Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations
First Claim
Patent Images
1. A method comprising:
- authenticating a user of a platform during a Basic Input/Output System (BIOS) boot process;
releasing a first keying material from a token communicatively coupled to the platform in response to authenticating the user;
combining the first keying material with a second keying material internally stored within the platform in order to produce a combination key; and
using the combination key to decrypt a second BIOS area to recover a second segment of BIOS code.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, a method of securely transmitting data features an operation of authenticating a user of a platform during a Basic Input/Output System (BIOS) boot process. In response to authenticating the user, a first keying material is released from a token communicatively coupled to the platform. The first keying material is combined with a second keying material internally stored within the platform in order to produce a combination key. This combination key is used to decrypt a second BIOS area to recover a second segment of BIOS code.
-
Citations
21 Claims
-
1. A method comprising:
-
authenticating a user of a platform during a Basic Input/Output System (BIOS) boot process;
releasing a first keying material from a token communicatively coupled to the platform in response to authenticating the user;
combining the first keying material with a second keying material internally stored within the platform in order to produce a combination key; and
using the combination key to decrypt a second BIOS area to recover a second segment of BIOS code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 16, 17, 18, 20, 21)
-
-
12. An integrated circuit device comprising:
-
a boot block memory unit; and
a trusted platform module communicatively coupled to the boot block memory unit, the trusted platform module to produce a combination key by combining a first incoming keying material with a second keying material internally stored within the integrated circuit and to decrypt a second BIOS area to recover a second segment of BIOS code.
-
-
15. A platform comprising:
-
an input/output control hub (ICH);
a non-volatile memory unit coupled to the ICH, the non-volatile memory unit including a BIOS code including a first BIOS area and a second BIOS area, the first BIOS area being an encrypted first segment of the BIOS code and the second BIOS area being an encrypted second segment of the BIOS code; and
a trusted platform module coupled to the ICH, the trusted platform module to produce a combination key by combining a first incoming keying material with a second keying material internally stored within the platform and to decrypt the second BIOS area to recover the second segment of BIOS code.
-
-
19. A program loaded into readable memory for execution by a trusted platform module of a platform, the program comprising:
-
code to decrypt a first Basic Input/Output System (BIOS) area to recover a first segment of BIOS code;
code to produce a combination key by combining a first incoming keying material with a second keying material internally stored within the trusted platform module; and
code to decrypt a second BIOS area to recover a second segment of the BIOS code.
-
Specification