SIMPLE SCALABLE AND CONFIGURABLE SECURE BOOT FOR TRUSTED MOBILE PHONES

US 20070067617A1
Filed: 09/06/2006
Published: 03/22/2007
Est. Priority Date: 09/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method of booting up a system using a secure boot framework, the system comprising a computational engine and a secure environment operating within the computational engine and isolated from one or more programs, functions and resources operating outside the secure environment, the method comprising:

executing a secure enforcement function located outside the secure environment, said secure enforcement function configured to ensure that only authorized program modules are executed on the system; and

executing at least one program module using the secure enforcement function, if the program module is authorized prior to execution.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, system and computer program product are provided for booting up a system using a secure boot framework. In particular, a secure boot mechanism (i.e., a mechanism that enforces that only authenticated programs and/or events are executed on a particular platform) is provided that has an unlimited number of authorized boot configurations, while requiring only a minimal amount of secure/confidential storage. The secure boot mechanism further provides for the separation of run-time and management functionality, which allows other authorization mechanisms to be plugged-in later on. In addition, the authorized secure boot configurations (i.e., the definition of the secure boot state) can be kept in insecure storage, such as a system disk (e.g., flash memory). Finally, the disclosed secure boot mechanism is further beneficial because it builds upon existing TCG techniques, causing it to require minimal implementation where TCG techniques are implemented.

Citations

44 Claims

1. A method of booting up a system using a secure boot framework, the system comprising a computational engine and a secure environment operating within the computational engine and isolated from one or more programs, functions and resources operating outside the secure environment, the method comprising:
- executing a secure enforcement function located outside the secure environment, said secure enforcement function configured to ensure that only authorized program modules are executed on the system; and
  
  executing at least one program module using the secure enforcement function, if the program module is authorized prior to execution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein executing the secure enforcement function comprises:
    - creating an event associated with execution of the secure enforcement function, said event comprising a code corresponding with the execution;
      
      locating an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      determining whether the event credential is authentic;
      
      determining whether the event is authorized based at least in part on the event credential; and
      
      passing control over to the secure enforcement function if the event credential is located and authentic, and the event is authorized.
  - 3. The method of claim 2, wherein locating an event credential comprises accessing an event credential store located outside the secure environment, said event credential store comprising a plurality of event credentials.
  - 4. The method of claim 2, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 5. The method of claim 4, wherein determining whether the event credential is authentic comprises accessing the key store and determining the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 6. The method of claim 2 further comprising:
    - determining a current state of the system, wherein determining whether the event is authorized comprises determining whether the event is authorized based at least in part on the current state of the system.
  - 7. The method of claim 1, wherein executing a secure enforcement function comprises a root-of-trust for enforcement program module executing the secure enforcement function, said root-of-trust for enforcement program module operating inside the secure environment.
  - 8. The method of claim 1, wherein executing at least one program module using the secure enforcement function comprises:
    - creating an event associated with execution of the program module, said event comprising a code corresponding with the execution of the program module;
      
      locating an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      determining whether the event credential is authentic;
      
      determining whether the event is authorized; and
      
      executing the program module if the event credential is located and authentic, and the event is authorized.
  - 9. The method of claim 8, wherein locating an event credential comprises accessing an event credential store located outside the secure environment, said event credential store comprising a plurality of event credentials.
  - 10. The method of claim 8, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 11. The method of claim 10, wherein determining whether the event credential is authentic comprises accessing the key store and determining the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 12. The method of claim 8 further comprising:
    - determining a current state of the system, wherein determining whether the event is authorized comprises determining whether the event is authorized based at least in part on the current state of the system.

13. An apparatus configured to boot up using a secure boot framework, the apparatus comprising a computational engine and a secure environment operating within the computational engine and isolated from one or more programs, functions and resources operating outside the secure environment;
- the apparatus comprising;
  
  a processor; and
  
  a memory in communication with the processor, said memory storing an application executable by the processor, wherein the application is configured, upon execution to;
  
  execute a secure enforcement function located outside the secure environment, said secure enforcement function configured to ensure that only authorized program modules are executed on the apparatus; and
  
  execute at least one program module using the secure enforcement function, if the program module is authorized prior to execution.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The apparatus of claim 13, wherein in order to execute the secure enforcement function the application is further configured, upon execution, to:
    - create an event associated with execution of the secure enforcement function, said event comprising a code corresponding with the execution;
      
      locate an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      determine whether the event credential is authentic;
      
      determine whether the event is authorized based at least in part on the event credential; and
      
      pass control over to the secure enforcement function if the event credential is located and authentic, and the event is authorized,.
  - 15. The apparatus of claim 14, wherein in order to locate an event credential, the application is further configured, upon execution, to access an event credential store located outside the secure environment, said event credential store comprising a plurality of event credentials.
  - 16. The apparatus of claim 14, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 17. The apparatus of claim 16, wherein in order to determine whether the event credential is authentic, the application is further configured, upon execution, to access the key store and determine the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 18. The apparatus of claim 14, wherein the application is further configured, upon execution to:
    - determine a current state of the apparatus, wherein determining whether the event is authorized comprises determining whether the event is authorized based at least in part on the current state of the apparatus.
  - 19. The apparatus of claim 13, wherein in order to execute the secure enforcement function, the application comprises a root-of-trust for enforcement program module configured to execute the secure enforcement function, said root-of-trust for enforcement program module operating inside the secure environment.
  - 20. The apparatus of claim 13, wherein in order to execute at least one program module using the secure enforcement function, the application is further configured, upon execution, to:
    - create an event associated with execution of the program module, said event comprising a code corresponding with the execution of the program module;
      
      locate an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      determine whether the event credential is authentic;
      
      determine whether the event is authorized based at least in part on the event credential; and
      
      execute the program module if the event credential is located and authentic, and the event is authorized.
  - 21. The apparatus of claim 20, wherein in order to locate an event credential, the application is further configured, upon execution, to access an event credential store located outside the secure environment, said event credential store comprising a plurality of event credentials.
  - 22. The apparatus of claim 20, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 23. The apparatus of claim 22, wherein in order to determine whether the event credential is authentic, the application is further configured, upon execution, to access the key store and determine the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 24. The apparatus of claim 20, wherein the application is further configured, upon execution, to determine a current state of the apparatus, and wherein in order to determine whether the event is authorized, the application is further configured, upon execution, to determine whether the event is authorized based at least in part on the current state of the apparatus.

25. A system configured to boot up using a secure boot framework, said system comprising:
- a secure enforcement function configured to determine whether a program module is authorized for execution on the system and to execute the program module if the program module is authorized, said secure enforcement function operating outside of a secure environment of the system.
- View Dependent Claims (31)
- - 31. The system of claim 25 further comprising:
    - a root-of-trust enforcement program module operating inside the secure environment, said root-of-trust enforcement program module configured to execute the secure enforcement function.

26. The system of claim 26, further comprising:
- an event credential store operating outside the secure environment and comprising a plurality of event credentials, wherein in order to determine whether a program module is authorized, the secure enforcement function is further configured to create an event associated with execution of the program module, said event comprising a code corresponding with the execution, and to locate an event credential associated with the event in the plurality of event credentials of the event credential store.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The system of claim 26, wherein in order to determine whether a program module is authorized, the secure enforcement function is further configured to determine whether the event credential is authentic, said system further comprising:
    - a key store located inside the secure environment and accessible by the secure enforcement function, wherein respective event credentials of the event credential store comprise an indication of the corresponding event, an indication of a system state in which the event is authorized, and a key store binding configured to bind the event credential to the secure environment and, in particular, to the key store, such that determining whether the event credential is authentic comprises accessing the key store and determining the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 28. The system of claim 27 further comprising:
    - a state history database operating inside the secure environment and accessible by the secure enforcement function, said state history database comprising an indication of a current system state as well as of one or more previous system states, wherein the secure enforcement function is further configured to access the state history database in order to determine the current system state.
  - 29. The system of claim 28 further comprising:
    - an event verifier operating inside the secure environment and accessible by the secure enforcement function, said event verifier configured to determine whether the event is authorized based at least in part on the corresponding event credential and the current system state.
  - 30. The system of claim 29 further comprising:
    - an event recorder operating inside the secure environment and accessible by the secure enforcement function, said event recorder configured to record the execution of the program module in the state history database.

32. A computer program product for booting up a system using a secure boot framework, the system comprising a computational engine and a secure environment operating within the computational engine and isolated from one or more programs, functions and resources operating outside the secure environment, wherein the computer program product comprises at least one computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- a first executable portion for executing a secure enforcement function located outside the secure environment, said secure enforcement function configured to ensure that only authorized program modules are executed on the system; and
  
  a second executable portion for executing at least one program module using the secure enforcement function, if the program module is authorized prior to execution.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 33. The computer program product of claim 32, wherein the first executable portion further comprises:
    - a third executable portion for creating an event associated with execution of the secure enforcement function, said event comprising a code corresponding with the execution;
      
      a fourth executable portion for locating an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      a fifth executable portion for determining whether the event credential is authentic;
      
      a sixth executable portion for determining whether the event is authorized based at least in part on the event credential; and
      
      a seventh executable portion for passing control over to the secure enforcement function if the event credential is located and authentic, and the event is authorized.
  - 34. The computer program product of claim 33, wherein the fourth executable portion is configured to access an event credential store located outside the secure environment in order to locate the event credential, said event credential store comprising a plurality of event credentials.
  - 35. The computer program product of claim 33, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 36. The computer program product of claim 35, wherein the fifth executable portion is further configured to access the key store and determine the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 37. The computer program product of claim 33, wherein the computer-readable program code portions further comprise:
    - an eighth executable portion for determining a current state of the system, and wherein the sixth executable portion is further configured to determine whether the event is authorized based at least in part on the current state of the system.
  - 38. The computer program product of claim 32, wherein the first executable portion comprises a root-of-trust for enforcement program module configured to execute the secure enforcement function, said root-of-trust for enforcement program module operating inside the secure environment.
  - 39. The computer program product of claim 32, wherein the second executable portion further comprises:
    - a third executable portion for creating an event associated with execution of the program module, said event comprising a code corresponding with the execution of the program module;
      
      a fourth executable portion for locating an event credential associated with the event, said event credential comprising an indication of the event and of a system state in which the event is authorized;
      
      a fifth executable portion for determining whether the event credential is authentic;
      
      a sixth executable portion for determining whether the event is authorized; and
      
      a seventh executable portion for executing the program module if the event credential is located and authentic, and the event is authorized.
  - 40. The computer program product of claim 39, wherein the fourth executable portion is configured to access an event credential store located outside the secure environment in order to locate the event credential, said event credential store comprising a plurality of event credentials.
  - 41. The computer program product of claim 39, wherein the event credential further comprises a key store binding configured to bind the event credential to the secure environment and to a key store located within the secure environment.
  - 42. The computer program product of claim 41, wherein the fifth executable portion is further configured to access the key store and to determine the integrity and authenticity of the event credential based at least in part on the key store binding.
  - 43. The computer program product of claim 39, wherein the computer-readable program code portions further comprise:
    - an eighth executable portion for determining a current state of the system, and wherein the sixth executable portion is further configured to determine whether the event is authorized based at least in part on the current state of the system.

44. An apparatus configured to boot up using a secure boot framework, the apparatus comprising a computational engine and a secure environment operating within the computational engine and isolated from one or more programs, functions and resources operating outside the secure environment, the apparatus comprising:
- means for executing a secure enforcement function located outside the secure environment, said secure enforcement function configured to ensure that only authorized program modules are executed on the system; and
  
  means for executing at least one program module using the secure enforcement function, if the program module is authorized prior to execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Tarkkala, Lauri

Granted Patent

US 8,201,240 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/575 Secure boot

SIMPLE SCALABLE AND CONFIGURABLE SECURE BOOT FOR TRUSTED MOBILE PHONES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

SIMPLE SCALABLE AND CONFIGURABLE SECURE BOOT FOR TRUSTED MOBILE PHONES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links