Method and system for authenticated boot operations in a computer system of a networked computing environment
First Claim
Patent Images
1. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:
- (a) integrating boot manager services into a power on self test (POST) routine;
(b) providing a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine, including reading an initial program load device list of available boot devices during the BIOS routine, determining whether a selected device of the available boot devices contains an image of an operating system, proceeding to a next device until the image is located, determining whether the image is bootable, proceeding to the next device until the image is bootable, and retrieving a boot record for the image, signing the boot record using a private key for the computer system, and sending the signed boot record to a server system; and
(c) authorizing booting with the selected operating system through authentication by the server system of the digital signature.
3 Assignments
0 Petitions
Accused Products
Abstract
Method and system aspects for performing an authenticated boot of a computer system in a networked computing environment are provided. The aspects include integration of boot manager services into a power on self test (POST) routine of a client system. The client system provides a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine. Booting is authorized with the operating system through authentication by a server system of the digital signature.
247 Citations
16 Claims
-
1. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:
-
(a) integrating boot manager services into a power on self test (POST) routine;
(b) providing a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine, including reading an initial program load device list of available boot devices during the BIOS routine, determining whether a selected device of the available boot devices contains an image of an operating system, proceeding to a next device until the image is located, determining whether the image is bootable, proceeding to the next device until the image is bootable, and retrieving a boot record for the image, signing the boot record using a private key for the computer system, and sending the signed boot record to a server system; and
(c) authorizing booting with the selected operating system through authentication by the server system of the digital signature. - View Dependent Claims (2)
-
-
3. The method of claim further comprising halting booting of the computer system upon receipt of a disapproved status for the'"'"'signed boot record from the server system.
-
4. A data processing system with authenticated boot capabilities, the system comprising:
-
at least one client system utilizing boot manager services during a power on self test (POST) routine to select an operating system and provide a digital signature for the operating system selected; and
a server system coupled to the at least one client system for verifying the digital signature and approving the selected operating system to provide authentication for the boot operation in the at least one client system. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for performing an authenticated boot of a computer system in a networked computing environment, the method comprising:
-
utilizing digital signature encryption in a client system to encrypt a boot record;
sending the encrypted boot record to a server system; and
determining authentication of the encrypted boot record in the server system to control booting operations in the client system. - View Dependent Claims (13, 14, 15, 16)
-
Specification