Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
First Claim
1. A method of receiving a password, the method comprising:
- receiving a password routine, the password routine being digitally signed using a private key;
authenticating the password routine using a public key associated with the private key;
storing the password routine in a first area of a memory device, the first area of the memory device being unavailable to a memory management unit, the memory device including a second area, the second area being available to the memory management unit; and
executing the password routine in a pre-boot environment to receive the password.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for secure collection and display of user interface information in a pre-boot environment are disclosed. A disclosed system executes trusted software under a secure mode of a processor. In the secure mode, the processor may directly access an area of memory that normally cannot be accessed. One or more software routines, device drivers, digital certificates, hash codes, encryption keys, and/or any other data may be stored in the secure area of memory. Software routines and device drivers stored in the secure area of memory and/or certified by data in the secure area of memory may be “trusted.” Preferably, trusted software routines and/or device drivers are digitally signed by a trusted source (e.g., Microsoft). In addition to trusted interface objects, the pre-boot environment may include non-trusted interface objects. These non-trusted interface objects may use third party software routines and/or device drivers. Accordingly, both trusted and non-trusted interface objects may be used in the same pre-boot interface.
-
Citations
28 Claims
-
1. A method of receiving a password, the method comprising:
-
receiving a password routine, the password routine being digitally signed using a private key;
authenticating the password routine using a public key associated with the private key;
storing the password routine in a first area of a memory device, the first area of the memory device being unavailable to a memory management unit, the memory device including a second area, the second area being available to the memory management unit; and
executing the password routine in a pre-boot environment to receive the password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus to execute a trusted software program in a pre-boot environment, the apparatus comprising:
-
a memory device including a first memory portion and a second memory portion, the first memory portion storing the trusted software program;
a memory management unit operatively coupled to the memory device, the memory management unit being unable to access the first memory portion, the memory management unit being able to access the second memory portion; and
a processor operatively coupled to the memory device, the processor to execute the trusted software program in the pre-boot environment. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An apparatus to collect a password in a pre-boot environment, the apparatus comprising:
-
a memory device including a first memory portion and a second memory portion, the second memory portion storing a keyboard driver, a display driver, graphics routine, and a password collection routine;
a memory management unit operatively coupled to the memory device, the memory management unit being able to access the first memory portion, the memory management unit being unable to access the second memory portion; and
a processor operatively coupled to the memory device, the processor to execute the keyboard driver, the display driver, the graphics routine, and the password collection routine in the pre-boot environment to collect the password in the pre-boot environment. - View Dependent Claims (23, 24, 25)
-
-
26. A machine readable medium storing instructions structured to cause a machine to:
-
receive a password routine, the password routine being digitally signed using a private key;
authenticate the password routine using a public key associated with the private key;
store the password routine in a first area of a memory device, the first area of the memory device being unavailable to a memory management unit, the memory device including a second area, the second area being available to the memory management unit; and
execute the password routine in a pre-boot environment to receive the password. - View Dependent Claims (27, 28)
-
Specification