METHOD TO SECURELY ALLOW A CUSTOMER TO INSTALL AND BOOT THEIR OWN FIRMWARE, WITHOUT COMPROMISING SECURE BOOT
First Claim
1. A baseboard management controller (BMC), comprising:
- a central processing unit (CPU) including a unique hidden root key (HRK) associated with the BMC;
a non-volatile storage including BMC partitions and a customer firmware partition, the BMC partitions including a non-volatile storage partition, a non-volatile storage boot block partition, a BMC firmware partition, and a recovery partition;
a customer firmware image stored via the customer firmware partition, the customer firmware image including a customer firmware and a signed customer boot block file, the signed customer boot block file including a customer boot block, a HRK hash of the customer boot block based on the unique HRK, and a manufacturer signature utilized to sign the customer boot block and the HRK hash; and
a BMC firmware stored via the BMC firmware partition, which when executed by the CPU, causes the BMC to;
when an alternate path to boot the customer boot block is detected, verify the manufacturer signature on the customer boot block and the HRK hash of the customer boot block; and
when the manufacturer signature has been verified, verify the HRK hash of the customer boot block based on the unique HRK.
3 Assignments
0 Petitions
Accused Products
Abstract
In one or more embodiments, one or more systems, methods, and/or process may allow a customer to install and boot their own firmware securely, without compromising secure boot. A baseboard management controller (BMC) may include a BMC firmware stored via a BMC partition of a non-volatile storage, a customer firmware image including a customer firmware and a signed customer boot block (CBB) file including a CBB, a hidden root key (HRK) hash of the CBB based on a HRK, and a manufacturer signature. The BMC firmware may, when an alternate path to boot the CBB is detected, verify the manufacturer signature on the CBB and the HRK hash, verify the HRK hash based on the unique HRK, and when the manufacturer signature and the HRK hash have been verified, hardware lock the BMC partition, disable the HRK, and transfer control to the CBB.
-
Citations
20 Claims
-
1. A baseboard management controller (BMC), comprising:
-
a central processing unit (CPU) including a unique hidden root key (HRK) associated with the BMC; a non-volatile storage including BMC partitions and a customer firmware partition, the BMC partitions including a non-volatile storage partition, a non-volatile storage boot block partition, a BMC firmware partition, and a recovery partition; a customer firmware image stored via the customer firmware partition, the customer firmware image including a customer firmware and a signed customer boot block file, the signed customer boot block file including a customer boot block, a HRK hash of the customer boot block based on the unique HRK, and a manufacturer signature utilized to sign the customer boot block and the HRK hash; and a BMC firmware stored via the BMC firmware partition, which when executed by the CPU, causes the BMC to; when an alternate path to boot the customer boot block is detected, verify the manufacturer signature on the customer boot block and the HRK hash of the customer boot block; and when the manufacturer signature has been verified, verify the HRK hash of the customer boot block based on the unique HRK. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A baseboard management controller (BMC) firmware verification system, comprising:
-
a manufacturer system; and a BMC including; a first central processing unit (CPU) including a unique hidden root key (HRK) associated with the BMC; a non-volatile storage including BMC partitions and a customer firmware partition, the BMC partitions comprising a non-volatile storage partition, a non-volatile storage boot block partition, a BMC firmware partition, and a recovery partition; a customer firmware image stored via the customer firmware partition, the customer firmware image including a customer firmware and a signed customer boot block file, the signed customer boot block file comprising a customer boot block, a HRK hash of the customer boot block based on the unique HRK, and a manufacturer signature utilized to sign the customer boot block and the HRK hash; and a BMC firmware stored via the BMC firmware partition, which when executed by the first CPU, causes the BMC to; when an alternate path to boot the customer boot block is detected, verify the manufacturer signature on the customer boot block and the HRK hash of the customer boot block; and when the manufacturer signature has been verified, verify the HRK hash of the customer boot block based on the unique HRK. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
verifying, by a baseboard management controller (BMC) firmware, a manufacturer signature on a customer boot block of a signed customer boot block file and a hidden root key (HRK) hash of the customer boot block, when an alternate path to boot the customer boot block is detected, wherein the BMC firmware stored via a BMC firmware partition of BMC partitions of a non-volatile storage of a BMC, wherein the signed customer boot block file in a customer firmware image stored via a customer firmware partition of the non-volatile storage, wherein the customer firmware image further includes a customer firmware, wherein the HRK hash of the customer boot block is based on a unique HRK of a central processing unit (CPU) of the BMC, wherein the signed customer boot block file further includes the HRK hash of the customer boot block and the manufacturer signature utilized to sign the customer boot block and the HRK hash, and wherein the BMC partitions further comprise a non-volatile storage partition, a non-volatile storage boot block partition, and a recovery partition; and when the manufacturer signature has been verified, verifying, by the BMC firmware, the HRK hash of the customer boot block based on the unique HRK. - View Dependent Claims (18, 19, 20)
-
Specification