SYSTEM AND METHOD TO SECURE BOOT BOTH UEFI AND LEGACY OPTION ROM'S WITH COMMON POLICY ENGINE
First Claim
Patent Images
1. A system for securely booting a platform, comprising:
- a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to provide platform status to a policy engine executing on the processor;
the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of a plurality of images to be loaded during boot of the platform, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.
63 Citations
25 Claims
-
1. A system for securely booting a platform, comprising:
-
a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to provide platform status to a policy engine executing on the processor; the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of a plurality of images to be loaded during boot of the platform, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for securely booting a platform, comprising:
-
retrieving a boot image to be loaded on a platform; comparing, by a policy engine, a signature associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform; when the comparison results in a valid match, allowing the boot image to be loaded on the platform during boot; and when the comparison results in a failed match, then disallowing the image to be loaded on the platform, during boot. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer readable storage medium having instructions for securely booting a platform stored therein, the instructions when executed on a platform cause the platform to:
-
retrieve a boot image to be loaded on a platform; compare, by a policy engine, a signature associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform; when the comparison results in a valid match, allow the boot image to be loaded on the platform during boot; and when the comparison results in a failed match, then disallow the image to be loaded on the platform, during boot. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification