Extensible Pre-Boot Authentication
First Claim
Patent Images
1. A method comprising:
- obtaining a pre-boot authentication (PBA) image from a non-volatile storage of a system in a pre-boot environment, wherein the non-volatile storage is configured with full disk encryption (FDE), and storing the PBA image in a system memory;
performing a callback protocol between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image; and
executing the PBA image if the integrity is confirmed, and otherwise deleting the PBA image from the system memory.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.
-
Citations
19 Claims
-
1. A method comprising:
-
obtaining a pre-boot authentication (PBA) image from a non-volatile storage of a system in a pre-boot environment, wherein the non-volatile storage is configured with full disk encryption (FDE), and storing the PBA image in a system memory; performing a callback protocol between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image; and executing the PBA image if the integrity is confirmed, and otherwise deleting the PBA image from the system memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article comprising a machine-accessible storage medium including instructions that when executed cause a system to:
-
obtain a pre-boot authentication (PBA) image from a storage device coupled to a chipset of the system in a pre-boot environment, wherein the storage device is configured with full disk encryption (FDE), and store the PBA image in a memory of the system; perform a callback protocol between a loader executing on an engine of the chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image; and execute the PBA image if the integrity is confirmed, and otherwise delete the PBA image from the memory. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
a processor; a chipset coupled to the processor and including a first engine to execute a pre-boot loader; and a mass storage coupled to the chipset, the mass storage configured for full disk encryption, wherein the mass storage has an encrypted region and a hidden region to store a pre-boot authentication (PBA) image of a third party and integrity credentials associated with the PBA image, wherein the first engine is to access, via a loader, the hidden region in a pre-boot environment and to load the PBA image to a memory and to execute a callback protocol between the loader and an integrity checker of the third party. - View Dependent Claims (16, 17, 18, 19)
-
Specification