SYSTEM AND METHOD TO SECURE BOOT UEFI FIRMWARE AND UEFI-AWARE OPERATING SYSTEMS ON A MOBILE INTERNET DEVICE (MID)
First Claim
Patent Images
1. A system for secure boot on a mobile platform, comprising:
- a host processor configured to execute a host operating system and host applications;
firmware for booting the host processor, the firmware to utilize one or more signature keys during boot, each signature key associated with a software image to be loaded on the platform during boot; and
a security processor on the platform, the security processor communicatively coupled to a secure memory store, the secure memory store being inaccessible to the firmware and other host processor applications;
the security processor configured to manage the one or more signature keys to control image loading during boot.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed.
-
Citations
22 Claims
-
1. A system for secure boot on a mobile platform, comprising:
-
a host processor configured to execute a host operating system and host applications; firmware for booting the host processor, the firmware to utilize one or more signature keys during boot, each signature key associated with a software image to be loaded on the platform during boot; and a security processor on the platform, the security processor communicatively coupled to a secure memory store, the secure memory store being inaccessible to the firmware and other host processor applications;
the security processor configured to manage the one or more signature keys to control image loading during boot. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for secure boot on a mobile platform, comprising:
-
commencing a secure boot of a host processor on the platform; determining by a security processor on the platform whether a boot module is digitally signed and authorized to be loaded on the host processor; when the boot module is digitally signed and authorized, then loading and executing the boot module on the host processor; and
determining by the security processor whether a plurality of software images to be loaded after the boot module are authorized to be loaded on the host processor, and when one of the plurality of software images is authorized, then loading the one of the plurality of software images on the host processor for execution; andwhen the digitally signed boot module is not authorized, then performing at least one of authorizing the boot image by a platform administrator or failing to boot the platform, and when the one of a plurality of software images is not authorized, then failing to load the one of the plurality of software images on the host processor. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A machine accessible storage medium having instructions stored thereon for employing a secure boot on a mobile platform, the instructions when executed on the platform cause the platform to:
-
commence a secure boot of a host processor on the platform; determine by a security processor on the platform whether a boot module is digitally signed and authorized to be loaded on the host processor; when the boot module is digitally signed and authorized, then load and execute the boot module on the host processor; and
determine by the security processor whether a plurality of software images to be loaded after the boot module are authorized to be loaded on the host processor, and when one of the plurality of software images is authorized, then load the one of the plurality of software images on the host processor for execution; andwhen the digitally signed boot module is not authorized, then perform at least one of authorizing the boot image by a platform administrator or failing to boot the platform, and when the one of a plurality of software images is not authorized, then fail to load the one of the plurality of software images on the host processor. - View Dependent Claims (19, 20, 21, 22)
-
Specification