The present invention relates to methods and apparatuses for establishing a “root-of-trust” path for a computing system. In embodiments, a secure computer system having such a root-of-trust path is implemented by a secure processor in conjunction with a host processor. The secure processor becomes the root-of-trust, providing authenticated and encrypted BIOS boot code for the host processor without the need to modify the host processor's operating system. In one embodiment, the establishment of a root-of-trust is implemented by the secure processor presenting itself to the host processor as an on-board BIOS flash device and the secure processor maintaining the integrity of the BIOS boot code. In additional or alternative embodiments, the establishment of the root-of-trust includes use of a direct communications channel and protocol between the host and secure processors.