log. Unlike Secure Boot, which enforces execution policy by blocking unauthorized code, Measured Boot focuses on creating a tamper-proof record of exactly what ran. The process begins with the Core Root of Trust for Measurement (CRTM) , a small, immutable piece of firmware code that measures the BIOS. The BIOS then measures the bootloader, which measures the OS kernel, and so on. Each measurement extends a Platform Configuration Register (PCR) inside the TPM using a cryptographic hash, creating a chain of trust that cannot be falsified after the fact. This log is critical for Remote Attestation, allowing a verifying party to confirm the exact software stack running on an air-gapped AI server before releasing decryption keys for model weights.

BOOT INTEGRITY COMPARISON

Measured Boot vs. Secure Boot vs. Trusted Boot

A technical comparison of three distinct firmware-level security mechanisms that protect the boot chain from compromise, detailing their primary functions, cryptographic foundations, and operational roles in establishing platform trust.

FeatureMeasured BootSecure BootTrusted Boot

Primary Function

Cryptographically record the identity of every loaded component into a TPM for audit

Enforce a signature policy to block execution of unauthorized firmware or bootloaders

Detect a compromised bootloader and automatically remediate by restoring a known-good state

Enforcement Mechanism

Passive logging only; does not halt the boot process on mismatch

Active enforcement; halts boot if signature verification fails against a deny list

Active detection with automatic rollback to a clean backup if integrity check fails

Core Hardware Dependency

Trusted Platform Module (TPM) for Platform Configuration Registers (PCRs)

UEFI firmware with Platform Key (PK) and Key Exchange Key (KEK) database

TPM for measurement plus a protected backup partition for recovery

Output Artifact

Immutable event log stored in TPM PCRs for remote attestation queries

Boot status (pass/fail); no detailed log of loaded components

Verified boot state with automated remediation log entry

Primary Threat Model

Advanced persistent threats requiring forensic proof of tampering

Bootkit and rootkit prevention from untrusted external media

Ransomware or corruption that overwrites boot files with malicious variants

Supports Remote Attestation

Stops Malicious Boot

Typical Deployment Context

Defense, critical infrastructure, and sovereign cloud environments requiring audit trails

Consumer devices, enterprise endpoints, and general-purpose servers

Windows enterprise environments with BitLocker integration for automatic recovery

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.