Enhancing security of a system via access by an embedded controller to a secure storage device
First Claim
1. A system, comprising:
- a host processor and memory;
an embedded microcontroller coupled to the host processor;
an auxiliary memory coupled to the embedded microcontroller, wherein the auxiliary memory stores program instructions for verifying system security; and
one or more pre-boot security components coupled to the embedded microcontroller;
wherein upon power-up, but before host processor boot-up, the embedded microcontroller is operable to;
execute the program instructions to verify system security using the one or more pre-boot security components; and
if system security is verified, permit the host processor to be booted;
wherein the embedded microcontroller is further configured to execute the program instructions to;
invoke one or more defensive measures if system security cannot be verified; and
control access to one or more devices coupled to the system, and wherein the one or more defensive measures comprises blocking access to the one or more devices; and
wherein at least one of the one or more pre-boot security components comprises a trusted platform module (TPM), wherein the one or more devices comprises at least one other of the one or more pre-boot security components, and wherein, to verify system security using the one or more pre-boot security components, the embedded microcontroller is configured to execute the program instructions to verify access rights using the TPM.
10 Assignments
0 Petitions
Accused Products
Abstract
System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.
-
Citations
14 Claims
-
1. A system, comprising:
-
a host processor and memory; an embedded microcontroller coupled to the host processor; an auxiliary memory coupled to the embedded microcontroller, wherein the auxiliary memory stores program instructions for verifying system security; and one or more pre-boot security components coupled to the embedded microcontroller; wherein upon power-up, but before host processor boot-up, the embedded microcontroller is operable to; execute the program instructions to verify system security using the one or more pre-boot security components; and if system security is verified, permit the host processor to be booted; wherein the embedded microcontroller is further configured to execute the program instructions to; invoke one or more defensive measures if system security cannot be verified; and control access to one or more devices coupled to the system, and wherein the one or more defensive measures comprises blocking access to the one or more devices; and wherein at least one of the one or more pre-boot security components comprises a trusted platform module (TPM), wherein the one or more devices comprises at least one other of the one or more pre-boot security components, and wherein, to verify system security using the one or more pre-boot security components, the embedded microcontroller is configured to execute the program instructions to verify access rights using the TPM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for verifying security in a computer system comprising a host processor and memory, the method comprising:
-
upon power-up, but before host processor boot-up, an embedded microcontroller coupled to the host processor and memory accessing an auxiliary memory that stores program instructions for verifying system security, and executing the program instructions to verify system security using one or more pre-boot security components coupled to the embedded microcontroller; if system security is verified, invoking boot-up of the host processor; if system security cannot be verified, invoking one or more defensive measures; and controlling access to one or more devices coupled to the system, wherein the one or more defensive measures comprises blocking access to the one or more devices; wherein at least one of the one or more pre-boot security components comprises a trusted platform module (TPM), wherein the one or more devices comprises at least one other of the one or more pre-boot security components, and wherein executing the program instructions to verify system security using the one or more pre-boot security components comprises executing the program instructions verify access rights using the TPM.
-
Specification