Integrity assurance through early loading in the boot phase
First Claim
1. A computing device comprising:
- a processor;
memory; and
a plurality of components stored in the memory and operable by the processor during a boot phase of the computing device, wherein the boot phase is not a pre-boot phase, the components including;
a library component of a driver of an integrity manager associated with a kernel-mode component, the library component to be processed during the boot phase and before initialization of drivers by an operating system of the computing device and which, when processed, ensures that the driver of the integrity manager is a first of the drivers in an initialization order of the drivers utilized by the operating system;
the driver of the integrity manager which, when initialized, causes the computing device to launch the integrity manager; and
the integrity manager which, when launched;
determines that a driver of the kernel-mode component is not next in the initialization order after the driver of the integrity manager; and
alters the initialization order to place the driver of the kernel-mode component next in the initialization order to initialize the driver of the kernel-mode component before initializing remaining ones of the drivers.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques utilizing library and pre-boot components to ensure that a driver associated with a kernel-mode component is initialized before other drivers during a boot phase are described herein. The library component is processed during a boot phase; the pre-boot component, which may be an alternative to the library component, is processed during a pre-boot phase. By ensuring that the driver is the first driver initialized, the components enable the driver to launch the kernel-mode component before other drivers are initialized. The library component may also determine whether another driver is to be initialized before the kernel-mode component driver, may ensure that kernel-mode component driver is initialized first, and may alert the kernel-mode component. Also, the library component may retrieve information that is to be deleted by the operating system before initialization of drivers and may provide that information to the kernel-mode component.
-
Citations
28 Claims
-
1. A computing device comprising:
-
a processor; memory; and a plurality of components stored in the memory and operable by the processor during a boot phase of the computing device, wherein the boot phase is not a pre-boot phase, the components including; a library component of a driver of an integrity manager associated with a kernel-mode component, the library component to be processed during the boot phase and before initialization of drivers by an operating system of the computing device and which, when processed, ensures that the driver of the integrity manager is a first of the drivers in an initialization order of the drivers utilized by the operating system; the driver of the integrity manager which, when initialized, causes the computing device to launch the integrity manager; and the integrity manager which, when launched; determines that a driver of the kernel-mode component is not next in the initialization order after the driver of the integrity manager; and alters the initialization order to place the driver of the kernel-mode component next in the initialization order to initialize the driver of the kernel-mode component before initializing remaining ones of the drivers. - View Dependent Claims (2, 3, 4, 5, 6, 25, 26, 27, 28)
-
-
7. A computer-implemented method comprising:
-
during a boot phase of a computing device, before initialization of drivers by an operating system of the computing device, ensuring that a driver of an integrity manager associated with a kernel-mode component is a first of the drivers in an initialization order of the drivers; initializing the driver of the integrity manager in order to launch the integrity manager; determining, by the integrity manager, whether a driver of the kernel-mode component is next in the initialization order after the driver of the integrity manager; and in response to determining that the driver of the kernel-mode component is not next in the initialization order, altering the initialization order to place the driver of the kernel-mode component as a next driver of the drivers to be initialized by the operating system after the driver of the integrity manager, and alerting the kernel-mode component that the initialization order was altered. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method comprising:
-
during a boot phase of a computing device, wherein the boot phase is not a pre-boot phase, retrieving, by a dependent dynamic link library (DLL) associated with a kernel-mode component, information that is to be deleted by an operating system of the computing device before initialization of drivers by the operating system; and providing, by the dependent DLL, the information to the kernel-mode component. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer storage device having stored thereon a plurality of components operable by a processor of a computing device during a pre-boot phase of the computing device, the components comprising:
-
a pre-boot environment to process a pre-boot component associated with a kernel-mode component; the pre-boot component which, when processed, ensures that a driver of an integrity manager associated with the kernel-mode component is a first driver in an initialization order of drivers utilized by an operating system during a boot phase; the driver of the integrity manager which, when initialized, causes the computing device to launch the integrity manager; the integrity manager which, when launched; determines that a driver of the kernel-mode component is not next in the initialization order after the driver of the integrity manager; and alters the initialization order to place the driver of the kernel-mode component next in the initialization order to initialize the driver of the kernel-mode component before initializing other drivers that are to be initialized by the operating system; and the kernel-mode component which, when launched, is configured to monitor activity on the computing device and provide security events associated with the activity to a remote security service. - View Dependent Claims (23, 24)
-
Specification