With a chain of cryptographic signatures that secure the boot process from the chipset to the operating system and up to the Virtual Desktop Infrastructure (VDI), Igel wants to ensure more security for end-user computing.
With version 11.03.100 of the Igel OS, Igel supports the protection of the boot process from the chipset through to the virtual desktop infrastructure ( VDI ) with a chain of cryptographic signatures. Also, the writable partitions of the SSD, eMMC, or hard drive are encrypted.
The first defense mechanism is already on the motherboard. Through the cooperation with the chip manufacturer AMD, manipulation of the UEFI already leads to the abortion of the boot process. A dedicated security processor checks the signature of the UEFI for trustworthiness before booting. Thanks to this AMD Platform Secure Boot, attacks via the UEFI (such as Evil Maid attacks) are not possible. The chain of trust is then linked further by the UEFI checking the signature of the bootloader and the latter checking the operating system kernel.
The next stage is pre-boot authentication, which is applied to the kernel before the operating system partition is loaded. This transition from the kernel to the Igel Operating System forms the next link in the chain of trust. However, Igel’s capabilities extend far beyond the endpoint. The chain only ends in the virtual environment via TLS/SLL. Regardless of whether it is a classic VDI-on-premise or a modern desktop-as-a-service (DaaS) environment. In any case, it is excluded that a partition was effected before the actual work environment and business applications can be accessed.
To this extent, the chain of trust is a novelty in end-user computing. This allows all processes to be interlinked to close attack vectors at each level. Even if thin clients are not obtained from Igel, the parts of the certificate chain are largely retained. If the hardware meets the requirements, Igel can also expand support.