×

Booting and configuring a subsystem securely from non-local storage

  • US 8,589,667 B2
  • Filed: 11/11/2010
  • Issued: 11/19/2013
  • Est. Priority Date: 04/19/2010
  • Status: Active Grant
First Claim
Patent Images

1. A portable device, comprising:

  • an application processor;

    a first random access memory (RAM) coupled to the application processor, the first RAM having executed therein a first operating system (OS) that provides an operating environment for the application processor;

    a non-volatile storage device coupled to the application processor and the first RAM, the non-volatile storage device storing data accessed by the application processor via the first OS;

    a wireless communications processor coupled to the application processor over an internal bus;

    a second RAM coupled to the wireless communications processor, the second RAM having executed therein a second OS that provides an operating environment for the wireless communications processor,wherein the wireless communications processor is configured to access the non-volatile storage device via a communications link over the internal bus to fetch a boot code image from the non-volatile storage device to boot the wireless communications processor, to establish the second OS, and to access data associated with the wireless communications processor in the non-volatile storage device during normal operations,wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, andwherein the second RAM includes a cryptographic unit executed therein, and wherein in response to a command for accessing the non-volatile storage device, the cryptographic unit is configured to encrypt and decrypt data to and from the non-volatile storage device over the communications link, using a storage key that is derived from a unique identifier (UID) that uniquely identifies the wireless communications processor.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×