Booting and configuring a subsystem securely from non-local storage
First Claim
1. A portable device, comprising:
- an application processor;
a first random access memory (RAM) coupled to the application processor, the first RAM having executed therein a first operating system (OS) that provides an operating environment for the application processor;
a non-volatile storage device coupled to the application processor and the first RAM, the non-volatile storage device storing data accessed by the application processor via the first OS;
a wireless communications processor coupled to the application processor over an internal bus;
a second RAM coupled to the wireless communications processor, the second RAM having executed therein a second OS that provides an operating environment for the wireless communications processor,wherein the wireless communications processor is configured to access the non-volatile storage device via a communications link over the internal bus to fetch a boot code image from the non-volatile storage device to boot the wireless communications processor, to establish the second OS, and to access data associated with the wireless communications processor in the non-volatile storage device during normal operations,wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, andwherein the second RAM includes a cryptographic unit executed therein, and wherein in response to a command for accessing the non-volatile storage device, the cryptographic unit is configured to encrypt and decrypt data to and from the non-volatile storage device over the communications link, using a storage key that is derived from a unique identifier (UID) that uniquely identifies the wireless communications processor.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one aspect, a multifunctional computing device having a wireless communications processor (e.g., cellular processor) and an application processor (e.g., general-purpose processor such as a CPU) share a storage device that is associated with or attached to the application processor. An example of such a multifunctional computing device may be a Smartphone device having a cellular phone and handheld computer functionalities. There is no specific storage device directly associated with or attached to the wireless communications processor (hereinafter simply referred to as a wireless processor). Instead, the wireless processor communicates with the application processor via a high speed communications link, such as a USB link, to access code and data stored in the storage device (e.g., flash memory device) associated with the application processor.
-
Citations
17 Claims
-
1. A portable device, comprising:
-
an application processor; a first random access memory (RAM) coupled to the application processor, the first RAM having executed therein a first operating system (OS) that provides an operating environment for the application processor; a non-volatile storage device coupled to the application processor and the first RAM, the non-volatile storage device storing data accessed by the application processor via the first OS; a wireless communications processor coupled to the application processor over an internal bus; a second RAM coupled to the wireless communications processor, the second RAM having executed therein a second OS that provides an operating environment for the wireless communications processor, wherein the wireless communications processor is configured to access the non-volatile storage device via a communications link over the internal bus to fetch a boot code image from the non-volatile storage device to boot the wireless communications processor, to establish the second OS, and to access data associated with the wireless communications processor in the non-volatile storage device during normal operations, wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, and wherein the second RAM includes a cryptographic unit executed therein, and wherein in response to a command for accessing the non-volatile storage device, the cryptographic unit is configured to encrypt and decrypt data to and from the non-volatile storage device over the communications link, using a storage key that is derived from a unique identifier (UID) that uniquely identifies the wireless communications processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A portable device, comprising:
-
an application processor; a first random access memory (RAM) coupled to the application processor, the first RAM having executed therein a first operating system (OS) that provides an operating environment for the application processor; a non-volatile storage device coupled to the application processor and the first RAM, the non-volatile storage device storing data accessed by the application processor via the first OS; a wireless communications processor coupled to the application processor over an internal bus; a second RAM coupled to the wireless communications processor, the second RAM having executed therein a second OS that provides an operating environment for the wireless communications processor, wherein the wireless communications processor is configured to access the non-volatile storage device via a communications link over the internal bus to fetch a boot code image from the non-volatile storage device to boot the wireless communications processor, to establish the second OS, and to access data associated with the wireless communications processor in the non-volatile storage device during normal operations, wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, and wherein in response to a command to update data, a session key is generated and encrypted by a storage key that is derived from a unique identifier (UID) uniquely identifying the wireless communications processor to generate a recovery blob, wherein the recovery blob and the session key encrypted by a public key are transmitted to an authorization server, and wherein in response to data and a recovery blob received from a provisioning server, the session key is recovered from the recovery blob by decrypting the recovery blob using the storage key, wherein the recovered session key is used to decrypt the data received from the provisioning server. - View Dependent Claims (9)
-
-
10. A machine-implemented method for operating a portable device, the method comprising:
-
in response to a boot command, executing a read-only memory (ROM) boot loader from a secure ROM of a wireless communications processor, wherein the ROM boot loader initializes hardware associated with wireless communications processor of the portable device; establishing, by the ROM boot loader, a communication link with an application processor of the portable device over an internal bus that couples the wireless communications processor with the application processor; fetching, by the ROM boot loader, a boot code image from a non-volatile storage device over the communication link, wherein the non-volatile storage device is associated with and accessed by the application processor via a first operating system (OS) executed within a first random-access memory (RAM) associated with the application processor; authenticating, by the ROM boot loader, the boot code image; upon having successfully authenticated the boot code image, the ROM boot loader launching the boot code image into a second RAM associated with the wireless communications processor to establish a second OS for the wireless communications processor, wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain from the secure ROM and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, wherein the boot code image is authenticated by the ROM boot loader using a digital certificate stored in the secure ROM, wherein the digital certificate is derived from a unique identifier (UID) that uniquely identifies the wireless communications processor; and in response to a command for accessing the non-volatile storage device, encrypting and decrypting data to and from the non-volatile storage device over the communications link, using the storage key. - View Dependent Claims (11, 12)
-
-
13. A machine-implemented method for operating a portable device, the method comprising:
-
in response to a boot command, executing a read-only memory (ROM) boot loader from a secure ROM of a wireless communications processor, wherein the ROM boot loader initializes hardware associated with wireless communications processor of the portable device; establishing, by the ROM boot loader, a communication link with an application processor of the portable device over an internal bus that couples the wireless communications processor with the application processor; fetching, by the ROM boot loader, a boot code image from a non-volatile storage device over the communication link, wherein the non-volatile storage device is associated with and accessed by the application processor via a first operating system (OS) executed within a first random-access memory (RAM) associated with the application processor; authenticating, by the ROM boot loader, the boot code image; upon having successfully authenticated the boot code image, the ROM boot loader launching the boot code image into a second RAM associated with the wireless communications processor to establish a second OS for the wireless communications processor, wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain from the secure ROM and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment; in response to a command to update data, generating a session key; encrypting the session key using a storage key that is derived from a unique identifier (UID) uniquely identifying the wireless communications processor; generating a recovery blob having embedded therein the session key encrypted by the storage key; encrypting the session key using a public key of a public/private key pair; transmitting the recovery blob and the session key encrypted by the public key to an authorization server, wherein the authorization server is configured to recover the session key by decrypting the session key using a private key of the public/private key pair; in response to data encrypted by the session key and a recovery blob downloaded from a provisioning server, recovering the session key from the recovery blob by decrypting the recovery blob using the storage key; recovering the data by decrypting encrypted data using the session key; and storing the data in the non-volatile storage device.
-
-
14. A non-transitory machine-readable storage medium having instructions stored therein, which when executed by a machine, cause the machine to perform a method for operating a portable device, the method comprising:
-
in response to a boot command, executing a read-only memory (ROM) boot loader from a secure ROM of a wireless communications processor, wherein the ROM boot loader initializes hardware associated with wireless communications processor of the portable device; establishing, by the ROM boot loader, a communication link with an application processor of the portable device over an internal bus that couples the wireless communications processor with the application processor; fetching, by the ROM boot loader, a boot code image from a non-volatile storage device over the communication link, wherein the non-volatile storage device is associated with and accessed by the application processor via a first operating system (OS) executed within a first random-access memory (RAM) associated with the application processor; authenticating, by the ROM boot loader, the boot code image; and upon having successfully authenticated the boot code image, the ROM boot loader launching the boot code image into a second RAM associated with the wireless communications processor to establish a second OS for the wireless communications processor, wherein the boot code image includes a first boot code segment and a second boot code segment that are signed by a chain of digital certificates, wherein the ROM boot loader is configured to authenticate the first boot code segment using a first of the digital certificates in the chain from the secure ROM and to execute the first boot code segment, and wherein the first boot code segment, when executed by the ROM boot loader, is configured to fetch the second boot code segment from the non-volatile storage device, to authenticate the second boot code segment using a second of the digital certificates in the chain, and to load the second boot code segment, wherein the boot code image is authenticated by the ROM boot loader using a digital certificate stored in the secure ROM, wherein the digital certificate is derived from a unique identifier (UID) that uniquely identifies the wireless communications processor; and in response to a command for accessing the non-volatile storage device, encrypting and decrypting data to and from the non-volatile storage device over the communications link, using the storage key. - View Dependent Claims (15)
-
-
16. A machine-implemented method for operating a portable device, the method comprising:
-
in response to a command to update a software component for the portable device, generating a session key; encrypting the session key using a storage key that is derived from a unique identifier (UID) uniquely identifying the portable device; generating a recovery blob having embedded therein the session key encrypted by the storage key; encrypting the session key using a public key of a public/private key pair; transmitting the recovery blob and the session key encrypted by the public key to an authorization server, wherein the authorization server is configured to recover the session key by decrypting the session key using a private key of the public/private key pair; in response to a software component and a recovery blob downloaded from a provisioning server, recovering the session key from the recovery blob by decrypting the recovery blob using the storage key, wherein the software component is encrypted by the session key which is received by the provisioning server from the authorization server; and recovering the software component by decrypting encrypted software component using a session key that is recovered from the recovery blob, wherein the software component is to be installed in the portable device. - View Dependent Claims (17)
-
Specification