CPU/SoC
CPU/SoC
TPM
(Implicitly trusted)
TPM...
Untrusted bus (e.g., SPI)
Untrusted bus (e.g., SP...
Adversary
Adversary
Firmware

(Implicitly trusted)
Firmware...
Kernel

(You are here)
Kernel...
Boot Loader
(Implicitly trusted)
Boot Loade...
User Space
(Not yet trusted)
User Space...
Extend PCRs and/or
unseal secrets based on PCR measurements
Extend PCRs and/or... Text is not SVG - cannot display