SYSTEM AND METHOD TO SECURE BOOT BOTH UEFI AND LEGACY OPTION ROM'S WITH COMMON POLICY ENGINE

US 20100169633A1
Filed: 12/31/2008
Published: 07/01/2010
Est. Priority Date: 12/31/2008
Status: Active Grant

First Claim

Patent Images

1. A system for securely booting a platform, comprising:

a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to provide platform status to a policy engine executing on the processor;

the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of a plurality of images to be loaded during boot of the platform, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.

63 Citations

View as Search Results

25 Claims

1. A system for securely booting a platform, comprising:
- a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to provide platform status to a policy engine executing on the processor;
  
  the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of a plurality of images to be loaded during boot of the platform, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as recited in claim 1, wherein the certificate database is configured according to a platform policy and comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 3. The system as recited in claim 2, wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key, wherein the policy engine is configured to match the public key with an image identifier signature to verify that the image is authorized to be loaded.
  - 4. The system as recited in claim 2, wherein the certificate database comprises:
    - a certificate database header; and
      
      a plurality of certificate lists,wherein each certificate list further comprises;
      
      a certificate list size;
      
      a certificate count;
      
      a certificate type;
      
      a certificate header size;
      
      a certificate size;
      
      a certificate header; and
      
      a plurality of certificates, each certificate having a identifier,wherein each certificate corresponds to an image authorized to be loaded on the platform.
  - 5. The system as recited in claim 1, wherein the policy engine is to be executed during a driver execution environment phase of a boot on a platform conforming to unified extensible interface architecture.
  - 6. The system as recited in claim 1, wherein the plurality of images to be loaded included an operating system loader.
  - 7. The system as recited in claim 6, wherein when the operating system loader is not authorized, the policy engine to prohibit booting of an operating system.
  - 8. The system as recited in claim 1, wherein the plurality of images to be loaded during boot of the platform conform to one of extensible firmware interface image format and legacy image format.
  - 9. The system as recited in claim 8, wherein an image of the plurality of images comprises one of an option-ROM driver and an operating system loader.
  - 10. The system as recited in claim 1, wherein the certificate database is configured to be initialized and updated by an administrator, wherein administrator authority is to be validated prior to allowing administrator action.
  - 11. The system as recited in claim 10, wherein when an administrator removes policy settings from the certificate database, the policy engine is configured to boot the platform in legacy mode and load all images and drivers without further authentication.

12. A method for securely booting a platform, comprising:
- retrieving a boot image to be loaded on a platform;
  
  comparing, by a policy engine, a signature associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform;
  
  when the comparison results in a valid match, allowing the boot image to be loaded on the platform during boot; and
  
  when the comparison results in a failed match, then disallowing the image to be loaded on the platform, during boot.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method as recited in claim 12, further comprising executing the policy engine during a driver execution environment phase of boot on the platform, wherein the platform conforms to a unified extensible interface architecture.
  - 14. The method as recited in claim 12, when the image to be loaded is an operating system loader and the comparison to the certificate database fails, prohibiting launch of an operating system on the platform.
  - 15. The method as recited in claim 12, further comprising:
    - before initiating a full boot of the platform,validating authority of an administrator; and
      
      configuring the certificate database by initialization or update by the administrator when the administrator has valid authority.
  - 16. The method as recited in claim 15, wherein when the initializing comprises removing policy settings from the certificate database, booting the platform in legacy mode and loading all images and drivers without further authentication.
  - 17. The method as recited in claim 12, further comprising:
    - configuring the certificate database according to a platform policy, wherein the certificate database comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 18. The method as recited in claim 17, further comprising matching a public key in a certificate with an image identifier signature to verify that the image is authorized to be loaded,wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key.

19. A computer readable storage medium having instructions for securely booting a platform stored therein, the instructions when executed on a platform cause the platform to:
- retrieve a boot image to be loaded on a platform;
  
  compare, by a policy engine, a signature associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform;
  
  when the comparison results in a valid match, allow the boot image to be loaded on the platform during boot; and
  
  when the comparison results in a failed match, then disallow the image to be loaded on the platform, during boot.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The medium as recited in claim 19, further comprising instructions to execute the policy engine during a driver execution environment phase of boot on the platform, wherein the platform conforms to a unified extensible interface architecture.
  - 21. The medium as recited in claim 19, when the image to be loaded is an operating system loader and the comparison to the certificate database fails, prohibit launch of an operating system on the platform.
  - 22. The medium as recited in claim 19, further comprising instructions to:
    - before initiating a full boot of the platform,validate authority of an administrator; and
      
      configure the certificate database by initialization or update by the administrator when the administrator has valid authority.
  - 23. The medium as recited in claim 22, wherein when the initializing comprises removing policy settings from the certificate database, boot the platform in legacy mode and load all images and drivers without further authentication.
  - 24. The medium as recited in claim 19, further comprising instructions to:
    - configure the certificate database according to a platform policy, wherein the certificate database comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 25. The medium as recited in claim 24, further comprising instructions to match a public key in a certificate with an image identifier signature to verify that the image is authorized to be loaded,wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Yao, Jiewen, Kumar, Mohan, Zimmer, Vincent, Cui, Liang, Natu, Mahesh, Long, Qin

Granted Patent

US 8,694,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

SYSTEM AND METHOD TO SECURE BOOT BOTH UEFI AND LEGACY OPTION ROM'S WITH COMMON POLICY ENGINE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO SECURE BOOT BOTH UEFI AND LEGACY OPTION ROM'S WITH COMMON POLICY ENGINE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links