System and method for trusted early boot flow

US 20060224878A1
Filed: 03/31/2005
Published: 10/05/2006
Est. Priority Date: 03/31/2005
Status: Active Grant

First Claim

Patent Images

1. A platform comprising:

a processor utilizing security management extension (SMX) instructions and having a private key, the processor communicatively coupled to firmware comprising one or more authenticated code (AC) modules;

the one or more AC modules comprising a header, instruction code, and data, and further comprising a public key, wherein the public and private key enable AC modules to be trusted in execution during initialization prior to launch of an operating system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the invention involves extending trusted computing environments to the boot firmware. In at least one embodiment, the present invention is intended to enable the trusted environment to be extended forward to the pre-boot environment in addition to post-OS load environment. Embodiments of the present invention enable the trusted environment to extend to the firmware at power-on. The firmware is integrated within the secure perimeter which was previously only available to the OS. In other words, the BIOS is made to be a trusted entity, as well as the OS. Extensible firmware interface (EFI) modules are signed with a public key. The processor has an embedded private key. EFI modules are verified using the keys to ensure a trusted environment from boot to OS launch. Other embodiments are described and claimed.

46 Citations

View as Search Results

21 Claims

1. A platform comprising:
- a processor utilizing security management extension (SMX) instructions and having a private key, the processor communicatively coupled to firmware comprising one or more authenticated code (AC) modules;
  
  the one or more AC modules comprising a header, instruction code, and data, and further comprising a public key, wherein the public and private key enable AC modules to be trusted in execution during initialization prior to launch of an operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The platform as recited in claim 1 wherein the processor architecture comprises an extensible firmware interface (EFI).
  - 3. The platform as recited in claim 2, wherein the one or more AC modules further comprise:
    - a firmware file header;
      
      an optional name;
      
      an image section; and
      
      an optional dependency expression section.
  - 4. The platform as recited in claim 2, wherein the private key is embedded in the processor.
  - 5. The platform as recited in claim 2, further comprising:
    - processor microcode to load an AC module manager upon boot up, the AC module manager to load a pre-EFI (PEI) foundation and commence dispatch of the one or more AC modules.
  - 6. The platform as recited in claim 5, wherein the AC module manager is a security (SEC) module.
  - 7. The platform as recited in claim 6, wherein the SEC module is loaded into cache as random access memory (CRAM), the cache being coupled to the processor.
  - 8. The platform as recited in claim 5, wherein a first SMX instruction is executed prior to loading the AC module manager, and wherein the first SMX instruction enables an AC module to be authenticated using the public and private keys.
  - 9. The platform as recited in claim 8, wherein a second SMX instruction is executed by an AC module to enable execution to resume by the AC module manager or one of the one or more AC modules.
  - 10. The platform as recited in claim 2, wherein platform initialization occurs during a pre-EFI (PEI) initialization stage of boot up, the pre-EFI initialization stage comprising initialization of the processor, platform chipset and platform motherboard, and wherein PEI comprises execution of the one or more AC modules, the AC modules being authenticated by the public and private keys, and wherein PEI ensures a trusted environment through loading of a trusted operating system.
  - 11. The platform as recited in claim 10, wherein the firmware services initialized during PEI are trusted by the trusted operating system

12. A method for enabling a trusted environment in a platform comprising:
- authenticating one or more authenticated code (AC) modules during initialization of a platform prior to launch of an operating system, wherein the authenticated AC modules ensure trusted platform firmware services available to a trusted operating system; and
  
  loading authenticated AC modules to perform various initialization tasks.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method as recited in claim 12, wherein authenticating comprises:
    - using a private key embedded in a processor on the platform and a public key encoded within the one or more AC modules; and
      
      aborting initialization if authentication fails.
  - 14. The method as recited in claim 12, wherein authenticating and loading of the one or more AC modules in enabled by security management extension (SMX) instructions implemented in the platform'"'"'s instruction set architecture (ISA).
  - 15. The method as recited in claim 12, wherein the platform comprises an extensible firmware interface (EFI) architecture and initialization is at a pre-EFI initialization (PEI) phase of execution.
  - 16. The method as recited in claim 15, wherein authenticating and loading of the one or more AC modules in enabled by security management extension (SMX) instructions implemented in the platform'"'"'s instruction set architecture (ISA), and further comprising:
    - if the platform has multiple processors, issuing a first SMX instruction by an initiating logical processor (ILP) to suspend operations by one or more responding logical processors (RLPs);
      
      if the platform has multiple processors, responding by the RLPs to indicate that the issued SMX instruction has been acknowledged prior to loading authenticated AC modules;
      
      launching an authenticated and loaded AC module comprising a PEI core module;
      
      repeating the authenticating, loading and launching for successive AC modules until PEI initialization succeeds or fails;
      
      if PEI initialization succeeds, issuing a second SMX instruction by an initiating logical processor (ILP) to resume and join operations by the one or more RLPs; and
      
      if the PEI initialization fails, aborting boot up of the platform.

17. A machine accessible medium having instructions that when executed cause the machine to:
- authenticate one or more authenticated code (AC) modules during initialization of a platform prior to launch of an operating system, wherein the authenticated AC modules ensure trusted platform firmware services on the machine, the trusted platform firmware services available to a trusted operating system; and
  
  load authenticated AC modules to perform various initialization tasks.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The machine accessible medium as recited in claim 17, wherein authenticating further comprises instructions that cause the machine to:
    - use a private key embedded in a processor on the machine and a public key encoded within the one or more AC modules; and
      
      abort initialization if authentication fails.
  - 19. The machine accessible medium as recited in claim 17, wherein authenticating and loading of the one or more AC modules in enabled by a security management extension (SMX) instructions implemented in the machine'"'"'s instruction set architecture (ISA).
  - 20. The machine accessible medium as recited in claim 17, wherein the machine comprises an extensible firmware interface (EFI) architecture and initialization is at a pre-EFI initialization (PEI) phase of execution.
  - 21. The machine accessible medium as recited in claim 20, wherein authenticating and loading of the one or more AC modules in enabled by security management extension (SMX) instructions implemented in the machine'"'"'s instruction set architecture (ISA), and wherein the medium further comprises instructions that when executed cause the machine to:
    - if the platform has multiple processors, issue a first SMX instruction by an initiating logical processor (ILP) to suspend operations by one or more responding logical processors (RLPs);
      
      if the platform has multiple processors, respond by the RLPs to indicate that the issued SMX instruction has been acknowledged prior to loading authenticated AC modules;
      
      launch an authenticated and loaded AC module comprising a PEI core module;
      
      repeat the authenticating, loading and launching for successive AC modules until PEI initialization succeeds or fails;
      
      if PEI initialization succeeds, issue a second SMX instruction by an initiating logical processor (ILP) to resume and join operations by the one or more RLPs; and
      
      if the PEI initialization fails, abort boot up of the platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent J., Rothman, Michael A., Datta, Shamanna M.

Granted Patent

US 7,752,428 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575   Secure boot

H04L 9/32   including means for verifyi...

H04L 9/3234   involving additional secure...

System and method for trusted early boot flow

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for trusted early boot flow

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links