Operating system bootstrap security mechanism
First Claim
Patent Images
1. A method of booting an operating system having a plurality of boot components, comprising:
- accessing an ordered list that specifies the order in which the plurality of boot components will be supplied to a hash function;
accessing the plurality of boot components in the order that the ordered list specifies;
computing a first hash value from the plurality of boot components;
accessing a second hash value from a secure flash memory;
comparing the first hash value to the second hash value; and
booting the operating system if the first hash value matches the second hash value.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for booting an operating system having at least one boot component comprising the steps of accessing an ordered list identifying the at least one boot component; accessing each of the at least one boot component using the ordered list; computing a first hash value from the at least one boot component; accessing a second hash value, the second hash value being secure; comparing the first hash value to the second hash value; and booting the operating system if the first hash value matches the second hash value.
219 Citations
10 Claims
-
1. A method of booting an operating system having a plurality of boot components, comprising:
-
accessing an ordered list that specifies the order in which the plurality of boot components will be supplied to a hash function;
accessing the plurality of boot components in the order that the ordered list specifies;
computing a first hash value from the plurality of boot components;
accessing a second hash value from a secure flash memory;
comparing the first hash value to the second hash value; and
booting the operating system if the first hash value matches the second hash value. - View Dependent Claims (2, 3, 4, 5)
verifying the operating system'"'"'s signature using the operating system'"'"'s public key;
verifying the integrity of the BIOS code using the BIOS manufacturer'"'"'s public key; and
transferring the second hash value to the secure flash memory using the verified BIOS code.
-
-
3. The method of claim 1 wherein the ordered list further includes at least one pointer corresponding to the plurality of boot components, and the step of accessing the plurality of boot components further includes using the pointer to locate the corresponding boot components.
-
4. The method of claim 1 wherein the plurality of boot components [is] loaded from a local storage device by a loader, the loader being stored in are loaded from a local storage device by a loader, the loader being stored in the secure flash memory.
-
5. The method of claim 1 wherein the plurality of boot components are loaded over a network by a loader, the loader being stored in the secure flash memory.
-
6. A machine readable medium having stored thereon a set of instructions, which when executed by a machine performs the steps of:
-
accessing an ordered list that specifies the order in which a plurality of boot components will be supplied to a hash function;
accessing the plurality of boot components in the order that the ordered list specifies;
computing a first hash value from the plurality of boot components;
accessing a second hash value from a secure flash memory;
comparing the first hash value to the second hash value; and
booting the operating system if the first hash value matches the second hash value. - View Dependent Claims (7, 8, 9, 10)
transferring the second hash value to the secure flash memory from a digital certificate signed by the operating system by;
verifying the operating system'"'"'s signature using the operating system'"'"'s public key;
verifying the integrity of the BIOS code using the BIOS manufacturer'"'"'s public key; and
transferring the second hash value to the secure flash memory using the verified BIOS code.
-
-
8. The machine readable medium of claim 6 wherein the ordered list further includes at least one pointer corresponding to the plurality of boot components, and the step of accessing the plurality of boot components further includes using the pointer to locate the corresponding boot components.
-
9. The machine readable medium of claim 6 wherein the plurality of boot components are loaded from a local storage device by a loader, the loader being stored in the secure flash memory.
-
10. The machine readable medium of claim 6 wherein the plurality of boot components are loaded from over a network by a loader, the loader being stored in the secure flash memory.
Specification