Platform and method for remote attestation of a platform
First Claim
Patent Images
1. A method comprising:
- configuring a processor of a platform to run in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;
loading at least one software module into a random access memory (RAM) of a platform while a platform is operating in the isolated execution mode;
storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode;
retrieving the audit log from the protected memory in response to receiving a remote attestation request from a remotely located platform; and
digitally signing the audit log to produce a digital signature before transfer to the remotely located platform.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.
-
Citations
35 Claims
-
1. A method comprising:
-
configuring a processor of a platform to run in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; loading at least one software module into a random access memory (RAM) of a platform while a platform is operating in the isolated execution mode; storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode; retrieving the audit log from the protected memory in response to receiving a remote attestation request from a remotely located platform; and digitally signing the audit log to produce a digital signature before transfer to the remotely located platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
10. A platform comprising:
-
a chipset; protected memory within the chipset; a processor in communication with the chipset; system memory in communication with the chipset, wherein the system memory comprises random access memory (RAM); and instructions encoded in the system memory, wherein the instructions, when executed by the processor, cause the platform to perform operations comprising; establishing an isolated memory area within the RAM and a normal memory area within the RAM, wherein the platform allows access to the isolated memory area only when the processor is in an isolated execution mode; loading at least one software module while the processor is operating in the isolated execution mode in a ring 0 operating mode; storing an audit log within the protected memory of the chipset, wherein the audit log includes data representing the software module loaded in the isolated execution mode; and in response to an attestation request, utilizing the audit log to generate a response that attests to integrity of the platform. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
34. An apparatus comprising:
-
a tangible machine accessible medium; and instructions encoded in the machine accessible medium, wherein the instructions, when executed on a platform by a processor, cause the platform to perform operations comprising; loading at least one software module while the processor is operating in an isolated execution mode in a ring 0 operating mode; storing an audit log in the platform, wherein the audit log includes data representing the software module loaded in the isolated execution mode; and in response to an attestation request, utilizing the audit log to generate a response that attests to integrity of the platform. - View Dependent Claims (35)
-
Specification