Verification of code signature with flexible constraints

US 10,491,401 B2
Filed: 02/21/2017
Issued: 11/26/2019
Est. Priority Date: 02/21/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of determining a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fuses, and memory, the code image including a header having a code signature and metadata, the computer-implemented method comprising:

receiving the header and code image;

determining an image hash based on the metadata and code image using a first hash function;

determining a fuses hash based on values of at least some of the hardware fuses using a second hash function;

determining an information hash based on at least some of information stored in the memory using a third hash function;

determining a verification hash based on the image hash, the fuses hash, and the information hash;

verifying the verification hash against a code signature; and

responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses, and methods for signing, and verifying the signature of, code to be executed by a target device. An example method of determining a verification hash of a code image to be executed by a target device comprises receiving a header and code image, determining an image hash based on metadata and the code image, determining a fuses hash based on values of hardware fuses of the target device, determining an information hash based on information stored in memory, determining a verification hash based on the image hash, the fuses hash, and the information hash, verifying the verification hash against a code signature in the header, obtaining an unlock constant based on the verification hash, comparing the unlock constant with a stored predetermined value to unlock a memory region of the target device, and executing the code in the code image on the target device.

Citations

19 Claims

1. A computer-implemented method of determining a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fuses, and memory, the code image including a header having a code signature and metadata, the computer-implemented method comprising:
- receiving the header and code image;
  
  determining an image hash based on the metadata and code image using a first hash function;
  
  determining a fuses hash based on values of at least some of the hardware fuses using a second hash function;
  
  determining an information hash based on at least some of information stored in the memory using a third hash function;
  
  determining a verification hash based on the image hash, the fuses hash, and the information hash;
  
  verifying the verification hash against a code signature; and
  
  responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method according to claim 1, wherein the determining a verification hash based on the image hash, the fuses hash, and the information hash includes applying a fourth hash function to a concatenation of the image hash, the fuses hash, and the information hash.
  - 3. The computer-implemented method according to claim 1, wherein the determining a fuses hash based on values of at least some of the hardware fuses using a hash includes:
    - generating a fuses array;
      
      reading a fuse map comprising a bit vector that identifies predetermined fuses of the hardware fuses;
      
      writing values of the predetermined fuses into the fuses array; and
      
      determining the fuses hash based on the fuses array using the second hash function.
  - 4. The computer-implemented method according to claim 1, wherein the determining an information hash based on at least some of information stored in the memory using third hash function includes:
    - generating an information array;
      
      reading an information map comprising a bit vector that identifies predetermined regions of memory;
      
      writing information stored in the predetermined regions of memory into the information array; and
      
      determining the information hash based on the information array using third hash function.
  - 5. The computer-implemented method according to claim 1, wherein the header contains a public key that is useable to verify and initialize a keyladder.
  - 6. The computer-implemented method according to claim 1, wherein the code image is associated to a chip device.
  - 7. The computer-implemented method according to claim 1, wherein the code image includes an expected image hash value.

8. An apparatus that determines a verification hash of a code image to be executed, the code image including a header having a code signature and metadata, the apparatus comprising:
- at least one processor;
  
  hardware fuses;
  
  memory; and
  
  a non-transitory computer readable medium coupled to the at least one processor having instructions stored thereon that, when executed by the at least one processor, cause the at least one processor to;
  
  receive the header and code image;
  
  determine, using a first hash function, an image hash based on the metadata and code image;
  
  determine, using a second hash function, a fuses hash based on values of at least some of the hardware fuses;
  
  determine, using a third hash function, an information hash based on at least some of information stored in the memory;
  
  determine a verification hash based on the image hash, the fuses hash, and the information hash by applying a fourth hash function to a concatenation of the image hash, the fuses hash, and the information hash;
  
  determine an unlock constant based on the verification hash; and
  
  responsive to a successful comparison between the unlock constant and a stored predetermined value, unlocking a region in the memory and transferring control to at least one of a memory management unit of the target device, an operating system executed by the target device, or an application executed by an electronic processor included in the target device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus according to claim 8, wherein the hardware fuses are of varying bit width.
  - 10. The apparatus according to claim 9, wherein the hardware fuses include key fuses that store keys.
  - 11. The apparatus according to claim 9, wherein the hardware fuses include state fuses that store device states.
  - 12. The apparatus according to claim 9, wherein the hardware fuses include device identification fuses that store a unique device identifier.
  - 13. The apparatus according to claim 9, wherein the apparatus is an integrated circuit that is a system on chip.

14. A non-transitory computer-readable storage medium comprising instructions that, when executed by at least one processor of a computing device, cause the at least one processor to determine a verification hash of a code image to be executed by a target device, the target device including a memory controller, hardware fused, and memory, the code image including a header having a code signature and metadata, the instructions, when executed, cause the at least one processor to determine the verification hash of the code image by:
- receiving the header and code image;
  
  determining an image hash based on the metadata and code image using a first hash function;
  
  determining a fuses hash based on values of at least some of the hardware fuses using a second hash function;
  
  determining an information hash based on at least some of the information stored in the memory using a third hash function;
  
  determining a verification hash based on the image hash, the fuses hash, and the information hash;
  
  verifying the verification hash against a code signature; and
  
  responsive to the verification hash being verified against the code signature, storing the verification hash in a cache to enable a warm restart.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable storage medium according to claim 14, wherein the instructions, when executed by the at least one processor, cause the at least one processor to receive the header and code image by receiving a public key that is useable to verify a keyladder.
  - 16. The non-transitory computer-readable storage medium according to claim 15, wherein they keyladder is a secure keyladder for a self-sign application.
  - 17. The non-transitory computer-readable storage medium according to claim 14, wherein the instructions, when executed by the at least one processor, cause the at least one processor to:
    - determine an unlock constant based on the constant using a fourth hash function;
      
      compare the unlock constant to a predetermined value by writing the unlock constant to a hardware comparator; and
      
      responsive to the unlock constant matching the predetermined value, unlocking a locked region of the memory.
  - 18. The non-transitory computer-readable storage medium according to claim 17, wherein the predetermined value is a stored constant.
  - 19. The non-transitory computer-readable storage medium according to claim 17, wherein the instructions, when executed by the at least one processor, cause the at least one processor to open the region of the memory for execution of the code image by unlocking the locked region of the memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Schilder, Marius, Chen, Timothy, Johnson, Scott
Primary Examiner(s)
Callahan, Paul E

Application Number

US15/438,065
Publication Number

US 20180241568A1
Time in Patent Office

1,008 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/73   by creating or determining ...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

Verification of code signature with flexible constraints

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of code signature with flexible constraints

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links