Server active management technology (AMT) assisted secure boot
First Claim
Patent Images
1. A system for secure boot on a platform, comprising:
- a host processor coupled with a firmware memory store;
firmware for booting the host processor, the firmware to utilize one or more signature keys during boot, each signature key associated with a software image to be loaded on the platform during boot; and
a second processor on the platform, the second processor communicatively coupled to a secure area of a memory store, the secure area of the memory store being inaccessible to the firmware and other host processor applications;
the second processor configured to manage the one or more signature keys to control image loading during boot.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves a system and method relating to secure booting of a platform. In at least one embodiment, the present invention is intended to securely boot a platform using one or more signature keys stored in a secure location on the platform, where access to the signature is by a microcontroller on the platform and the host processor has no direct access to alter the signature key. Other embodiments are described and claimed.
-
Citations
13 Claims
-
1. A system for secure boot on a platform, comprising:
-
a host processor coupled with a firmware memory store; firmware for booting the host processor, the firmware to utilize one or more signature keys during boot, each signature key associated with a software image to be loaded on the platform during boot; and a second processor on the platform, the second processor communicatively coupled to a secure area of a memory store, the secure area of the memory store being inaccessible to the firmware and other host processor applications;
the second processor configured to manage the one or more signature keys to control image loading during boot. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for secure boot on a platform, comprising:
-
commencing a secure boot of a host processor on the platform by platform firmware; determining whether a second processor has access to at least one signature key associated with a software image to be loaded at boot and stored in a secure store, and if so, then retrieving the at least one signature key from the secure store by the second processor, but if not, then retrieving the at least one signature key from a firmware store;
-
Specification