Methods and Apparatus for Batch Bound Authentication
First Claim
1. A method for verifying data and hardware in a processing system, the method comprising:
- reading a processor identifier from a processor in a processing system;
determining whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier;
automatically determining whether system firmware in the processing system is authentic, based at least in part on a digital signed message in the processing system; and
determining whether or not to execute the system firmware, based at least in part on the determinations of whether the processor belongs to the predetermined set of processors and whether the system firmware is authentic;
wherein the digitally signed message involves a digital signature applied to a message comprising;
data to identify the system firmware; and
data to identify the predetermined set of processors associated with the specific vendor.
1 Assignment
0 Petitions
Accused Products
Abstract
A processing system may include a processing unit and nonvolatile storage responsive to the processing unit. The nonvolatile storage may include a candidate boot code module and an authentication code module. The processing unit may be configured to execute code from the authentication code module before executing code from the candidate boot code module. The authentication code module may have instructions which, when executed by the processing unit, cause the processing unit to read a processor identifier from the processing unit and determine whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier, before executing any instructions from the candidate boot code module. The processing system may also test authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. Other embodiments are described and claimed.
-
Citations
20 Claims
-
1. A method for verifying data and hardware in a processing system, the method comprising:
-
reading a processor identifier from a processor in a processing system; determining whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier; automatically determining whether system firmware in the processing system is authentic, based at least in part on a digital signed message in the processing system; and determining whether or not to execute the system firmware, based at least in part on the determinations of whether the processor belongs to the predetermined set of processors and whether the system firmware is authentic; wherein the digitally signed message involves a digital signature applied to a message comprising; data to identify the system firmware; and data to identify the predetermined set of processors associated with the specific vendor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A processing system comprising:
-
a processor with a processor identifier; at least one nonvolatile storage component responsive to the processor; a candidate boot code module in the at least one nonvolatile storage component; and an authentication code module in the at least one nonvolatile storage component; the processor configured to execute code from the authentication code module before executing code from the candidate boot code module; and wherein the authentication code module comprises instructions which, when executed by the processor, cause the processing system to perform operations comprising; reading the processor identifier from the processor; determining whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the processor identifier, before executing any instructions from the candidate boot code module; and testing authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a machine-accessible medium; and an authentication code module in the machine-accessible medium, wherein the authentication code module comprises instructions which, when executed by a processor of a processing system, cause the processing system to perform operations comprising; reading a processor identifier from the processor; determining whether the processor belongs to a predetermined set of processors associated with a particular vendor, based at least in part on the processor identifier; and testing authenticity of a candidate boot code module before executing any instructions from the candidate boot code module. - View Dependent Claims (17, 18, 19, 20)
-
Specification