Method and system for tracking a secure boot in a trusted computing environment
First Claim
1. A method for tracking a secure boot in a computer system, wherein the computer system comprises a plurality of devices, the method comprising the steps of:
- (a) providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each at least one boot PCR;
(b) initiating a platform reset to boot the computer system via BIOS;
(c) generating a measurement value for a device of the plurality of devices booted in the computer system;
(d) extending the measurement value to one of the at least one boot PCRs and to the corresponding shadow PCR; and
(e) comparing the measurement value of each of the at least one boot PCRs with the measurement value of the corresponding shadow PCR, wherein the computer system is trusted if the measurement values match.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.
197 Citations
29 Claims
-
1. A method for tracking a secure boot in a computer system, wherein the computer system comprises a plurality of devices, the method comprising the steps of:
-
(a) providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each at least one boot PCR;
(b) initiating a platform reset to boot the computer system via BIOS;
(c) generating a measurement value for a device of the plurality of devices booted in the computer system;
(d) extending the measurement value to one of the at least one boot PCRs and to the corresponding shadow PCR; and
(e) comparing the measurement value of each of the at least one boot PCRs with the measurement value of the corresponding shadow PCR, wherein the computer system is trusted if the measurement values match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium containing programming instructions for tracking a secure boot in a computer system, wherein the computer system comprises a plurality of devices, the programming instructions for:
-
(a) providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each at least one boot PCR;
(b) initiating a platform reset to boot the computer system via BIOS;
(c) generating a measurement value for a device of the plurality of devices booted in the computer system;
(d) extending the measurement value to one of the at least one boot PCRs and to the corresponding shadow PCR; and
(e) comparing the measurement value of each of the at least one boot PCRs with the measurement value of the corresponding shadow PCR, wherein the computer system is trusted if the measurement values match. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for tracking a secure boot in a computer system, wherein the computer system comprises a plurality of devices, the system comprising:
-
a processor in the computer system;
an embedded security system (ESS) coupled to the processor via a secure bus, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each at least one boot PCR;
a BIOS coupled to the processor for booting a device of the plurality of devices in the computer system;
wherein the BIOS generates a measurement value for the device of the plurality of devices and extends the measurement value to one of the at least one boot PCRs and to the corresponding shadow PCR, and wherein the measurement values of the at least one boot PCRs is compared to the measurement values of the corresponding shadow PCRs to determine whether the computer system is trusted. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification