Secure boot

US 5,937,063 A
Filed: 09/30/1996
Issued: 08/10/1999
Est. Priority Date: 09/30/1996
Status: Expired due to Term

First Claim

Patent Images

1. A system for preventing unauthorized replacement of a storage element containing an executable code, comprising:

first cryptographic means coupled to the storage element for encrypting said executable code based on a secret key to generate an encrypted code in response to an access request during a power-up sequence, said first cryptographic means having an address space mapped to the executable code;

second cryptographic means for decrypting said encrypted code based on said secret key to generate a decrypted code, said second cryptographic means to execute said decrypted code if said decrypted code corresponds to said executable code, said second cryptographic means generating said access request corresponding to said address space of said first cryptographic means; and

communication means for enabling said first cryptographic means to communicate with said second cryptographic means by exchanging said encrypted code and decrypted code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A subsystem prevents unauthorized replacement of boot-up firmware (e.g., BIOS) embedded in modifiable non-volatile memory devices such as flash memory. The firmware device is contained in a secure boot device which is responsive to the host processor. The security protection is established by the encryption and decryption of the boot-up instructions using a secret key shared by both the secure boot device and the host processor.

Citations

36 Claims

1. A system for preventing unauthorized replacement of a storage element containing an executable code, comprising:
- first cryptographic means coupled to the storage element for encrypting said executable code based on a secret key to generate an encrypted code in response to an access request during a power-up sequence, said first cryptographic means having an address space mapped to the executable code;
  
  second cryptographic means for decrypting said encrypted code based on said secret key to generate a decrypted code, said second cryptographic means to execute said decrypted code if said decrypted code corresponds to said executable code, said second cryptographic means generating said access request corresponding to said address space of said first cryptographic means; and
  
  communication means for enabling said first cryptographic means to communicate with said second cryptographic means by exchanging said encrypted code and decrypted code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system according to claim 1, wherein said first cryptographic means includes a secure boot device.
  - 3. The system according to claim 1, wherein said second cryptographic means includes a host processor.
  - 4. The system according to claim 1, wherein said communication means includes an interface coupled to a bus to allow said first cryptographic means to respond to said access request from said second cryptographic means.
  - 5. The system according to claim 1, wherein said secret key is accessible to said first cryptographic means and said second cryptographic means.
  - 6. The system according to claim 1, wherein said executable code is an Operating System.
  - 7. The system according to claim 1, wherein said executable code is a Basic Input and Output System.
  - 8. The system according to claim 1 wherein the storage element is a modifiable non-volatile memory element.
  - 9. The system according to claim 8 wherein the modifiable non-volatile memory element is a flash memory.

10. A system for preventing unauthorized replacement of an executable code, comprising:
- a first processor to contain said executable code and to encrypt said executable code based on a secret key to generate an encrypted code in response to an access request during a power-up sequence, said first processor having an address space mapped to corresponding to the executable code;
  
  a second processor coupled to said first processor, said second processor to generate said access request, and after receiving the encrypted code, to decrypt said encrypted code based on said secret key to generate a decrypted code, and to execute said decrypted code if said decrypted code corresponds to said executable code; and
  
  a communication path coupling said first processor to said second processor.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system according to claim 10, wherein said first processor is a secure boot device.
  - 12. The system according to claim 10, wherein said second processor is a host processor.
  - 13. The system according to claim 10, wherein said communication path includes an interface coupled to a bus to allow said first processor to respond to said access request from said second processor.
  - 14. The system according to claim 10, wherein said secret key is accessible to said first processor and said second processor.
  - 15. The system according to claim 10, wherein said executable code is an Operating System.
  - 16. The system according to claim 10, wherein said executable code is a Basic Input and Output System.
  - 17. The system according to claim 10 wherein the storage element is a modifiable non-volatile memory element.
  - 18. The system according to claim 17 wherein the modifiable non-volatile memory element is a flash memory.

19. A method for preventing unauthorized replacement of an executable code contained in a storage element and accessible to a host processor, the method comprising:
- providing a security processor which is coupled to said storage element, said security processor being responsive to said host processor;
  
  mapping an address space of said security processor to the executable code;
  
  generating an access request to said security processor during a power-up sequence, the access request corresponding to said address space of said security processor;
  
  encrypting the executable code based on a secret key to produce an encrypted code in response to said access request;
  
  decrypting said encrypted code based on said secret key to produce a decrypted code;
  
  executing said decrypted code if said decrypted code corresponds to said executable code; and
  
  establishing a communication path between said host processor and said security processor to allow said host processor to communicate with said security processor.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The method according to claim 19, wherein said communication path includes an interface coupled to a bus to allow said security processor to respond to said access request from said host processor.
  - 21. The method according to claim 19, wherein said secret key is accessible to said host processor and said security processor.
  - 22. The method of claim 19, wherein said executable code is an Operating System.
  - 23. The method of claim 19, wherein said executable code is a Basic Input and Output System.
  - 24. The method of claim 19, wherein said storage element is a modifiable non-volatile memory element.
  - 25. The method of claim 19, wherein said security processor is a secure boot device.
  - 26. The method of claim 19 wherein said step of encrypting is performed by said security processor and said step of decrypting is performed by said host processor.
  - 27. The method of claim 24, wherein said modifiable non-volatile memory element is a flash memory.

28. A system for preventing unauthorized replacement of an information, comprising:
- first processor to encrypt said information based on a secret key to generate an encrypted information in response to an access request during a power-up sequence, said first processor having an address space mapped to said information;
  
  a second processor coupled to said first processor, the second processor to decrypt said encrypted information based on said secret key to generate a decrypted information, said second processor to use said decrypted information if said decrypted information corresponds to said information, said second processor generating said access request corresponding to said address space of said first processor; and
  
  a communication path to enable said first processor to communicate with said second processor by exchanging said encrypted information and decrypted information.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The system according to claim 28, wherein said first processor is a secure information device.
  - 30. The system according to claim 28, wherein said second processor is a host processor.
  - 31. The system according to claim 28, wherein said communication path includes an interface coupled to a bus to allow said first processor to respond to the access request from said second processor.
  - 32. The system according to claim 28, wherein said secret key is accessible to said first processor and said second processor.
  - 33. The system according to claim 28, wherein said information includes an Operating System.
  - 34. The system according to claim 28, wherein said information includes a Basic Input and Output System.
  - 35. The system according to claim 28 wherein the storage element is a modifiable non-volatile memory element.
  - 36. The system according to claim 35 wherein the modifiable non-volatile memory element is a flash memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Davis, Derek L.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/722,298
Time in Patent Office

1,044 Days
Field of Search

380/4, 380/25
US Class Current

713/187
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/575   Secure boot

G06F 2211/1097   Boot, Start, Initialise, Power

Secure boot

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Secure boot

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links