System and method for protected operating system boot using state validation

US 20060005034A1
Filed: 06/30/2004
Published: 01/05/2006
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium encoded with computer executable instructions to perform a method comprising:

starting an operating system loader;

validating the identity or correctness of said loader;

ensuring that a machine on which said operating system loader runs is in a known state; and

if the identity or correctness of said loader validates, and if said machine on which said operating system runs is in a known state, then;

providing a key to said loader; and

allowing said loader to load an operating system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader'"'"'s future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader'"'"'s behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

Citations

30 Claims

1. A computer-readable medium encoded with computer executable instructions to perform a method comprising:
- starting an operating system loader;
  
  validating the identity or correctness of said loader;
  
  ensuring that a machine on which said operating system loader runs is in a known state; and
  
  if the identity or correctness of said loader validates, and if said machine on which said operating system runs is in a known state, then;
  
  providing a key to said loader; and
  
  allowing said loader to load an operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computer-readable medium of claim 1, wherein the method further comprises:
    - running a logon program that gates access to said key.
  - 3. The computer-readable medium of claim 2, wherein said logon program ensures that a user provides credentials as a condition to said logon program granting access to said key.
  - 4. The computer-readable medium of claim 1, wherein said key is usable to decrypt an encrypted operating system partition.
  - 5. The computer-readable medium of claim 1, wherein said act of validating the identity or correctness of said loader, and said act of ensuring that a machine is in a known state, is performed after all of the following have executed:
    - a basic input output system;
      
      an option ROM;
      
      a master boot record; and
      
      a boot sector.
  - 6. The computer-readable medium of claim 5, wherein said act of validating the identity or correctness of said loader, and said act of ensuring that a machine is in a known state, are performed after a portion of said operating system loader has executed.
  - 7. The computer-readable medium of claim 6, wherein said act of validating is performed after all or substantially all of an operating system has started, or after some number of partitions have started, each of said partitions comprising an environment from which some degree of isolation from other partitions is maintained by a hypervisor.
  - 8. The computer-readable medium of claim 1, wherein said key is sealed to a validator that performs said validating act and said ensuring act, and wherein the method further comprises:
    - said validator unsealing said key.
  - 9. The computer-readable medium of claim 8, wherein said key is sealed to at least said validator, and wherein said validator validates at least a portion of said loader.
  - 10. The computer-readable medium of claim 8, wherein said key is sealed to said validator and to at least a portion of said loader.
  - 11. The computer-readable medium of claim 1, wherein said machine comprises a physical machine.
  - 12. The computer-readable medium of claim 1, wherein said machine comprises a virtual machine.
  - 13. The computer-readable medium of claim 12, wherein said key is revealed only if an architecture of said virtual machine has not changed or is valid.
  - 14. The computer-readable medium of claim 1, wherein said act of ensuring that a machine is in a known state comprises:
    - evaluating a current state of said machine and comparing said current state with said known state.
  - 15. The computer-readable medium of claim 1, wherein said act of ensuring that a machine is in a known state comprises:
    - setting a current state of said machine to be consistent with said known state.
  - 16. The computer-readable medium of claim 1, wherein said loader is an entire operating system, or an entire instance of an operating system.

17. A system for performing a boot of an operating system under circumstances that provide assurances as to the reliability of the boot, the system comprising:
- a validator that evaluates the correctness or identity of an operating system loader that will load the operating system, and that further evaluates a state of a machine on which said operating system loader will operate, which either allows or disallows the operating system loader to proceed with loading the operating system depending on whether or not the correctness or identity of the operating system loader is verified, and which places said machine in a known state prior to allowing said operating system loader to proceed.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, wherein a key is sealed to said validator, and wherein said validator unseals said key and provides said key to said operating system loader if said operating system loader is allowed to proceed.
  - 19. The system of claim 17, wherein said validator evaluates the correctness or identity of the operating system loader, and evaluates the state of the machine, after the operating system loader has started operation, but before the operating system loader has initialized a kernel or a device driver.
  - 20. The system of claim 17, wherein said validator comprises:
    - a general portion that is common to a class of validators; and
      
      a specific portion that is specific to said operating system loader, and that is replaceable with a different portion in the case where said validator is being used to validate a different operating system loader.
  - 21. The system of claim 17, wherein said machine comprises a physical machine.
  - 22. The system of claim 17, wherein said machine comprises a virtual machine.

23. A method of booting an operating system comprising:
- executing a basic input output system, an option ROM, a master boot record, and a boot sector;
  
  starting an operating system loader;
  
  validating said operating system loader;
  
  validating a state of a machine on which said operating system loader executes;
  
  if said operating system loader, and said state of said machine, are determined to be valid, then allowing said operating system loader to load an operating system.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The method of claim 23, wherein a key that is necessary to correctly perform at least one function under said operating system is sealed to a validator that performs said acts of validating an operating system loader and validating a machine state, and wherein the method further comprises:
    - if the operating system loader and the machine state are valid, then unsealing said key and providing said key to said operating system loader.
  - 25. The method of claim 23, further comprising:
    - after said operating system has been loaded, executing a logon program that gates access to said key.
  - 26. The method of claim 23, wherein said logon program either allows or disallows components of said operating system to use said key depending on whether a user successfully completes an authentication procedure.
  - 27. The method of claim 23, wherein said acts of validating said operating system loader and validating said machine state are performed after said operating system loader has performed at least one action.
  - 28. The method of claim 27, wherein said acts of validating said operating system loader and validating said machine state are performed at a point in time before resetting the machine state will prevent the loader from functioning correctly to load said operating system.
  - 29. The method of claim 23, wherein said machine comprises a physical machine.
  - 30. The method of claim 23, wherein said machine comprises a virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Ray, Kenneth D., Cross, David B., Hunter, Jamie, Willman, Bryan Mark, LaSalle, Derek Norman, Jacomet, Pierre, Kurien, Thekkthalackal Varugis, McMichael, Lonny Dean, Paley, Mark Eliot

Granted Patent

US 7,694,121 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/575 Secure boot

G06F 9/4401 Bootstrapping security arra...

System and method for protected operating system boot using state validation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protected operating system boot using state validation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links