Ensuring that a software update may be installed or run only on a specific device or class of devices
First Claim
1. In a computing environment, a method comprising:
- identifying a device set containing a device or class of devices for which an image entity comprising an image or a subcomponent of an image is to be keyed; and
securely associating an identifier corresponding to the device set with the image entity such that an enforcement mechanism associated with a device of the set can determine whether the image entity is allowed to run on that associated device.
3 Assignments
0 Petitions
Accused Products
Abstract
Described is a system and method in which a system and method in which a device manufacturer or software image provider controls which devices are allowed to install or to run a software image. An image keying mechanism uses package data and UUID associated with the device or class of devices to key an image. Because the UUID is used in the key, an installer verifier and/or boot-time verifier can ensure that the device is authorized to install and/or run the image. Any package, including existing device packages or the package for which installation is requested can demand that keying be enforced. An installer mechanism checks whether the device is allowed to install the image. A boot-time enforcement mechanism prevents an improperly installed image from operating by halting the boot process if a demanded key is invalid or missing.
-
Citations
36 Claims
-
1. In a computing environment, a method comprising:
-
identifying a device set containing a device or class of devices for which an image entity comprising an image or a subcomponent of an image is to be keyed; and
securely associating an identifier corresponding to the device set with the image entity such that an enforcement mechanism associated with a device of the set can determine whether the image entity is allowed to run on that associated device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In a computing environment, a system comprising:
-
a keying mechanism that signs a package with a key, the key based on a data corresponding to the package and data corresponding to the first device identifier; and
an enforcement mechanism associated with a device that has a second device identifier which may or may not be the same as the first device identifier used by the keying mechanism, the enforcement mechanism determining based on the key and the second device identifier whether an image corresponding to contents of the package is allowed to run on the device having the second device identifier. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification