System and method for authentication of off-chip processor firmware code
First Claim
Patent Images
1. An electronic system comprising:
- a system substrate;
a memory element coupled to the system substrate, the memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature including a first value and a second value; and
a processor coupled to the system substrate and the memory element, the processor to contain a public key of the signatory and a digital signature function used during a predetermined condition to authenticate the firmware before execution by the processor, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic system and corresponding method for authenticating firmware stored in a memory element external to a processor. In one embodiment, an electronic system comprises a processor and a memory element. The memory element is used to contain firmware and a digital signature of the firmware signed by a signatory. Coupled to the memory element, the processor authenticates the firmware during a predetermined condition, which occurs prior to execution of the firmware, through use of a pre-stored public key of the signatory and a pre-stored digital signature function.
-
Citations
17 Claims
-
1. An electronic system comprising:
-
a system substrate;
a memory element coupled to the system substrate, the memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature including a first value and a second value; and
a processor coupled to the system substrate and the memory element, the processor to contain a public key of the signatory and a digital signature function used during a predetermined condition to authenticate the firmware before execution by the processor, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An electronic system:
-
a memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature includes a first value and a second value; and
a processor, coupled to the memory element, to authenticate the firmware during a predetermined condition and prior to execution of the firmware through use of a pre-stored public key of the signatory and a pre-stored digital signature function, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
undergoing a reset condition by a processor;
accessing firmware from a memory element remotely located from the processor;
authenticating the firmware before execution by the processor by performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, a public key of a signatory to produce a computed value, (iii) comparing the computed value to a value stored within the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed value matches the value stored within the digital signature; and
allowing the processor to execute the firmware once the firmware has been authenticated.
-
-
17. A machine readable medium having embodied thereon a program for processing by a processor of an electronic system, the program comprising:
-
an authentication subprogram for authenticating firmware loaded into the processor from a memory element remotely located from the processor using a pre-stored public key and a pre-stored digital signature function by performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the pre-stored public key to produce a computed value, (iii) comparing the computed value to a value stored within the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed value matches the value stored within the digital signature;
a processor reset subprogram to release the processor from a RESET state so that the processor can execute the firmware if authenticated; and
an error subprogram to report an authentication error and to prevent the firmware from being executed.
-
Specification