Physical presence determination in a trusted platform
First Claim
Patent Images
1. A method comprising the steps of:
- determining whether power was applied to a computer system by the activation of a power-on switch by reading a power-on status register which indicates the occurrence of such activation; and
affecting the operation of a trusted platform module (TPM) included in the computer system as a function of said determination.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
-
Citations
22 Claims
-
1. A method comprising the steps of:
-
determining whether power was applied to a computer system by the activation of a power-on switch by reading a power-on status register which indicates the occurrence of such activation; and
affecting the operation of a trusted platform module (TPM) included in the computer system as a function of said determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising the steps of:
-
determining whether power was applied to a computer system by the activation of a power-on switch coupled to the computer system by reading a power-on status register which indicates the occurrence of such activation, wherein the power-on status register is settable only in hardware;
configuring a physical presence flag of a trusted platform module (TPM) included in the computer system to indicate lack of physical presence in response to a determination in said determining step that the power-on switch was not activated;
wherein said determining and configuring steps occur after a system reset event and before an OS load event, andlimiting the operation of the TPM as a function of said configuring step. - View Dependent Claims (13, 14, 15)
-
-
16. A method comprising the steps of:
-
determining whether power was applied to a computer system by the activation of a power-on switch coupled to the computer system by, reading a power-on status register which indicates the occurrence of such activation, wherein the power-on status register is settable only in hardware;
configuring a physical presence flag of a trusted platform module (TPM) included in the computer system to indicate physical presence in response to an application of power by the activation of the power-on switch as determined in said determining step;
wherein said determining and configuring steps occur after a system reset event and before an OS load event, andallowing a predetermined trusted operation to execute in the TPM as a function of said configuring step. - View Dependent Claims (17, 18, 19)
-
-
20. A program product comprising:
a computer usable medium having computer readable program code embodied therein, the computer readable program code in said program product being effective when executing to;
determine whether power was applied to a computer system by the activation of a power-on switch by reading a power-on status register which indicates the occurrence of such activation; and
affect the operation of a trusted platform module (TPM) included in the computer system as a function of said determination.
-
21. A program product comprising:
-
a computer usable medium having computer readable program code embodied therein, the computer readable program code in said program product being effective when executing to;
determine whether power was applied to a computer system by the activation of a power-on switch coupled to the computer system by reading a power-on status register which indicates the occurrence of such activation, wherein the power-on status register is settable only in hardware;
configure a physical presence flag of a trusted platform module (TPM) included in the computer system to indicate lack of physical presence in response to said determination indicating that the power-on switch was not activated;
wherein said determination and configuration occur after a system reset event and before an OS load event, and limit the operation of the TPM as a function of said configuration.
-
-
22. A program product comprising:
a computer usable medium having computer readable program code embodied therein, the computer readable program code in said program product being effective when executing to;
determine whether power was applied to a computer system by the activation of a power-on switch coupled to the computer system by reading a power-on status register which indicates the occurrence of such activation, wherein the power-on status register is settable only in hardware;
configure a physical presence flag of a trusted platform module (TPM) included in the computer system to indicate physical presence in response to an application of power by the activation of the power-on switch in accordance to said determination;
wherein said determination and configuration occur after a system reset event and before an OS load event, andallow a predetermined trusted operation to execute in the TPM as a function of said configuration.
Specification