Providing a Secure Execution Mode in a Pre-Boot Environment
First Claim
Patent Images
1. A method comprising:
- providing control to firmware responsive to a power-up event in a computer system;
establishing a secure pre-boot environment in response to a determination that a processor in said system is security enabled;
generating a digest including information about the computer system in the secure pre-boot environment; and
initializing said processor before a trusted operating system is loaded in said system.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.
16 Citations
33 Claims
-
1. A method comprising:
-
providing control to firmware responsive to a power-up event in a computer system; establishing a secure pre-boot environment in response to a determination that a processor in said system is security enabled; generating a digest including information about the computer system in the secure pre-boot environment; and initializing said processor before a trusted operating system is loaded in said system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium storing instructions to cause a computer system to:
-
provide control to firmware responsive to a power-up event; establish a secure pre-boot environment in response to a determination that a processor in said system is security enabled, said secure pre-boot environment to store code to perform cryptographic computations before booting; generate a digest including information about the computer system in the secure pre-boot environment; and initialize said processor before a trusted operating system is loaded in said system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system comprising:
-
a processor; a memory controller coupled to said processor; a memory coupled to said processor; secure pre-boot environment logic to provide control to firmware responsive to a power-up event of the processor and to establish a secure pre-boot environment in response to a determination that the processor is security enabled, said secure pre-boot environment to store code to perform cryptographic computations, said logic to generate a digest including information about the system in the secure pre-boot environment; storage associated with the secure pre-boot environment, said storage to store a secret in the form of a root key and to secure code to perform cryptographic computations; and firmware logic to initialize said processor before operating system code is loaded, said firmware logic to load the operating system code. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A processor comprising:
-
logic to provide control to firmware responsive to a power up event; the firmware further comprising logic to determine, during pre-boot, that the processor is security enabled; logic to establish a secure environment during booting, before operating system code has been loaded; logic to generate a message digest for use in the secure environment; storage, associated with the secure environment, to store a secret in the form of a root key; storage, associated with the secure environment, to store secure code to perform cryptographic computations; the firmware further comprising logic to perform at least one initialization operation of the processor before said operating system code is loaded; and the firmware further comprising logic to load the operating system code. - View Dependent Claims (30, 31, 32, 33)
-
Specification