Secure Booting A Computing Device
First Claim
Patent Images
1. A computer implemented method, comprising:
- executing codes embedded from a ROM (read only memory) of a device to verify a first code image using a key stored within the ROM; and
in response to successfully verifying the first code image, executing the verified first code image in a main memory of the device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.
-
Citations
30 Claims
-
1. A computer implemented method, comprising:
-
executing codes embedded from a ROM (read only memory) of a device to verify a first code image using a key stored within the ROM; and in response to successfully verifying the first code image, executing the verified first code image in a main memory of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine-readable medium having instructions, which when executed by a machine, cause a machine to perform a method, the method comprising:
-
executing codes embedded from a ROM (read only memory) of a device to verify a first code image using a key stored within the ROM; and in response to successfully verifying the first code image, executing the verified first code image in a main memory of the device to establish an operating environment for the device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
means for executing codes embedded from a ROM (read only memory) of a device to verify a first code image using a key stored within the ROM; and means for executing, in response to successfully verifying the first code image, the verified first code image in a main memory of the device to establish an operating environment for the device.
-
-
18. An electronic device, comprising:
-
a ROM (read only memory) to store codes embedded therein and a key identifying the electronic device; a mass storage to store a first code image; a main memory; and a processor coupled to the ROM, the mass storage, and the main memory, wherein the processor is configured to execute the code embedded from the ROM to verify the first code image from the mass storage and upon successfully verifying the first code image, to execute the verified first code image in the main memory to establish an operating environment of the electronic device.
-
-
19. A computer implemented method, comprising;
-
executing codes embedded from a secure ROM (read-only memory) of a portable device to verify a first executable image representing a kernel of an operating system (OS) that provides an operating environment of the portable device, the first executable image being verified using a key stored within the secure ROM and the key uniquely identifying the portable device, wherein the first executable image is stored in a mass storage of the portable device; and upon successfully verifying the first code image, executing the first executable image in a main memory of the portable device to set up the kernel of the OS in order to establish the operating environment of the portable device. - View Dependent Claims (20, 21)
-
-
22. A machine-readable medium having instructions stored therein, which when executed by a machine, cause a machine to perform a method, the method comprising:
-
executing codes embedded from a secure ROM (read-only memory) of a portable device to verify a first executable image representing a kernel of an operating system (OS) that provides an operating environment of the portable device, the first executable image being verified using a key stored within the secure ROM and the key uniquely identifying the portable device, wherein the first executable image is stored in a mass storage of the portable device; and upon successfully verifying the first code image, executing the first executable image in a main memory of the portable device to set up the kernel of the OS in order to establish the operating environment of the portable device. - View Dependent Claims (23, 24)
-
-
25. A computer implemented method, comprising:
-
executing a first executable image embedded from a secure ROM (read-only memory) of a device to initialize a mass storage device associated with the device to enable the mass storage device to be accessed, the secure ROM having stored therein a unique identifier (ID) uniquely identifying the device; upon successfully initializing the mass storage device, locating and verifying a second executable image stored within the mass storage device using the unique identifier (ID) embedded within the secure ROM; upon successfully verifying the second executable image, executing the second executable image to perform low level hardware initialization on the device; the second executable image, when successfully executed, locating and executing a third executable image, the third executable image to verify and load a kernel image of an operating system (OS) for the device, wherein the kernel image, when successfully loaded, initializes and configures a remainder of the OS for the device. - View Dependent Claims (26, 27, 29, 30)
-
-
28. A machine-readable medium having instructions stored therein, which when executed by a machine, cause a machine to perform a method, the method comprising:
-
executing a first executable image embedded from a secure ROM (read-only memory) of a device to initialize a mass storage device associated with the device to enable the mass storage device to be accessed, the secure ROM having stored therein a unique identifier (ID) uniquely identifying the device; upon successfully initializing the mass storage device, locating and verifying a second executable image stored within the mass storage device using the unique identifier (ID) embedded within the secure ROM; upon successfully verifying the second executable image, executing the second executable image to perform low level hardware initialization on the device; the second executable image, when successfully executed, locating and executing a third executable image, the third executable image to verify and load a kernel image of an operating system (OS) for the device, wherein the kernel image, when successfully loaded, initializes and configures a remainder of the OS for the device.
-
Specification