Secure bootloader for securing digital devices
First Claim
Patent Images
1. A method for ensuring security during the power-on process of a digital device and its contents comprising the steps of:
- disposing a read only memory storing a bootloader program for control of the programmable data processor, a first read only memory location storing a manufacturer identifier and a second read only memory location storing a device identifier unique to that digital device on a same semiconductor chip as a programmable data processor, the first read only memory location and the second read only memory location not accessible external to the semiconductor chip and not modifiable;
upon each power-up of the digital device controlling the programmable data processor via the bootloader program to;
A. read the manufacturer identifier from the first read only memory location;
B. read the device identifier from the second read only memory location;
C. compute a first encryption/decryption key using the manufacturer identifier and the device identifier;
D. read an encrypted second encryption/decryption key from a memory;
E. decrypt the second encryption/decryption key using the first encryption/decryption key;
F. read an encrypted program file from a memory;
G. compute a hashing value for said encrypted program file;
H. decrypt said encrypted program file using the decrypted second encryption/decryption key;
I. store said decrypted program file in a memory;
J. read a hashing value associated with the program file from a memory;
K. compare said computed hashing value with said read hashing value;
L. execute said decrypted program file via the programmable data processor if said comparison was equal; and
M. assert an error message if said comparison was not equal.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure bootloader for securing software and systems in a digital device 110 by ensuring only encrypted and authenticated boot software is loaded and executed in the digital device 110. The encrypted boot software is read into the device 110 and authenticated. If the boot software is not authenticated, then the digital device 110 does not boot.
104 Citations
5 Claims
-
1. A method for ensuring security during the power-on process of a digital device and its contents comprising the steps of:
-
disposing a read only memory storing a bootloader program for control of the programmable data processor, a first read only memory location storing a manufacturer identifier and a second read only memory location storing a device identifier unique to that digital device on a same semiconductor chip as a programmable data processor, the first read only memory location and the second read only memory location not accessible external to the semiconductor chip and not modifiable; upon each power-up of the digital device controlling the programmable data processor via the bootloader program to; A. read the manufacturer identifier from the first read only memory location; B. read the device identifier from the second read only memory location; C. compute a first encryption/decryption key using the manufacturer identifier and the device identifier; D. read an encrypted second encryption/decryption key from a memory; E. decrypt the second encryption/decryption key using the first encryption/decryption key; F. read an encrypted program file from a memory; G. compute a hashing value for said encrypted program file; H. decrypt said encrypted program file using the decrypted second encryption/decryption key; I. store said decrypted program file in a memory; J. read a hashing value associated with the program file from a memory; K. compare said computed hashing value with said read hashing value; L. execute said decrypted program file via the programmable data processor if said comparison was equal; and M. assert an error message if said comparison was not equal.
-
-
2. A method for ensuring a secure code re-authoring session during the boot process in a digital device comprising the steps of:
-
A. disposing a read only memory storing a bootloader program for control of the programmable data processor, a first read only memory location storing a manufacturer identifier and a second read only memory location storing a device identifier unique to that digital device on a same semiconductor chip as a programmable data processor, the first read only memory location and the second read only memory location not accessible external to the semiconductor chip and not modifiable; B. controlling the data processor via the bootloader program to read the manufacturer identifier from the first read only memory location; C. controlling the data processor via the bootloader program to read the device identifier from the second read only memory location; D. controlling the data processor via the bootloader program to compute a first encryption/decryption key from the manufacturer identifier; E. controlling the data processor via the bootloader program to compute a second encryption/decryption key from the manufacturer identifier and the device identifier; F. controlling the data processor via the bootloader program to read an encrypted program file; G. controlling the data processor via the bootloader program to compute a first hashing value with said read encrypted program file; H. controlling the data processor via the bootloader program to decrypt said read encrypted program file using the first encryption/decryption key; I. controlling the data processor via the bootloader program to re-encrypt said decrypted program file using the second encryption/decryption key; J. controlling the data processor via the bootloader program to store said re-encrypted program file in a memory; K. controlling the data processor via the bootloader program to compute a second hashing value with said re-encrypted program file; L. controlling the data processor via the bootloader program to read a third hashing value associated with the program file from a memory; M. controlling the data processor via the bootloader program to compare said first hashing value with the third hashing value; N. controlling the data processor via the bootloader program to store second hashing value if said comparison was equal; and O. controlling the data processor via the bootloader program to assert an error message if said comparison was not equal.
-
-
3. A digital device comprising:
-
a programmable data processor; a first read only memory location disposed on a same semiconductor chip as said programmable data processor storing a manufacturer identifier not accessible external to said semiconductor chip and not modifiable; a second read only memory location disposed on said same semiconductor chip as said programmable data processor storing a device identifier unique to that digital device not accessible external to said semiconductor chip and not modifiable; a read only memory disposed on said same semiconductor chip as said programmable data processor storing a bootloader program for control of the programmable data processor, said bootloader program operable to control the data processor upon each power-up of the digital device to; A. read the manufacturer identifier from the first read only memory location; B. read the device identifier from the second read only memory location; C. compute a first encryption/decryption key using the manufacturer identifier and the device identifier; D. read an encrypted second encryption/decryption key from a memory; E. decrypt the second encryption/decryption key using the first encryption/decryption key; F. read an encrypted program file from a memory; G. compute a hashing value for said encrypted program file; H. decrypt said encrypted program file using the decrypted second encryption/decryption key; I. store said decrypted program file in a memory; J. read a hashing value associated with the program file from a memory; K. compare said computed hashing value with said read hashing value; L. execute said decrypted program file via the programmable data processor if said comparison was equal; and M. assert an error message if said comparison was not equal. - View Dependent Claims (4)
-
-
5. A digital device comprising:
-
a programmable data processor; a first read only memory location disposed on a same semiconductor chip as said programmable data processor storing a manufacturer identifier not accessible external to said semiconductor chip and not modifiable; a second read only memory location disposed on said same semiconductor chip as said programmable data processor storing a device identifier unique to that digital device not accessible external to said semiconductor chip and not modifiable; a read only memory disposed on said same semiconductor chip as said programmable data processor storing a bootloader program for control of the programmable data processor, said bootloader program operable to control the data processor upon each power-up of the digital device to; A. read the manufacturer identifier from the first read only memory location; B. read the device identifier from the second read only memory location; C. compute a first encryption/decryption key from the manufacturer identifier; D. compute a second encryption/decryption key from the manufacturer identifier and the device identifier; E. read an encrypted program file; F. compute a first hashing value with said read encrypted program file; G. decrypt said read encrypted program file using the first encryption/decryption key; H. re-encrypt said decrypted program file using the second encryption/decryption key; I. store said re-encrypted program file in a memory; J. compute a second hashing value with said re-encrypted program file; K. read a third hashing value associated with the program file from a memory; L. compare said first hashing value with the third hashing value; M. store second hashing value if said comparison was equal; and N. assert an error message if said comparison was not equal.
-
Specification