Methods and apparatus for batch bound authentication

US 8,068,614 B2
Filed: 09/28/2007
Issued: 11/29/2011
Est. Priority Date: 09/28/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for verifying data and hardware in a processing system, the method comprising:

in a processing system having a system firmware that includes pre-boot authentication logic, reading a processor identifier from a processor in the processing system;

determining in a processing unit of the processor according to a function, whether the processor belongs to a batch of processors associated with a specific vendor of processing systems, based at least in part on the processor identifier and a batch identifier having a pair of numbers to uniquely identify the batch of processors;

automatically determining in the processing unit whether the system firmware is authentic, based at least in part on a digitally signed message, including computing a hash of the system firmware, computing a batch bound signature using the hash, a batch bound key, and the batch identifier, and comparing the computed batch bound signature to a batch bound signature stored in the system firmware;

determining whether or not to execute the system firmware, based at least in part on the determinations of whether the processor belongs to the batch of processors and whether the system firmware is authentic; and

automatically allowing the processing system to boot in response to determinations that the processor belongs to the batch of processors and the system firmware is authentic, and automatically terminating a boot process in response to a determination that processor does not belong to the batch of processors or the system firmware is not authentic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing system may include a processing unit and nonvolatile storage responsive to the processing unit. The nonvolatile storage may include a candidate boot code module and an authentication code module. The processing unit may be configured to execute code from the authentication code module before executing code from the candidate boot code module. The authentication code module may have instructions which, when executed by the processing unit, cause the processing unit to read a processor identifier from the processing unit and determine whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier, before executing any instructions from the candidate boot code module. The processing system may also test authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. Other embodiments are described and claimed.

Citations

14 Claims

1. A method for verifying data and hardware in a processing system, the method comprising:
- in a processing system having a system firmware that includes pre-boot authentication logic, reading a processor identifier from a processor in the processing system;
  
  determining in a processing unit of the processor according to a function, whether the processor belongs to a batch of processors associated with a specific vendor of processing systems, based at least in part on the processor identifier and a batch identifier having a pair of numbers to uniquely identify the batch of processors;
  
  automatically determining in the processing unit whether the system firmware is authentic, based at least in part on a digitally signed message, including computing a hash of the system firmware, computing a batch bound signature using the hash, a batch bound key, and the batch identifier, and comparing the computed batch bound signature to a batch bound signature stored in the system firmware;
  
  determining whether or not to execute the system firmware, based at least in part on the determinations of whether the processor belongs to the batch of processors and whether the system firmware is authentic; and
  
  automatically allowing the processing system to boot in response to determinations that the processor belongs to the batch of processors and the system firmware is authentic, and automatically terminating a boot process in response to a determination that processor does not belong to the batch of processors or the system firmware is not authentic.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein the operation of determining whether the processor belongs to the batch of processors associated with the specific vendor comprises:
    - determining whether the processor identifier belongs to a set of processor identifiers assigned to the specific vendor by a processor manufacturer.
  - 3. A method according to claim 1, wherein the operation of determining whether the processor belongs to the batch of processors associated with the specific vendor comprises:
    - obtaining the batch identifier from non-volatile storage in the processing system, wherein the batch identifier defines the batch of processors assigned to the specific vendor by a processor manufacturer; and
      
      determining whether the processor has been assigned to the specific vendor by the processor manufacturer, based at least in part on the processor identifier and the batch identifier.
  - 4. A method according to claim 1, further comprising:
    - before determining whether the processor belongs to the batch of processors, retrieving the data to identify the batch of processors from an augmented authentication code module (AACM) in the processing system.
  - 5. A method according to claim 1, wherein the system firmware comprises a basic input/output system (BIOS).
  - 6. A method according to claim 1, wherein the batch bound signature is stored in an authentication code module by the specific vendor, the authentication code module generated by a processor manufacturer responsive to receipt of the batch bound key, the batch bound signature and the batch identifier from the specific vendor.

7. A processing system comprising:
- a processor comprising a central processing unit including a plurality of processing units and having a processor identifier;
  
  a candidate boot code module stored in at least one nonvolatile storage component; and
  
  an authentication code module stored in the at least one nonvolatile storage component;
  
  the processor configured to execute code from the authentication code module before executing code from the candidate boot code module; and
  
  wherein the authentication code module comprises instructions which, when executed by the processor, cause the processing system to perform operations comprising;
  
  reading the processor identifier from the processor;
  
  determining whether the processor belongs to a batch of processors associated with a specific vendor of processing systems, based at least in part on the processor identifier and a batch identifier having a pair of numbers to uniquely identify the batch of processors, before executing any instructions from the candidate boot code module;
  
  testing authenticity of the candidate boot code module before executing any instructions from the candidate boot code module, including computing a hash of the candidate boot code module, computing a batch bound signature using the hash, a batch bound key, and the batch identifier, and comparing the computed batch bound signature to a batch bound signature stored in the at least one nonvolatile storage component; and
  
  automatically allowing the processing system to boot in response to determinations that the processor belongs to the batch of processors and the candidate boot code module is authentic, and automatically terminating a boot process in response to a determination that processor does not belong to the batch of processors or the candidate boot code module is not authentic.
- View Dependent Claims (8, 9, 10)
- - 8. A processing system according to claim 7, wherein:
    - the authentication code module further comprises a secret key of the specific vendor; and
      
      the candidate boot code module comprises a firmware image, signed using the secret key.
  - 9. A processing system according to claim 7, wherein the operation of determining whether the processor belongs to the batch of processors associated with the specific vendor comprises:
    - determining whether the processor identifier belongs to a set of processor identifiers assigned to the specific vendor by a processor vendor.
  - 10. A processing system according to claim 7, wherein the operation of determining whether the processor belongs to the batch of processors associated with the specific vendor comprises:
    - obtaining the batch identifier from the at least one nonvolatile storage component, wherein the batch identifier defines the batch of processors assigned to the specific vendor by a processor vendor; and
      
      determining whether the processor has been assigned to the specific vendor by the processor vendor, based at least in part on the processor identifier and the batch identifier.

11. An apparatus comprising:
- a non-transitory machine-accessible storage medium; and
  
  an authentication code module in the machine-accessible storage medium, wherein the authentication code module comprises instructions which, when executed by a processor of a processing system, cause the processing system to perform operations comprising;
  
  reading a processor identifier from the processor;
  
  determining in a processing unit of the processor according to a function, whether the processor belongs to a batch of processors associated with a particular vendor of processing systems, based at least in part on the processor identifier and a batch identifier having a pair of numbers to uniquely identify the batch of processors; and
  
  testing authenticity of a candidate boot code module before executing any instructions from the candidate boot code module, including computing a hash of the candidate boot code module, computing a batch bound signature using the hash, a batch bound key, and the batch identifier, and comparing the computed batch bound signature to a batch bound signature stored in the authentication code module; and
  
  automatically allowing the apparatus to boot in response to the processor belonging to the batch of processors and the candidate boot code module being authentic, and automatically terminating a boot process in response to the processor not belonging to the batch of processors or the candidate boot code module not being authentic.
- View Dependent Claims (12, 13, 14)
- - 12. An apparatus according to claim 11, wherein the authentication code module further comprises:
    - the batch identifier to define the batch of processors assigned to the particular vendor by a processor vendor.
  - 13. An apparatus according to claim 11, wherein the authentication code module further comprises:
    - a digitally signed message involving a digital signature applied to a message comprising data to identify approved system firmware.
  - 14. An apparatus according to claim 11, wherein the authentication code module further comprises:
    - a digitally signed message involving a digital signature applied to a message comprising;
      
      data to identify approved system firmware; and
      
      the batch identifier to define the batch of processors assigned to the particular vendor by a processor vendor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Kumar, Mohan J., Gueron, Shay
Primary Examiner(s)
Gergiso; Techane

Application Number

US11/864,887
Publication Number

US 20090086981A1
Time in Patent Office

1,523 Days
Field of Search

380/285, 710/8, 713/176
US Class Current

380/285
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 21/575 Secure boot

Methods and apparatus for batch bound authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for batch bound authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links