Method for extending the CRTM in a trusted platform
First Claim
1. A method in a data processing system for extending a core root of trust measurement within a trusted computing platform, comprising:
- responsive to compiling a module image, generating a hash value;
determining if the hash value of the module image is to be an extension of the core root of trust measurement;
in response to determining that the hash value of the module image is to be a core root of trust measurement extension, creating a digital signature for the module using the core root of trust measurement private key; and
adding the digital signature to the module, wherein adding the digital signature allows platform manufacturer controlled and certified code to be incorporated into functions of the core root of trust measurement.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.
-
Citations
19 Claims
-
1. A method in a data processing system for extending a core root of trust measurement within a trusted computing platform, comprising:
-
responsive to compiling a module image, generating a hash value;
determining if the hash value of the module image is to be an extension of the core root of trust measurement;
in response to determining that the hash value of the module image is to be a core root of trust measurement extension, creating a digital signature for the module using the core root of trust measurement private key; and
adding the digital signature to the module, wherein adding the digital signature allows platform manufacturer controlled and certified code to be incorporated into functions of the core root of trust measurement. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method in a data processing system for allowing a core root of trust measurement within a trusted computing platform to validate a module signature against a public key of a manufacturer, comprising:
-
loading the module into the data processing system;
determining if the module is signed by a core root of trust measurement extension signing key;
responsive to determining that the module is signed, validating the module signature against the public key of the manufacturer; and
creating an entry in a platform configuration register, wherein the platform configuration register is extended to include functions of the core root of trust measurement.
-
-
8. A data processing system for extending a core root of trust measurement within a trusted computing platform, comprising:
-
generating means for generating a hash value in response to compiling a module image;
determining means for determining if the hash value of the module image is to be a core root of trust measurement extension;
creating means for creating a digital signature for the module using the core root of trust measurement private key in response to determining that the hash value of the module image is to be a core root of trust measurement extension; and
adding means for adding the digital signature to the module, wherein adding the digital signature allows platform manufacturer controlled and certified code to be incorporated into functions of the core root of trust measurement. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product in a computer readable medium for extending a core root of trust measurement within a trusted computing platform, comprising:
-
first instructions for generating a hash value in response to compiling a module image;
second instructions for determining if the hash value of the module image is to be a core root of trust measurement extension;
third instructions for creating a digital signature for the module using the core root of trust measurement private key in response to determining that the hash value of the module image is to be a core root of trust measurement extension; and
fourth instructions for adding the digital signature to the module, wherein adding the digital signature allows platform manufacturer controlled and certified code to be incorporated into functions of the core root of trust measurement. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification