System and method for protected operating system boot using state validation
First Claim
1. A computer-readable storage medium encoded with computer executable instructions, the computer readable storage medium comprising:
- instructions for loading an operating system loader, the operating system loader configured to load an operating system;
instructions for validating a digital signature of the operating system loader;
instructions for zeroing at least a portion of system memory;
instructions for executing the operating system loader; and
instructions for transmitting a system key to the operating system loader.
3 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader'"'"'s future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader'"'"'s behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
-
Citations
24 Claims
-
1. A computer-readable storage medium encoded with computer executable instructions, the computer readable storage medium comprising:
-
instructions for loading an operating system loader, the operating system loader configured to load an operating system; instructions for validating a digital signature of the operating system loader; instructions for zeroing at least a portion of system memory; instructions for executing the operating system loader; and instructions for transmitting a system key to the operating system loader. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for performing a boot of an operating system under circumstances that provide assurances as to the reliability of the boot, the system comprising:
-
system hardware including system memory; circuitry configured to validate a digital signature of an operating system loader; circuitry configured to set at least a portion of the system memory to a known state by zeroing at least the portion of the system memory; circuitry configured execute the operating system loader when at least a portion of the system memory has been set to the known state; and circuitry configured to reveal a system key to a validated operating system loader. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of booting an operating system comprising:
-
executing a basic input output system, an option ROM, a master boot record, and a boot sector; starting an operating system loader; validating said operating system loader; validating a state of a machine on which said operating system loader executes by zeroing at least a portion of system memory; if said operating system loader, and said state of said machine, are determined to be valid, then allowing said operating system loader to load an operating system. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification