Measured Boot is a process where each component of the boot chain cryptographically measures the next component before loading it, storing the resulting hashes in a Trusted Platform Module (TPM). Unlike Secure Boot which enforces a policy, Measured Boot creates an immutable, verifiable log of the exact software state, enabling detection of tampering even if the system successfully boots.
Glossary
Measured Boot

What is Measured Boot?
Measured Boot is a security process that cryptographically records the identity and integrity of every software component loaded during the startup sequence, storing these measurements in a Trusted Platform Module (TPM) for secure audit and remote attestation.
The measurement log, stored in the TPM's Platform Configuration Registers (PCRs), allows a remote verifier to perform remote attestation—cryptographically confirming the system's integrity before releasing secrets or granting network access. This is critical in air-gapped and sovereign AI deployments where supply chain integrity must be verified without external connectivity.
Key Features of Measured Boot
Measured Boot establishes a chain of trust from firmware to operating system by cryptographically hashing each component before execution, storing the results in a TPM for remote verification.
Chain of Trust Establishment
Each boot component measures the next before passing control. The Core Root of Trust for Measurement (CRTM) starts by hashing the BIOS/UEFI firmware. That firmware then measures the bootloader, which measures the OS kernel, creating an unbroken chain. Any modification—even a single bit flip—produces a different hash, immediately detectable during attestation.
TPM Platform Configuration Registers
The Trusted Platform Module stores measurements in Platform Configuration Registers (PCRs). These registers use an extend operation: New PCR = Hash(Old PCR || New Hash). This append-only design means historical measurements cannot be overwritten—only extended. PCRs 0-7 typically store firmware measurements, while PCRs 8-15 capture OS-level events.
Remote Attestation Protocol
A remote verifier challenges the TPM to prove system integrity. The TPM signs the current PCR values with an Attestation Identity Key (AIK), producing a TPM Quote. The verifier compares these hashes against a known-good golden measurement database. If PCR values match expected hashes, the system is trusted. If not, the platform is considered compromised.
Secure Boot vs. Measured Boot
Secure Boot enforces policy—it blocks unsigned code from executing. Measured Boot records what executed, regardless of policy. They complement each other: Secure Boot prevents unauthorized code, while Measured Boot provides an audit trail proving what actually ran. A system can fail Secure Boot verification but still produce valid measurements for forensic analysis.
Measured Boot Log (Event Log)
The TPM stores only hash digests, not raw data. A separate Event Log in system memory records the actual details: which component was measured, its hash, and the PCR index. During attestation, the verifier replays the log to reconstruct expected PCR values. If the replay produces the same TPM-signed PCR values, the log is proven authentic.
Sealing Data to PCR State
The TPM can seal encryption keys to specific PCR values. A disk encryption key, for example, can be sealed to PCRs 0-7. If malware modifies the bootloader, PCR values change, and the TPM refuses to unseal the key. This ensures encrypted data is only accessible when the system boots into a known-trusted configuration.
Frequently Asked Questions
Explore the cryptographic mechanisms that validate the integrity of your air-gapped AI infrastructure from the moment power is applied, ensuring no undetected rootkits or firmware implants compromise your sovereign compute environment.
Measured Boot is a security process where every component of the system boot chain cryptographically measures the next component before loading it, storing the resulting hashes in a Trusted Platform Module (TPM) to create an immutable, verifiable log. Unlike Secure Boot, which enforces execution policy by blocking unauthorized code, Measured Boot focuses on creating a tamper-proof record of exactly what ran. The process begins with the Core Root of Trust for Measurement (CRTM) , a small, immutable piece of firmware code that measures the BIOS. The BIOS then measures the bootloader, which measures the OS kernel, and so on. Each measurement extends a Platform Configuration Register (PCR) inside the TPM using a cryptographic hash, creating a chain of trust that cannot be falsified after the fact. This log is critical for Remote Attestation, allowing a verifying party to confirm the exact software stack running on an air-gapped AI server before releasing decryption keys for model weights.
Measured Boot vs. Secure Boot vs. Trusted Boot
A technical comparison of three distinct firmware-level security mechanisms that protect the boot chain from compromise, detailing their primary functions, cryptographic foundations, and operational roles in establishing platform trust.
| Feature | Measured Boot | Secure Boot | Trusted Boot |
|---|---|---|---|
Primary Function | Cryptographically record the identity of every loaded component into a TPM for audit | Enforce a signature policy to block execution of unauthorized firmware or bootloaders | Detect a compromised bootloader and automatically remediate by restoring a known-good state |
Enforcement Mechanism | Passive logging only; does not halt the boot process on mismatch | Active enforcement; halts boot if signature verification fails against a deny list | Active detection with automatic rollback to a clean backup if integrity check fails |
Core Hardware Dependency | Trusted Platform Module (TPM) for Platform Configuration Registers (PCRs) | UEFI firmware with Platform Key (PK) and Key Exchange Key (KEK) database | TPM for measurement plus a protected backup partition for recovery |
Output Artifact | Immutable event log stored in TPM PCRs for remote attestation queries | Boot status (pass/fail); no detailed log of loaded components | Verified boot state with automated remediation log entry |
Primary Threat Model | Advanced persistent threats requiring forensic proof of tampering | Bootkit and rootkit prevention from untrusted external media | Ransomware or corruption that overwrites boot files with malicious variants |
Supports Remote Attestation | |||
Stops Malicious Boot | |||
Typical Deployment Context | Defense, critical infrastructure, and sovereign cloud environments requiring audit trails | Consumer devices, enterprise endpoints, and general-purpose servers | Windows enterprise environments with BitLocker integration for automatic recovery |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the foundational technologies that interact with the Measured Boot process to establish a hardware-anchored chain of trust in sovereign and air-gapped environments.
Trusted Platform Module (TPM)
A dedicated microcontroller on the device motherboard that acts as the secure cryptoprocessor for Measured Boot. It securely stores the Platform Configuration Registers (PCRs) that hold the cryptographic hashes of each boot component. The TPM provides the hardware root of trust, ensuring that the measurement log cannot be tampered with by software, and is essential for sealing secrets to a specific, verified system state.
Remote Attestation
The primary verification protocol that consumes the log generated by Measured Boot. A remote challenger requests a signed TPM quote containing the PCR values. This allows an external verifier to cryptographically confirm the exact software stack running on an air-gapped machine before granting it network access or releasing sensitive decryption keys, ensuring the system has not been compromised.
Hardware Root of Trust
The foundational security concept that Measured Boot relies upon. It establishes an immutable starting point in hardware (typically ROM or eFuses) that is implicitly trusted. This root then cryptographically verifies each subsequent stage—firmware, bootloader, OS kernel—creating an unbroken chain. Without a hardware root, a sophisticated rootkit could simply lie about the measurements.
Supply Chain Integrity
The end-to-end process of ensuring hardware and firmware have not been tampered with before deployment. Measured Boot provides the runtime verification of this integrity by comparing boot measurements against known-good golden values. Any mismatch in the PCR hashes immediately alerts operators to a potential supply chain attack, such as a compromised firmware module inserted during transit.
Secure Boot
A complementary but distinct technology often confused with Measured Boot. While Secure Boot enforces policy by preventing the execution of unsigned code, Measured Boot records what executed. Secure Boot stops the boot; Measured Boot audits it. Together, they provide a layered defense: Secure Boot blocks unauthorized binaries, and Measured Boot logs the entire sequence for forensic attestation.
Hardware Security Module (HSM)
A dedicated physical computing device that safeguards and manages digital keys. In a sovereign infrastructure context, an HSM can act as the verification authority for Measured Boot attestations. It can be configured to release network-bound decryption keys only upon receiving a valid TPM quote, ensuring that a server cannot decrypt its data unless it booted into a trusted state.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us