COMPUTING DEVICE BOOT SOFTWARE AUTHENTICATION

US 20140089651A1
Filed: 09/25/2012
Published: 03/27/2014
Est. Priority Date: 09/25/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a processor circuit; and

a storage communicatively coupled to the processor circuit and arranged to store an initial boot software component comprising a sequence of instructions operative on the processor circuit to;

select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component;

authenticate a first boot software component of the first set of boot software components; and

execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments are generally directed to authenticating a chain of components of boot software of a computing device. An apparatus comprises a processor circuit and storage storing an initial boot software component comprising instructions operative on the processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component; authenticate a first boot software component of the first set of boot software components; and execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components. Other embodiments are described and claimed herein.

Citations

27 Claims

1. An apparatus comprising:
- a processor circuit; and
  
  a storage communicatively coupled to the processor circuit and arranged to store an initial boot software component comprising a sequence of instructions operative on the processor circuit to;
  
  select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component;
  
  authenticate a first boot software component of the first set of boot software components; and
  
  execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, the instructions operative on the processor circuit to select the first set of boot software components based on detection of a removable storage medium accessible to the processor circuit and detection of the first set of boot software components stored in the removable storage medium.
  - 3. The apparatus of claim 1, the instructions operative on the processor circuit to select the first set of boot software components based on detection of a server accessible to the processor circuit via a network and detection of the first set of boot software components stored in a storage of the server.
  - 4. The apparatus of claim 1, the instructions operative on the processor circuit to select the first set of boot software components based on a specified order of priority of the pathways defined by the multiple sets of boot software components.
  - 5. The apparatus of claim 4, the instructions operative on the processor circuit to:
    - select a second set of boot software components of the multiple sets of boot software components in response to a failure in authentication of a boot software component of the first set of boot software components; and
      
      authenticate a third boot software component of the second set of boot software components.
  - 6. The apparatus of claim 1:
    - the initial boot software component comprising a first public key;
      
      the first boot software component comprising a first signature and a second public key;
      
      the second boot software component comprising a second signature;
      
      authenticating the first boot software component comprises verifying the first signature as created by a private key that matches the first public key; and
      
      authenticating the second boot software component comprises verifying the second signature as created by a private key that matches the second public key.
  - 7. The apparatus of claim 6, the initial boot software component comprising one of a whitelist and a blacklist, and authenticating the first boot software component comprises comparing the first signature to the one of the whitelist and the blacklist.
  - 8. The apparatus of claim 1, the instructions operative on the processor circuit to execute a sequence of instructions of a boot software component of the first set of boot software components to authenticate the latter boot software component to extend the chain of authentication from the initial boot software component to the latter boot software component.
  - 9. The apparatus of claim 8, the instructions operative on the processor circuit to execute a sequence of instructions of the latter boot software component to select the first set of boot software components based on reception of signals indicating operation of controls to select the first set of boot software.

10. An apparatus comprising:
- a main processor circuit;
  
  a main storage communicatively coupled to the main processor circuit and arranged to store an initial boot software component;
  
  a controller comprising a controller processor circuit communicatively coupled to the main storage, and a controller storage communicatively coupled to the controller processor circuit and arranged to store a boot routine comprising a sequence of instructions operative on the controller processor circuit to authenticate the initial boot software component; and
  
  the initial boot software component operative on the main processor circuit to;
  
  select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component, and the main storage stores at least one set of boot software components; and
  
  authenticate a first boot software component of the first set of boot software components to form a chain of authentication that extends from the boot routine and into a first pathway defined by the first set of boot software components.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, the initial boot software component operative on the main processor circuit to select the first set of boot software components based on detection of a removable storage medium accessible to the main processor circuit and detection of the first set of boot software components stored in the removable storage medium.
  - 12. The apparatus of claim 10, the initial boot software component operative on the main processor circuit to select the first set of boot software components based on detection of a server accessible to the main processor circuit via a network and detection of the first set of boot software components stored in a storage of the server.
  - 13. The apparatus of claim 10, the initial boot software component operative on the main processor circuit to select the first set of boot software components based on a specified order of priority of the pathways defined by the multiple sets of boot software components.
  - 14. The apparatus of claim 13, the initial boot software component operative on the main processor circuit to:
    - select a second set of boot software components of the multiple sets of boot software components in response to a failure in authentication of a boot software component of the first set of boot software components; and
      
      authenticate a third boot software component of the second set of boot software components.
  - 15. The apparatus of claim 10, the initial boot software component operative on the main processor circuit to execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to extend the chain of authentication from the initial boot software component through the first pathway.
  - 16. The apparatus of claim 15:
    - the initial boot software component comprising a first public key;
      
      the first boot software component comprising a first signature and a second public key;
      
      the second boot software component comprising a second signature;
      
      authenticating the first boot software component comprises verifying the first signature as created by a private key that matches the first public key; and
      
      authenticating the second boot software component comprises verifying the second signature as created by a private key that matches the second public key.
  - 17. The apparatus of claim 16, the initial boot software component comprising one of a whitelist and a blacklist, and authenticating the first boot software component comprises comparing the first signature to the one of the whitelist and the blacklist.

18. A computer-implemented method comprising:
- executing a sequence of instructions of a boot routine on a first processor circuit to employ a first public key of the boot routine to authenticate an initial boot software component;
  
  executing a sequence of instructions of the initial boot software component on a second processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defining a pathway branching from the initial boot software component and rejoining at a latter boot software component; and
  
  executing a sequence of instructions of the initial boot software component on the second processor circuit to employ a second public key of the initial boot software component to authenticate a first boot software component of the first set of boot software components, forming a chain of authentication from the boot routine and into a first pathway defined by the first set of boot software components.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The computer-implemented method of claim 18, the initial boot software component comprising one of a whitelist and a blacklist, and executing a sequence of instructions of the initial boot software component on the second processor circuit to authenticate the first boot software component of the first set of boot software components comprises comparing a signature of the first boot software component to the one of the whitelist and the blacklist.
  - 20. The computer-implemented method of claim 18, comprising selecting the first set of boot software components based on detecting a removable storage medium coupled to a computing device and detecting the first set of boot software components stored in the removable storage medium.
  - 21. The computer-implemented method of claim 18, comprising selecting the first set of boot software components based on a specified order of priority of the pathways defined by the multiple sets of boot software components.
  - 22. The computer-implemented method of claim 18, comprising:
    - selecting a second set of boot software components of the multiple sets of boot software components in response to a failure in authenticating a boot software component of the first set of boot software components; and
      
      authenticating a third boot software component of the second set of boot software components.

23. At least one machine-readable storage medium comprising instructions that when executed by a computing device, cause the computing device to:
- select a first set of boot software components of multiple sets of boot software components, each set of boot software components defining a pathway branching from an initial boot software component and rejoining at a latter boot software component;
  
  employ a first public key of the initial boot software component to authenticate a first boot software component of the first set of boot software components; and
  
  employ a second public key of the first boot software component to authenticate a second boot software component of the first set of boot software components, forming a chain of authentication from the initial boot software component through a first pathway defined by the first set of boot software components.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The at least one machine-readable storage medium of claim 23, the initial boot software component comprising one of a whitelist and a blacklist, and authenticating the first boot software component of the first set of boot software components comprises comparing a signature of the first boot software component to the one of the whitelist and the blacklist.
  - 25. The at least one machine-readable storage medium of claim 23, the computing device caused to select the first set of boot software components based on detecting a removable storage medium coupled to the computing device and detecting the first set of boot software components stored in the removable storage medium.
  - 26. The at least one machine-readable storage medium of claim 23, the computing device caused to select the first set of boot software components based on a specified order of priority of the pathways defined by the multiple sets of boot software components.
  - 27. The at least one machine-readable storage medium of claim 23, the computing device caused to:
    - select a second set of boot software components of the multiple sets of boot software components in response to a failure in authenticating a boot software component of the first set of boot software components; and
      
      authenticate a third boot software component of the second set of boot software components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Yao, Jiewen, Zimmer, Vincent J.

Granted Patent

US 9,141,802 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/60   Protecting data

G06F 21/64   Protecting data integrity, ...

G06F 21/79   in semiconductor storage me...

G06F 9/24   Loading of the microprogram

G06F 9/4401   Bootstrapping security arra...

G06F 9/4416   Network booting; Remote ini...

H04L 63/0442   wherein the sending and rec...

H04L 63/0853   using an additional device,...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

COMPUTING DEVICE BOOT SOFTWARE AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTING DEVICE BOOT SOFTWARE AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links