System and method for protected operating system boot using state validation

US 7,694,121 B2
Filed: 06/30/2004
Issued: 04/06/2010
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium encoded with computer executable instructions, the computer readable storage medium comprising:

instructions for loading an operating system loader, the operating system loader configured to load an operating system;

instructions for validating a digital signature of the operating system loader;

instructions for zeroing at least a portion of system memory;

instructions for executing the operating system loader; and

instructions for transmitting a system key to the operating system loader.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader'"'"'s future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader'"'"'s behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

Citations

24 Claims

1. A computer-readable storage medium encoded with computer executable instructions, the computer readable storage medium comprising:
- instructions for loading an operating system loader, the operating system loader configured to load an operating system;
  
  instructions for validating a digital signature of the operating system loader;
  
  instructions for zeroing at least a portion of system memory;
  
  instructions for executing the operating system loader; and
  
  instructions for transmitting a system key to the operating system loader.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-readable storage medium of claim 1, wherein the computer executable instructions further comprises:
    - instructions for executing a logon program that gates access to said system key.
  - 3. The computer-readable medium storage of claim 2, wherein the computer executable instructions for executing the logon program further comprise:
    - instructions for validating credentials; and
      
      instructions for accessing the system key in response to receiving valid credentials.
  - 4. The computer-readable storage medium of claim 1, wherein said system key is usable to decrypt an encrypted operating system partition.
  - 5. The computer-readable storage medium of claim 1, wherein the instructions for loading the operating system loader are configured to be executed prior to instructions for loading a basic input output system, instructions for loading an option ROM, instructions for loading a master boot record, and instructions for loading a boot sector.
  - 6. The computer-readable storage medium of claim 5, wherein the instructions for validating the digital signature of the operating system loaded are configured to execute after at least a portion of the operating system loader code has executed.
  - 7. The computer-readable storage medium of claim 6, wherein the instructions for validating the digital signature of the operating system loaded are configured to execute after all or substantially all of an operating system has started, or after some number of partitions have started, each of said partitions comprising an environment from which some degree of isolation from other partitions is maintained by a hypervisor.
  - 8. The computer-readable storage medium of claim 1, wherein the instructions for validating the digital signature are included in instructions for a first operating system and the operating system loader is configured to load instructions for a second operating system.
  - 9. The computer-readable medium storage of claim 8, wherein the first instructions for the first operating system are configured to execute in a first partition and the instructions for the second operating system are configured to execute in a second partition.
  - 10. The computer-readable storage medium of claim 9, wherein a hypervisor is configured to mange the first and second partition.
  - 11. The computer-readable storage medium of claim 1, wherein said operating system loader is one of an entire operating system and an entire instance of an operating system.

12. A system for performing a boot of an operating system under circumstances that provide assurances as to the reliability of the boot, the system comprising:
- system hardware including system memory;
  
  circuitry configured to validate a digital signature of an operating system loader;
  
  circuitry configured to set at least a portion of the system memory to a known state by zeroing at least the portion of the system memory;
  
  circuitry configured execute the operating system loader when at least a portion of the system memory has been set to the known state; and
  
  circuitry configured to reveal a system key to a validated operating system loader.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, further comprising:
    - circuitry configured to encrypt the system key with a first key, the first key the first key generated from at least a portion of a binary of the operating system loader.
  - 14. The system of claim 12, wherein said circuitry configured to validate the digital signature is configured to validate the digital signature of the operating system loader after at least a portion of the operating system loader has executed and before the operating system loader has initialized a kernel or a device driver.
  - 15. The system of claim 12, wherein the operating system loader is a component of a first operating system that operates in a first partition and the operating system loader is configured to load a second operating system in a second partition.
  - 16. The system of claim 15, wherein the first operating system and the second operating system are managed by a hypervisor.

17. A method of booting an operating system comprising:
- executing a basic input output system, an option ROM, a master boot record, and a boot sector;
  
  starting an operating system loader;
  
  validating said operating system loader;
  
  validating a state of a machine on which said operating system loader executes by zeroing at least a portion of system memory;
  
  if said operating system loader, and said state of said machine, are determined to be valid, then allowing said operating system loader to load an operating system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein a key that is necessary to correctly perform at least one function under said operating system is sealed to a validator that performs said acts of validating an operating system loader and validating a machine state, and wherein the method further comprises:
    - if the operating system loader and the machine state are valid, then unsealing said key and providing said key to said operating system loader.
  - 19. The method of claim 17, further comprising:
    - after said operating system has been loaded, executing a logon program that gates access to said key.
  - 20. The method of claim 17, wherein said logon program either allows or disallows components of said operating system to use said key depending on whether a user successfully completes an authentication procedure.
  - 21. The method of claim 17, wherein said acts of validating said operating system loader and validating said machine state are performed after said operating system loader has performed at least one action.
  - 22. The method of claim 21, wherein said acts of validating said operating system loader and validating said machine state are performed at a point in time before resetting the machine state will prevent the loader from functioning correctly to load said operating system.
  - 23. The method of claim 17, wherein said machine comprises a physical machine.
  - 24. The method of claim 17, wherein said machine comprises a virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
McMichael, Lonnie Dean, LaSalle, Derek Norman, Paley, Mark Eliot, Jacomet, Pierre, England, Paul, Ray, Kenneth D., Cross, David B., Hunter, Jamie, Willman, Bryan Mark, Kurien, Thekkthalackal Varugis
Primary Examiner(s)
Peeso; Thomas R

Application Number

US10/882,134
Publication Number

US 20060005034A1
Time in Patent Office

2,106 Days
Field of Search

713/2, 713/161, 713/165, 713/172
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

G06F 9/4401 Bootstrapping security arra...

System and method for protected operating system boot using state validation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protected operating system boot using state validation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links