Platform and method for remote attestation of a platform

US 6,990,579 B1
Filed: 03/31/2000
Issued: 01/24/2006
Est. Priority Date: 03/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

configuring a processor of a platform to run in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;

loading at least one software module into a random access memory (RAM) of a platform while a platform is operating in the isolated execution mode;

storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode;

retrieving the audit log from the protected memory in response to receiving a remote attestation request from a remotely located platform; and

digitally signing the audit log to produce a digital signature before transfer to the remotely located platform.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Citations

35 Claims

1. A method comprising:
- configuring a processor of a platform to run in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;
  
  loading at least one software module into a random access memory (RAM) of a platform while a platform is operating in the isolated execution mode;
  
  storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode;
  
  retrieving the audit log from the protected memory in response to receiving a remote attestation request from a remotely located platform; and
  
  digitally signing the audit log to produce a digital signature before transfer to the remotely located platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. The method of claim 1, wherein the data representing the software module comprises a cryptographic hash value.
  - 3. A method according to claim 1, comprising:
    - issuing attestation cycles in response to receiving the attestation request; and
      
      utilizing the attestation cycles to retrieve the audit log from the protected memory.
  - 4. A method according to claim 1, wherein the operation of digitally signing the audit log comprises:
    - utilizing a private key to digitally sign the audit log.
  - 5. A method according to claim 1, further comprising:
    - after loading the software module in the isolated execution mode, transitioning from the isolated execution mode to a normal execution mode; and
      
      receiving the attestation request after transitioning to the normal execution mode.
  - 6. A method according to claim 1, wherein:
    - the operation of loading at least one software module comprises loading at least one module selected from the group consisting of a processor nub and an operating system (OS) nub in a high privilege ring of the platform; and
      
      the operation of storing an audit log within protected memory of the platform comprises storing, in the audit log, data that represents at least one loaded module.
  - 7. A method according to claim 1, wherein:
    - the operation of loading at least one software module comprises loading at least one module selected from the group consisting of a processor nub and an operating system (OS) nub in a high privilege ring of the platform; and
      
      the operation of storing an audit log within protected memory of the platform comprises storing, in the audit log, a cryptographic hash value for at least one loaded module.
  - 8. A method according to claim 1, wherein:
    - the platform comprises a first platform;
      
      the operation of receiving an attestation request comprises receiving the attestation request from a second platform; and
      
      the method futher comprises transmitting the response that attests to integrity of the platform to the second platform.
  - 9. A method according to claim 1, further comprising:
    - receiving user input; and
      
      determining whether or not to provide remote attestation, based on the user input.
  - 25. The method of claim 1, wherein:
    - the method further comprises configuring the platform to establish an isolated memory area in the RAM and a normal memory area in the RAM, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode; and
      
      the operation of loading at least one software module comprises loading at least one software module into the isolated memory area in the RAM while the platform is operating in the isolated execution mode.
  - 26. The method of claim 25, wherein:
    - the audit log represents the at least one software module loaded into the isolated memory area.
  - 27. The method of claim 25, further comprising:
    - executing a processor nub on the processor, with the processor running in the isolated execution mode;
      
      loading an operating system (OS) nub into the isolated memory area, the OS nub to manage at least a subset of an OS to run on the platform;
      
      verifying the OS nub, using the processor nub;
      
      after verifying the OS nub, launching the OS nub.
  - 28. The method of claim 27, wherein the operation of storing an audit log within protected memory of a platform comprises storing an audit log including data representing the processor nub.
  - 29. The method of claim 28, wherein the operation of storing an audit log within protected memory of a platform comprises storing an audit log including data representing the OS nub.
  - 30. The method of claim 1, wherein:
    - the method further comprises configuring the platform to establish an isolated memory area in the RAM, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode.
  - 31. The method of claim 30, wherein:
    - the audit log represents the at least one software module loaded into the isolated memory area.
  - 32. The method of claim 30, further comprising:
    - executing a processor nub on the processor, with the processor running in the isolated execution mode;
      
      loading an operating system (OS) nub into the isolated memory area, the OS nub to manage at least a subset of an OS to run on the platform;
      
      verifying the OS nub, using the processor nub;
      
      after verifying the OS nub, launching the OS nub.
  - 33. The method of claim 32, wherein the operation of storing an audit log within protected memory of a platform comprises storing an audit log including data representing the processor nub and the OS nub.

10. A platform comprising:
- a chipset;
  
  protected memory within the chipset;
  
  a processor in communication with the chipset;
  
  system memory in communication with the chipset, wherein the system memory comprises random access memory (RAM); and
  
  instructions encoded in the system memory, wherein the instructions, when executed by the processor, cause the platform to perform operations comprising;
  
  establishing an isolated memory area within the RAM and a normal memory area within the RAM, wherein the platform allows access to the isolated memory area only when the processor is in an isolated execution mode;
  
  loading at least one software module while the processor is operating in the isolated execution mode in a ring 0 operating mode;
  
  storing an audit log within the protected memory of the chipset, wherein the audit log includes data representing the software module loaded in the isolated execution mode; and
  
  in response to an attestation request, utilizing the audit log to generate a response that attests to integrity of the platform.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 11. A platform according to claim 10, wherein the operation of utilizing the audit log to generate a response that attests to integrity of the platform comprises:
    - utilizing a private key to digitally sign the audit log.
  - 12. A platform according to claim 10, wherein the instructions, when executed, cause the platform to perform further operations comprising:
    - transitioning from the isolated execution mode to a normal execution mode; and
      
      after transitioning to the normal execution mode, receiving the attestation request.
  - 13. A platform according to claim 10, whereinthe operation of loading at least one software module comprises loading at least one module selected from the group consisting of a processor nub and an operating system (OS) nub while the processor is operating in the isolated execution mode in the ring 0 operating mode;
    - andthe operation of storing an audit log within the protected memory comprises storing, in the audit log, data that represents at least one loaded module.
  - 14. A platform according to claim 10, wherein:
    - the operation of loading at least one software module comprises loading at least one module selected from the group consisting of a processor nub and an operating system (OS) nub while the processor is operating in the isolated execution mode within the ring 0 operating mode; and
      
      the operation of storing an audit log within protected memory comprises storing, in the audit log, cryptographic hash values for at least one loaded module.
  - 15. A platform according to claim 10, wherein:
    - the platform comprises a first platform; and
      
      the instructions, when executed, cause the platform to perform further operations comprising;
      
      receiving the attestation request from a second platform; and
      
      transmitting the response that attests to integrity of the platform to the second platform.
  - 16. A platform according to claim 10, wherein, under direction of the instructions, the platform performs further operations comprising:
    - receiving user input; and
      
      determining whether or not to provide remote attestation, based on the user input.
  - 17. A platform according to claim 10, wherein the protected memory in the chipset to store the audit log comprises single-write, multiple-read memory residing in an input/output (I/O) control hub.
  - 18. A platform according to claim 10, further comprising:
    - a remote attestation unit (RAU) to store keying information; and
      
      wherein the platform uses the keying information from the RAU to generate the response attesting to integrity of the platform.
  - 19. A platform according to claim 18, wherein the RAU comprises a core logic device.
  - 20. A platform according to claim 18, wherein the RAU comprises a removable token.
  - 21. A platform according to claim 10, wherein:
    - the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; and
      
      wherein the operation of loading at least one software module comprises loading at least one software module into the isolated memory area in the RAM while the platform is operating in the isolated execution mode.
  - 22. A platform according to claim 21, wherein:
    - the audit log represents at least one software module loaded into the isolated memory area.
  - 23. A platform according to claim 21, wherein the instructions, when executed, perform operations comprising:
    - executing a processor nub on the processor, with the processor running in the isolated execution mode;
      
      loading an operating system (OS) nub into the isolated memory area, the OS nub to manage at least a subset of an OS to run on the platform;
      
      verifying the OS nub, using the processor nub; and
      
      after verifying the OS nub, launching the OS nub.
  - 24. A platform according to claim 23, wherein the audit log comprises data representing the processor nub and the OS nub.

34. An apparatus comprising:
- a tangible machine accessible medium; and
  
  instructions encoded in the machine accessible medium, wherein the instructions, when executed on a platform by a processor, cause the platform to perform operations comprising;
  
  loading at least one software module while the processor is operating in an isolated execution mode in a ring 0 operating mode;
  
  storing an audit log in the platform, wherein the audit log includes data representing the software module loaded in the isolated execution mode; and
  
  in response to an attestation request, utilizing the audit log to generate a response that attests to integrity of the platform.
- View Dependent Claims (35)
- - 35. An apparatus according to claim 34, wherein:
    - the machine accessible medium comprises non-volatile memory; and
      
      the instructions, when executed, perform operations comprising;
      
      configuring the processor to run in the isolated execution mode in the ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;
      
      configuring the platform to establish an isolated memory area in a random access memory (RAM) of the platform, wherein the platform does not allow access to the isolated memory area if the processor is not in the isolated execution mode; and
      
      loading the software module into the isolated memory area in the RAM while the platform is operating in the isolated execution mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Reneris, Ken, Lin, Derrick C., Grawrock, David W., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Tran, Tongoc

Application Number

US09/541,108
Time in Patent Office

2,125 Days
Field of Search

713200-201, 713155-156, 713164-176, 713/180, 713/182, 380/30, 380259-266, 340/545.1, 711/163, 711/153, 711/152, 711/173, 711/170
US Class Current

713/164
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/305   by remotely controlling dev...

G06F 21/35   communicating wirelessly

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

G06F 21/74   operating in dual or compar...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2149   Restricted operating enviro...

G06F 9/30189   according to execution mode...

Platform and method for remote attestation of a platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for remote attestation of a platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links