Platform and method for remote attestation of a platform
First Claim
Patent Images
1. A method comprising:
- configuring a processor of a platform to operate in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode;
loading at least one software module into a random access memory (RAM) of the platform while the platform is operating in the isolated execution mode;
storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode;
retrieving the audit log from the protected memory in response to receiving an attestation request; and
digitally signing the audit log to produce a digital signature in response to the attestation request.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.
31 Citations
16 Claims
-
1. A method comprising:
-
configuring a processor of a platform to operate in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a normal execution mode in at least the ring 0 operating mode; loading at least one software module into a random access memory (RAM) of the platform while the platform is operating in the isolated execution mode; storing an audit log within protected memory of the platform, the audit log including data representing the software module loaded in the isolated execution mode; retrieving the audit log from the protected memory in response to receiving an attestation request; and digitally signing the audit log to produce a digital signature in response to the attestation request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
configuring a processor of a processing system to operate in an isolated execution mode in a ring 0 operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode in at least the ring 0 operating mode; configuring the processing system to establish an isolated memory area in a random access memory (RAM) of the processing system and a non-isolated memory area in the RAM, wherein the processing system does not allow access to the isolated memory area if the processor is not in the isolated execution mode; loading at least one software module into the isolated memory area of the RAM while the processor is operating in the isolated execution mode; storing an audit log in the processing system, the audit log including data representing the software module loaded into the isolated memory area; retrieving the audit log in response to receiving an attestation request; and digitally signing the audit log to produce a digital signature in response to the attestation request. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification