Core initialization code validation
First Claim
1. A computer system for validating initializing code, the computer system comprising:
- a central processing unit capable of executing instructions embodied as software; and
a plurality of software portions, whereina first one of said software portions is configured to initiate loading of core boot components;
a second one of said software portions is configured to generate hash values for the core boot components;
a third one of said software portions is configured to store the generated hash values in at least one configuration register;
a fourth one of said software portions is configured to retrieve from a trusted source an expected state of the at least one configuration register storing the generated hash values;
a fifth one of said software portions is configured to compare the expected state of the at least one configuration register to the stored hash values;
responsive to the expected state of the at least one configuration register matching the stored hash values, a sixth one of said software portions is configured to retrieve from the trusted source an expected state of a hash value of a hash list;
a seventh one of said software portions is configured to compare the expected state of the hash value of the hash list to a computed hash value of the hash list;
responsive to the expected state of the hash value of the hash list matching the computed hash value of the hash list, an eighth one of said software portions is configured to use the hash list to validate core computer system files,wherein the core boot components comprise the second one of said software portions.
2 Assignments
0 Petitions
Accused Products
Abstract
Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.
-
Citations
8 Claims
-
1. A computer system for validating initializing code, the computer system comprising:
-
a central processing unit capable of executing instructions embodied as software; and a plurality of software portions, wherein a first one of said software portions is configured to initiate loading of core boot components; a second one of said software portions is configured to generate hash values for the core boot components; a third one of said software portions is configured to store the generated hash values in at least one configuration register; a fourth one of said software portions is configured to retrieve from a trusted source an expected state of the at least one configuration register storing the generated hash values; a fifth one of said software portions is configured to compare the expected state of the at least one configuration register to the stored hash values; responsive to the expected state of the at least one configuration register matching the stored hash values, a sixth one of said software portions is configured to retrieve from the trusted source an expected state of a hash value of a hash list; a seventh one of said software portions is configured to compare the expected state of the hash value of the hash list to a computed hash value of the hash list; responsive to the expected state of the hash value of the hash list matching the computed hash value of the hash list, an eighth one of said software portions is configured to use the hash list to validate core computer system files, wherein the core boot components comprise the second one of said software portions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification