System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
First Claim
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a method for booting the operating system comprising:
- executing an atomic operation to set an identity of the operating system into the software identity register of the CPU, wherein in an event that the atomic operation completes correctly, the software identity register contains the identity of the operating system and in an event that the atomic operation fails to complete correctly, the software identity register contains a value indicating that the atomic operation failed; and
examining a content of the software identity register to verify the identity of the operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.
-
Citations
16 Claims
-
1. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a method for booting the operating system comprising:
-
executing an atomic operation to set an identity of the operating system into the software identity register of the CPU, wherein in an event that the atomic operation completes correctly, the software identity register contains the identity of the operating system and in an event that the atomic operation fails to complete correctly, the software identity register contains a value indicating that the atomic operation failed; and examining a content of the software identity register to verify the identity of the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computer system having a central processing unit (CPU) and an operating system (OS), the CPU having a software identity register, a method comprising:
-
identifying a boot block of code in the OS that uniquely describes the OS; creating an identity of the OS from the boot block; and executing an atomic operation to set the identity of the operating system into the software identity register of the CPU, wherein in an event that the atomic operation completes correctly, the software identity register is set to contain the identity of the operating system, and in an event that the atomic operation does not complete correctly, the software identity register is set to contain a false value to indicate failure of the atomic operation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification