System and method for providing a secure boot architecture
First Claim
1. A processor having a secure boot architecture comprising:
- a physically protected storage area for storing a boot-mode object; and
an atomic state machine, coupled to said physically protected storage area, for authenticating said boot-mode object before execution of a first target instruction.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing a secure boot architecture, in accordance with one embodiment of the present invention, includes a processor having an atomic state machine and a physically protected storage area. The atomic state machine stores a state of the processor in a state save map upon a boot-mode event. The atomic state machine also authenticates an object of a Pre-BIOS Boot Vector Region (PBBVR) in response to the boot-mode event. The PBBVR may be stored in the physically protected storage area. The atomic state machine loads the PBBVR from the physically protected storage area into an overlay memory if the PBBVR is successfully authenticated. The processor executes the PBBVR from the overlay memory if the PBBVR is successfully authenticated. The atomic state machine may also receive a candidate PBBVR upgrade image, authenticate the candidate PBBVR upgrade image, and replace the current PBBVR with a new PBBVR contained in the candidate PBBVR upgrade image if the new PBBVR in the candidate PBBVR upgrade image is authenticated.
-
Citations
33 Claims
-
1. A processor having a secure boot architecture comprising:
-
a physically protected storage area for storing a boot-mode object; and
an atomic state machine, coupled to said physically protected storage area, for authenticating said boot-mode object before execution of a first target instruction. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for providing a secure boot architecture for a computer system having a processor comprising:
-
receiving a boot-mode event;
authenticating a boot-mode object; and
executing a first target instruction if said boot-mode object is authenticated. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for providing a secure boot architecture comprising:
-
a physically protected storage area for storing a primary boot-mode object;
an atomic state machine for;
storing a state of a processor in a state save map upon receipt of a boot-mode event;
authenticating an object of said primary primary boot-mode object upon receipt of said boot-mode event; and
loading said primary primary boot-mode object from said physically protected storage area into an overlay memory if said primary PBBVR is successfully authenticated; and
said processor for executing said primary primary boot-mode object from said overlay memory if said primary primary boot-mode object is successfully authenticated. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification