PROVIDING SECURITY TO COMPUTING SYSTEMS
First Claim
1. A method comprising:
- performing a secure boot of a base computing platform (BCP), verifying an integrity of and instantiating a security processor on the BCP;
verifying an integrity of one or more subsequent startup components of the BCP, using the security processor, the one or more subsequent startup components comprising at least one of boot code, an operating system, or a hypervisor;
creating a plurality of virtual machines on the BCP;
providing the plurality of virtual machines with virtual access to the security processor on the BCP;
performing a secure start-up of a first virtual machine of the plurality of virtual machines, wherein a guest owner takes ownership of the first virtual machine; and
verifying an integrity of and instantiating a virtual security processor in the first virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Described herein are methods, device, and systems that provide security to various computing systems, such as, smartphones, tablets, personal computers, computing servers, or the like. Security is provided to computing systems at various stages of their operational cycles. For example, a secure boot of a base computing platform (BCP) may be performed, and security processor (SecP) may be instantiated on the BCP. Using the SecP, an integrity of the OS of the BCP may be verified, and an integrity of a hypervisor may be verified. A virtual machine (VM) may be created on the BCP. The VM is provided with virtual access to the SecP on the BCP. Using the virtual access to the TAM, an integrity of the guest OS of the VM is verified and an integrity of applications running on the guest OS are verified.
-
Citations
24 Claims
-
1. A method comprising:
-
performing a secure boot of a base computing platform (BCP), verifying an integrity of and instantiating a security processor on the BCP; verifying an integrity of one or more subsequent startup components of the BCP, using the security processor, the one or more subsequent startup components comprising at least one of boot code, an operating system, or a hypervisor; creating a plurality of virtual machines on the BCP; providing the plurality of virtual machines with virtual access to the security processor on the BCP; performing a secure start-up of a first virtual machine of the plurality of virtual machines, wherein a guest owner takes ownership of the first virtual machine; and verifying an integrity of and instantiating a virtual security processor in the first virtual machine. - View Dependent Claims (2, 3, 4, 5, 8, 9, 10, 11, 12, 13)
-
-
6. The method as recited in claim, the method further comprising:
providing a remote attestation authority with attestation information at startup and during run-time, thereby providing an indication of trust associated with the BCP.
-
7. (canceled)
-
14. A computing system comprising a processor and memory, the computing system further comprising computer-executable instructions stored in the memory which, when executed by the processor of the computing system, perform operations comprising:
-
performing a secure boot of a base computing platform (BCP); verifying an integrity of one or more subsequent startup components of the BCP, using the security processor, the one or more subsequent startup components comprising at least one of boot code, an operating system, or a hypervisor; creating a plurality of virtual machines on the BCP; providing the plurality of virtual machines with virtual access to the security processor on the BCP; performing a secure start-up of a first virtual machine of the plurality of virtual machines, wherein a guest owner takes ownership of the first virtual machine; and verifying an integrity of and instantiating a virtual security processor in the first virtual machine. - View Dependent Claims (15, 16, 17, 18, 20, 21, 22, 23, 24)
-
-
19. (canceled)
Specification