Mechanism for providing both a secure and attested boot

US 20040064457A1
Filed: 09/27/2002
Published: 04/01/2004
Est. Priority Date: 09/27/2002
Status: Abandoned Application

First Claim

Patent Images

1. A platform comprising:

a first memory to contain a plurality of components including at least a first core component and at least one platform-based component associated with the first core component; and

a processor to perform pre-boot authentication operations on the first core component prior to passing control of the pre-boot authentication to the first core component to authenticate the at least one platform-based component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, one embodiment of the invention involves a secure platform comprising a processor and a first memory containing a plurality of components. These components include at least a first core component and at least one platform-based component associated with the first core component. Under control by processor, pre-boot authentication is sequentially performed on the core components prior to passing control of the pre-boot authentication to that core component. Each core component authenticates platform-based components associated therewith.

Citations

27 Claims

1. A platform comprising:
- a first memory to contain a plurality of components including at least a first core component and at least one platform-based component associated with the first core component; and
  
  a processor to perform pre-boot authentication operations on the first core component prior to passing control of the pre-boot authentication to the first core component to authenticate the at least one platform-based component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The platform of claim 1, wherein the first core component to authenticate a second core component before passing control of the pre-boot authentication to the second core component.
  - 3. The platform of claim 2, wherein the first core component is microcode stored in the first memory including at least on-chip memory of the processor.
  - 4. The platform of claim 1, wherein the at least one platform-based component includes a hardware initialization sequence for a chipset.
  - 5. The platform of claim 1, wherein the second core component abstracts Authentication Services from the first core component to perform pre-boot authenticate operations on platform-based components associated with the second core component.
  - 6. The platform of claim 1, wherein the first core component is authenticated by analyzing Built-in Self Test (BIST) information.
  - 7. The platform of claim 2, wherein the first core component to authenticate the second core component by the first core component (1) receiving at least a portion of the second core component and a signed manifest associated with the second core component, the signed manifest including a digest of at least the portion of the second core component, an identifier to indicate a particular section in the first memory that contains the digest, a signature block and a certificate chain, (2) using information recovered from the certificate chain to extract a pre-computed digest from the signature block, and (3) comparing the pre-computed digest to a digest produced for at least the portion of the second core component.
  - 8. The platform of claim 2, wherein the first core component to authenticate the second core component by the first core component (1) receiving at least a portion of the second core component and a digital signature associated with the second core component, the digital signature including a pre-computed digest of at least the portion of the second core component digitally signed with a private key of a signatory producing the digital signature in which a public key of the signatory being accessible by the processor, (2) recovering the pre-computed digest, and (3) comparing the pre-computed digest with a digest produced for the received portion of the second core component.
  - 9. The platform of claim 1 further comprising:
    - a second memory to contain an attestation log, the second memory being secured; and
      
      a third memory to contain an event log, the third memory being unsecured.
  - 10. The platform of claim 9, wherein the second memory includes registers within the processor.
  - 11. The platform of claim 9, wherein the third memory is volatile memory.
  - 12. The platform of claim 9, wherein the attestation log includes a plurality of listings each including data that represents what information has been successfully loaded into the first memory after power-on, at least one listing comprises a hash of the first core component.
  - 13. The platform of claim 12, wherein the at least one listing of the attestation log further comprises (1) a length (in bytes) of the first core component, and (2) a pointer to a physical address denoting a start of the first core component.

14. A method comprising:
- commencing a pre-boot authentication of components within a platform by performing a pre-boot authentication operation on a first core component; and
  
  once the first core component has been authenticated, (i) passing control of the pre-boot authentication to the first core component once the first core component has been authenticated, and (ii) continuing performance of the pre-boot authentication under control of the first core component.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, wherein the pre-boot authentication operation on the first core component includes analysis of Built-in Self Test (BIST) information associated with the first core component.
  - 16. The method of claim 14, further comprising:
    - authenticating a second core component by the first core component; and
      
      once the second core component has been authenticated, passing control of the pre-boot authentication to the second core component, and continuing performance of the pre-boot authentication under control of the second core component using Authentication Services published by the first core component.
  - 17. The method of claim 16, wherein the authenticating of the second core component comprises:
    - receiving at least a portion of the second core component and a signed manifest by the first core component, the signed manifest including a digest of at least the portion of the second core component, and an identifier to indicate a particular section in a memory that contains the digest, a signature block and a certificate chain;
      
      using information recovered from the certificate chain to extract a pre-computed digest from the signature block from; and
      
      comparing the pre-computed digest to a digest produced for at least the portion of the second core component.
  - 18. The method of claim 16, wherein the authenticating of the second core component comprises:
    - receiving at least a portion of the second core component and a digital signature associated with the second core component, the digital signature including a pre-computed digest of at least the portion of the second core component digitally signed with a private key of a signatory producing the digital signature in which a public key of the signatory being accessible;
      
      recovering the pre-computed digest from the digital signature; and
      
      comparing the pre-computed digest with a digest produced for the received portion of the second core component.
  - 19. The method of claim 14, further comprising:
    - refusing to execute the first core component if the first core component has not been authenticated.
  - 20. The method of claim 14, further comprising:
    - executing the first core component if the first core component has not been authenticated; and
      
      performing an error recovery procedure to prevent modification of selected data within a programmable memory within the platform.
  - 21. The method of claim 20, wherein the performing of the error recovery procedure further includes encrypting data stored within the platform.
  - 22. The method of claim 14 further comprising:
    - creating an event log by storing a digest of the first core component in a non-resettable memory.
  - 23. The method of claim 22 further comprising:
    - upon failing to authenticate the first core component, placing data in an entry of an attestation log contained in secure memory of the platform, contents of the attestation log being capable of replay.

24. Software stored in machine readable medium executed by internal circuitry within a platform to perform pre-boot authentication, the software comprising:
- (a) a first component operating as a root of trust;
  
  (b) a second component being authenticated by the first module prior to receiving control of the pre-boot authentication from the first component; and
  
  (c) a third component being authenticated by the second component using Authentication Services published by the first component.
- View Dependent Claims (25, 26, 27)
- - 25. The software of claim 24, the second component authenticates the third component by (i) receiving at least a portion of the third component and a signed manifest, the signed manifest including a digest of at least the portion of the third component, and an identifier to indicate a particular section in a memory that contains the digest, a signature block and a certificate chain, (ii) using information recovered from the certificate chain to extract a pre-computed digest from the signature block from, and (iii) comparing the pre-computed digest to a digest produced for at least the portion of the second core component.
  - 26. The software of claim 24, the second component authenticates the third component by (i) receiving at least a portion of the third component and a digital signature associated with the third component, the digital signature including a pre-computed digest of at least the portion of the third component digitally signed with a private key of a signatory producing the digital signature in which a public key of the signatory, (ii) recovering the pre-computed digest from the digital signature, and (iii) comparing the pre-computed digest with a digest produced for the received portion of the third component.
  - 27. The software of claim 24 further comprising:
    - (d) a fourth component to perform one-way hash functions on a plurality of components undergoing the pre-boot authentication, including the first, second and third components, to produce a plurality of resultant digests each digest uniquely corresponding to one of the plurality of components and to place the plurality of resultant digests in a replayable event log located in internal memory of the platform, the fourth component further places any component undergoing the pre-boot authentication that is not authenticated in an attestation log located in secure memory of the platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent J., Fish, Andrew J.

Application Number

US10/259,310
Publication Number

US 20040064457A1
Time in Patent Office

Days
Field of Search
US Class Current

707/100
CPC Class Codes

G06F 21/575 Secure boot

Mechanism for providing both a secure and attested boot

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for providing both a secure and attested boot

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links