Secure booting a computing device
First Claim
Patent Images
1. A computer implemented method, comprising:
- executing computer program codes embedded in a secure ROM (read-only memory) of a portable device to verify a first executable code image representing a kernel of an operating system (OS) that provides an operating environment of the portable device, the first executable image being verified by;
extracting a first signature value signed over the first executable image according to a key through hashing and encryption algorithms, the key stored within the secure ROM and uniquely identifying the portable device,determining a second signature value based on the first executable image according to the key through the hashing and encryption algorithms,comparing the first signature value to the second signature value, anddetermining that the first executable image is successfully verified when the first signature value matches the second signature value,wherein the first executable image is stored in a mass storage of the portable device; and
upon successfully verifying the first code image, executing the first executable image in a main memory of the portable device to set up the kernel of the OS in order to establish the operating environment of the portable device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.
-
Citations
9 Claims
-
1. A computer implemented method, comprising:
-
executing computer program codes embedded in a secure ROM (read-only memory) of a portable device to verify a first executable code image representing a kernel of an operating system (OS) that provides an operating environment of the portable device, the first executable image being verified by; extracting a first signature value signed over the first executable image according to a key through hashing and encryption algorithms, the key stored within the secure ROM and uniquely identifying the portable device, determining a second signature value based on the first executable image according to the key through the hashing and encryption algorithms, comparing the first signature value to the second signature value, and determining that the first executable image is successfully verified when the first signature value matches the second signature value, wherein the first executable image is stored in a mass storage of the portable device; and upon successfully verifying the first code image, executing the first executable image in a main memory of the portable device to set up the kernel of the OS in order to establish the operating environment of the portable device. - View Dependent Claims (2, 3)
-
-
4. A machine-readable medium having instructions stored therein, which when executed by a machine, cause a machine to perform a method, the method comprising:
-
executing computer program codes embedded in a secure ROM (read-only memory) of a portable device to verify a first executable code image representing a digital rights management system that controls access to user data of operating system (OS) components, wherein the operating system provides an operating environment of the portable device, the first executable image being verified by; extracting a first signature value signed over the first executable image according to a key through hashing and encryption algorithms, the key stored within the secure ROM and uniquely identifying the portable device, wherein the first executable image is stored in a mass storage of the portable device, determining a second signature value based on the first executable image according to the key through the hashing and encryption algorithms, comparing the first signature value to the second signature value, and determining that the first executable image is successfully verified when the first signature value matches the second signature value; and upon successfully verifying the first code image, executing the first executable image in a main memory of the portable device to control access to user data of the operating system components based upon the key. - View Dependent Claims (5, 6)
-
-
7. A computer implemented method, comprising:
-
executing a first executable code image embedded in a secure ROM (read-only memory) of a device to initialize a mass storage device associated with the device to enable the mass storage device to be accessed, the secure ROM having stored therein a unique identifier (ID) uniquely identifying the device; upon successfully initializing the mass storage device, locating and verifying a second executable image stored within the mass storage device using the unique identifier (ID) embedded within the secure ROM, the second executable image being verified by; extracting a first signature value signed over the second executable image according to the unique identifier through hashing and encryption algorithms, determining a second signature value based on the second executable image according to the unique identifier through the hashing and encryption algorithms, comparing the first signature value to the second signature value, and determining that the second executable image is successfully verified when the first signature value matches the second signature value; upon successfully verifying the second executable image, executing the second executable image to perform low level hardware initialization on the device, wherein, when the second executable image is successfully executed, a third executable image is located and executed, and is configured to verify and load a kernel image of an operating system (OS) for the device, wherein the kernel image, when successfully loaded, initializes and configures a remainder of the OS for the device. - View Dependent Claims (8, 9)
-
Specification