System and method for protected operating system boot using state validation
First Claim
1. A computer-readable medium encoded with computer executable instructions to perform a method comprising:
- starting an operating system loader;
validating the identity or correctness of said loader;
ensuring that a machine on which said operating system loader runs is in a known state; and
if the identity or correctness of said loader validates, and if said machine on which said operating system runs is in a known state, then;
providing a key to said loader; and
allowing said loader to load an operating system.
3 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader'"'"'s future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader'"'"'s behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
-
Citations
30 Claims
-
1. A computer-readable medium encoded with computer executable instructions to perform a method comprising:
-
starting an operating system loader;
validating the identity or correctness of said loader;
ensuring that a machine on which said operating system loader runs is in a known state; and
if the identity or correctness of said loader validates, and if said machine on which said operating system runs is in a known state, then;
providing a key to said loader; and
allowing said loader to load an operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for performing a boot of an operating system under circumstances that provide assurances as to the reliability of the boot, the system comprising:
a validator that evaluates the correctness or identity of an operating system loader that will load the operating system, and that further evaluates a state of a machine on which said operating system loader will operate, which either allows or disallows the operating system loader to proceed with loading the operating system depending on whether or not the correctness or identity of the operating system loader is verified, and which places said machine in a known state prior to allowing said operating system loader to proceed. - View Dependent Claims (18, 19, 20, 21, 22)
-
23. A method of booting an operating system comprising:
-
executing a basic input output system, an option ROM, a master boot record, and a boot sector;
starting an operating system loader;
validating said operating system loader;
validating a state of a machine on which said operating system loader executes;
if said operating system loader, and said state of said machine, are determined to be valid, then allowing said operating system loader to load an operating system. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification