System and method for trusted early boot flow
First Claim
1. A platform comprising:
- a processor utilizing security management extension (SMX) instructions and having a private key, the processor communicatively coupled to firmware comprising one or more authenticated code (AC) modules;
the one or more AC modules comprising a header, instruction code, and data, and further comprising a public key, wherein the public and private key enable AC modules to be trusted in execution during initialization prior to launch of an operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves extending trusted computing environments to the boot firmware. In at least one embodiment, the present invention is intended to enable the trusted environment to be extended forward to the pre-boot environment in addition to post-OS load environment. Embodiments of the present invention enable the trusted environment to extend to the firmware at power-on. The firmware is integrated within the secure perimeter which was previously only available to the OS. In other words, the BIOS is made to be a trusted entity, as well as the OS. Extensible firmware interface (EFI) modules are signed with a public key. The processor has an embedded private key. EFI modules are verified using the keys to ensure a trusted environment from boot to OS launch. Other embodiments are described and claimed.
46 Citations
21 Claims
-
1. A platform comprising:
-
a processor utilizing security management extension (SMX) instructions and having a private key, the processor communicatively coupled to firmware comprising one or more authenticated code (AC) modules;
the one or more AC modules comprising a header, instruction code, and data, and further comprising a public key, wherein the public and private key enable AC modules to be trusted in execution during initialization prior to launch of an operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for enabling a trusted environment in a platform comprising:
-
authenticating one or more authenticated code (AC) modules during initialization of a platform prior to launch of an operating system, wherein the authenticated AC modules ensure trusted platform firmware services available to a trusted operating system; and
loading authenticated AC modules to perform various initialization tasks. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A machine accessible medium having instructions that when executed cause the machine to:
-
authenticate one or more authenticated code (AC) modules during initialization of a platform prior to launch of an operating system, wherein the authenticated AC modules ensure trusted platform firmware services on the machine, the trusted platform firmware services available to a trusted operating system; and
load authenticated AC modules to perform various initialization tasks. - View Dependent Claims (18, 19, 20, 21)
-
Specification