Verification of code signature with flexible constraints
First Claim
1. A computer-implemented method of determining a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fuses, and memory, the code image including a header having a code signature and metadata, the computer-implemented method comprising:
- receiving the header and code image;
determining an image hash based on the metadata and code image using a first hash function;
determining a fuses hash based on values of at least some of the hardware fuses using a second hash function;
determining an information hash based on at least some of information stored in the memory using a third hash function;
determining a verification hash based on the image hash, the fuses hash, and the information hash;
verifying the verification hash against a code signature; and
responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, apparatuses, and methods for signing, and verifying the signature of, code to be executed by a target device. An example method of determining a verification hash of a code image to be executed by a target device comprises receiving a header and code image, determining an image hash based on metadata and the code image, determining a fuses hash based on values of hardware fuses of the target device, determining an information hash based on information stored in memory, determining a verification hash based on the image hash, the fuses hash, and the information hash, verifying the verification hash against a code signature in the header, obtaining an unlock constant based on the verification hash, comparing the unlock constant with a stored predetermined value to unlock a memory region of the target device, and executing the code in the code image on the target device.
-
Citations
19 Claims
-
1. A computer-implemented method of determining a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fuses, and memory, the code image including a header having a code signature and metadata, the computer-implemented method comprising:
-
receiving the header and code image; determining an image hash based on the metadata and code image using a first hash function; determining a fuses hash based on values of at least some of the hardware fuses using a second hash function; determining an information hash based on at least some of information stored in the memory using a third hash function; determining a verification hash based on the image hash, the fuses hash, and the information hash; verifying the verification hash against a code signature; and responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus that determines a verification hash of a code image to be executed, the code image including a header having a code signature and metadata, the apparatus comprising:
-
at least one processor; hardware fuses; memory; and a non-transitory computer readable medium coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, cause the at least one processor to; receive the header and code image; determine, using a first hash function, an image hash based on the metadata and code image; determine, using a second hash function, a fuses hash based on values of at least some of the hardware fuses; determine, using a third hash function, an information hash based on at least some of information stored in the memory; determine a verification hash based on the image hash, the fuses hash, and the information hash by applying a fourth hash function to a concatenation of the image hash, the fuses hash, and the information hash; determine an unlock constant based on the verification hash; and responsive to a successful comparison between the unlock constant and a stored predetermined value, unlocking a region in the memory and transferring control to at least one of a memory management unit of the target device, an operating system executed by the target device, or an application executed by an electronic processor included in the target device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium comprising instructions that, when executed by at least one processor of a computing device, cause the at least one processor to determine a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fused, and memory, the code image including a header having a code signature and metadata, the instructions, when executed, cause the at least one processor to determine the verification hash of the code image by:
-
receiving the header and code image; determining an image hash based on the metadata and code image using a first hash function; determining a fuses hash based on values of at least some of the hardware fuses using a second hash function; determining an information hash based on at least some of the information stored in the memory using a third hash function; determining a verification hash based on the image hash, the fuses hash, and the information hash; verifying the verification hash against a code signature; and responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification