Boot blocks for software
First Claim
Patent Images
1. In a computer system having a central processing unit and a software identity register, a method comprising:
- executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software and if the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the piece of software; and
examining the software identity register to verify the identity of the piece of software;
wherein the identity comprises a public key of a correctly signed block of code from the piece of software, and the examining comprises verifying a signature of the signed block of code against the public key.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.
184 Citations
57 Claims
-
1. In a computer system having a central processing unit and a software identity register, a method comprising:
-
executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software and if the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the piece of software; and examining the software identity register to verify the identity of the piece of software; wherein the identity comprises a public key of a correctly signed block of code from the piece of software, and the examining comprises verifying a signature of the signed block of code against the public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. In a computer system having a central processing unit and a software identity register, a method comprising:
-
executing an atomic operation to set an identity of a piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software and if the atomic operation fails to complete correctly, the software identity register contains a value other than the identity of the piece of software; and examining the software identity register to verify the identity of the piece of software, wherein the piece of software includes a boot block that includes a block of code and, wherein the boot block further includes; a signature obtained from signing the block of code; and a public key from a key pair. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. In a computer system having a central processing unit (CPU), a piece of software, and a software identity register, a method comprising:
-
identifying a boot block of code associated with the piece of software that uniquely describes the piece of software; creating an identity of the piece of software from the boot block, wherein the creating comprises signing the boot block using a private key from a key pair to form a signature, and wherein the signature and a corresponding public key from the key pair together form the identity of the piece of software; and executing an atomic operation to set the identity of the piece of software into the software identity register, wherein if the atomic operation completes correctly, the software identity register contains the identity of the piece of software. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A computer comprising:
-
a nonvolatile memory having a piece of software stored therein, wherein the piece of software has a block of code; a software identity register; a central processing unit (CPU) coupled to the memory, wherein the CPU holds a manufacturer certificate signed by a manufacturer of the CPU; and the piece of software being booted for execution on the CPU according to a sequence that begins with an atomic operation, wherein if the atomic operation completes correctly, the software identity register is set to the identity of the piece of software. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
-
-
40. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
load a boot block for a piece of software, wherein the boot block includes a block of code, and wherein the boot block further includes a length specifying a number of bytes in the block of code; generate a value based on the block of code and one or more constants; and set the value into a software identity register of one of the one or more processors. - View Dependent Claims (41, 42, 43, 44, 45, 46)
-
-
47. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
load a boot block for a piece of software, wherein the boot block includes a block of code, and wherein the boot block further includes one or more constants to be used to validate subsequent operating system components; generate a value based on the block of code and the one or more constants; and set the value into a software identity register of one of the one or more processors. - View Dependent Claims (48, 49, 50, 51, 52)
-
-
53. One or more computer readable memories having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to:
-
load a boot block for a piece of software, wherein the boot block includes a block of code; generate a value based on the block of code and one or more constants, wherein the value comprises a digest of the block of code and the one or more constants; and set the value into a software identity register of one of the one or more processors. - View Dependent Claims (54, 55, 56, 57)
-
Specification