The first assumption upon which the AEGIS model is based is that the motherboard, processor, and a portion of the system ROM (BIOS) are not compromised, i.e., the adversary is unable or unwilling to replace the motherboard or BIOS. We also depend on the integrity of an expansion card which contains copies of the essential components of the boot process for recovery purposes, cryptographic certificates, and optionally a small operating system for recovering components from a trusted network host.
The second assumption is the existence of a cryptographic certificate authority infrastructure in order to bind an identity with a public key. However, there is no restriction on its form, e.g., single trusted authority, hierarchical, web of trust [22] [3].
The final assumption is that some trusted source exists for recovery purposes. This source may be a host on a network that is reachable through a secure communications protocol, or it may be the trusted ROM card located on the protected host.