Method and apparatus for loading a trustable operating system
First Claim
1. A method of loading a trustable operating system comprising:
- identifying a region in a memory of a computer by a one of a plurality of processors;
loading a content into the region;
registering an identity of the content of the secured region; and
causing the one processor to jump to a known entry point in the content.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.
191 Citations
38 Claims
-
1. A method of loading a trustable operating system comprising:
-
identifying a region in a memory of a computer by a one of a plurality of processors;
loading a content into the region;
registering an identity of the content of the secured region; and
causing the one processor to jump to a known entry point in the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A article of manufacture comprising:
-
a machine-accessible medium including a data that, when accessed by a machine cause the machine to, halt all but one of a plurality of central processing units (CPU) in a computer;
identify a region in a memory of the computer;
block access to the identified region by all resources except the non-halted CPU;
load a content into the identified region;
record a cryptographic hash of the content in the identified region; and
cause the non-halted CPU to begin executing at a known entry point in the identified region. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of securing a region in a memory of a computer comprising:
-
halting all but one of a plurality of central processing units (CPU) in a computer;
blocking access to a region in a memory of the computer by all resources except the non-halted CPU;
recording a cryptographic hash of the region; and
placing the non-halted CPU into a known privileged state. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An apparatus to load a trustable operating system comprising:
-
a first processor having a start secure operation (SSO), the SSO having a memory region parameter, wherein the first processor executes the SSO to block access to a region of memory specified in the memory region parameter and to place a content in the specified region;
a hash digest, wherein the first processor further executes the SSO to erase a current content of the hash digest and to record in the hash digest a cryptographic hash of the content of the specified region; and
wherein the first processor further executes the SSO to unblock access to the specified region and to jump to a known entry point in the content of the specified region. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
Specification