Apparatus and method for secure boot environment
First Claim
1. A processor-based system, comprising:
- at least one processor;
at least one memory coupled to the at least one processor;
a boot block stored at a first memory location;
a capsule update stored at a second memory location;
a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system;
code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system; and
if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
56 Citations
20 Claims
-
1. A processor-based system, comprising:
-
at least one processor; at least one memory coupled to the at least one processor; a boot block stored at a first memory location; a capsule update stored at a second memory location; a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system; code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system; and if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A processor-based system, comprising:
-
at least one processor; at least one memory coupled to the at least one processor; a boot block stored at a first memory location; a startup authenticated code module to authenticate the boot block; code which is executable by the processor-based system to cause the processor-based system to; authenticate the boot block using the startup authenticated code module during restart of the processor-based system; if the boot block is successfully authenticated using the startup authenticated code module, authorize an additional firmware element outside the boot block using an authenticated code module during restart of the processor-based system; and if the additional firmware element is successfully authorized using the authenticated code module, maintain the authorization using a platform initialization image authorization during restart of the processor-based system. - View Dependent Claims (8, 9, 10)
-
-
11. A method of authenticating a capsule update for a processor-based system, comprising:
-
storing a boot block; storing a capsule update; storing a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system; validating the boot block with the startup authenticated code module upon the restart of the processor-based system; and if the boot block is successfully validated, validating the capsule update for the processor-based system with the startup authenticated code module. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for booting a processor-based system, comprising:
-
storing a boot block; storing a startup authenticated code module to authenticate the boot block; authenticating the boot block using the startup authenticated code module upon a restart of the processor-based system; if the boot block is successfully authenticated using the startup authenticated code module, authorizing an additional firmware element outside the boot block using an authenticated code module during the restart of the processor-based system; and if the additional firmware element is successfully authorized using the authenticated code module, maintaining the authorization using a platform initialization image authorization during the restart of the processor-based system. - View Dependent Claims (18, 19, 20)
-
Specification