Physical presence determination in a trusted platform
First Claim
Patent Images
1. Apparatus comprising:
- a trusted platform module (TPM);
a nonvolatile memory having computer readable program code stored therein; and
a circuit board which couples said TPM and said nonvolatile memory and which includes a processor which executes the code stored in said nonvolatile memory and further includes a status register which assumes a power-on status state which indicates how the application of power to said circuit board was last previously initiated;
wherein the processor, when executing the code stored in said nonvolatile memory, is effective to;
read the power-on status state of the status register;
determine whether the application of power to said circuit board was last previously initiated by the activation of a power-on switch coupled to said circuit board based on the power-on status state as read from the status register; and
issue a command which affects the operation of said TPM as a function of the determined power-on state.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
-
Citations
19 Claims
-
1. Apparatus comprising:
-
a trusted platform module (TPM);
a nonvolatile memory having computer readable program code stored therein; and
a circuit board which couples said TPM and said nonvolatile memory and which includes a processor which executes the code stored in said nonvolatile memory and further includes a status register which assumes a power-on status state which indicates how the application of power to said circuit board was last previously initiated;
wherein the processor, when executing the code stored in said nonvolatile memory, is effective to;
read the power-on status state of the status register;
determine whether the application of power to said circuit board was last previously initiated by the activation of a power-on switch coupled to said circuit board based on the power-on status state as read from the status register; and
issue a command which affects the operation of said TPM as a function of the determined power-on state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Apparatus comprising:
-
a trusted platform module (TPM);
a nonvolatile memory having computer readable program code stored therein; and
a circuit board which couples said TPM and said nonvolatile memory and having a processor and a status register which is settable only in hardware and assumes a power-on status state which indicates how the application of power to said circuit board was last previously initiated;
wherein the processor and said nonvolatile memory are configured on said circuit board so as to execute code stored therein as the initial code executed by the processor in response to a reset event, the code being effective when executing to;
read the power-on status state of the status register;
determine whether the application of power to said circuit board was last previously initiated by the activation of a power-on switch coupled to said circuit board based on the power-on status state as read from the status register; and
configure a physical presence flag in said TPM to indicate lack of physical presence in response to a determination that the power-on switch was not activated;
wherein the code which is effective to read, determine, and configure executes before an OS load event, and wherein operation of said TPM is limited as a function of the configured physical presence flag. - View Dependent Claims (13, 14, 15)
-
-
16. Apparatus comprising:
-
a trusted platform module (TPM);
a nonvolatile memory having computer readable program code stored therein; and
a circuit board which couples said TPM and said nonvolatile memory and having a processor and a status register which is settable only in hardware and assumes a power-on status state which indicates how the application of power to said circuit board was last previously initiated;
wherein the processor and said nonvolatile memory are configured on said circuit board so as to execute code stored therein as the initial code executed by the processor in response to a reset event, the code being effective when executing to;
read the power-on status state of the status register;
determine whether the application of power to said circuit board was last previously initiated by the activation of a power-on switch coupled to said circuit board based on the power-on status state as read from the status register; and
configure a physical presence flag in said TPM to indicate physical presence in response to a determination that the power-on switch was activated;
wherein the code which is effective to read, determine, and configure executes before an OS load event, and wherein a predetermined trusted operation is allowed to execute in said TPM as a function of the configured physical presence flag. - View Dependent Claims (17, 18, 19)
-
Specification