System and method to secure boot both UEFI and legacy option ROM's with common policy engine

US 8,694,761 B2
Filed: 12/31/2008
Issued: 04/08/2014
Est. Priority Date: 12/31/2008
Status: Active Grant

First Claim

Patent Images

1. A system for securely booting a platform, comprising:

a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to measure each of a plurality of images to be loaded during boot of the platform and to calculate and provide hash values for each of the images to a policy engine executing on the processor, wherein at least one of the plurality of images to be loaded during boot of the platform conforms to a unified extensible firmware interface image format and wherein at least another of the plurality of images to be loaded during boot of the platform conforms to a legacy image format;

the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of the plurality of images to be loaded during boot of the platform based, at least in part, on the hash values, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.

Citations

24 Claims

1. A system for securely booting a platform, comprising:
- a processor coupled to a memory store and communicatively coupled to a trusted platform module component, the trusted platform module to measure each of a plurality of images to be loaded during boot of the platform and to calculate and provide hash values for each of the images to a policy engine executing on the processor, wherein at least one of the plurality of images to be loaded during boot of the platform conforms to a unified extensible firmware interface image format and wherein at least another of the plurality of images to be loaded during boot of the platform conforms to a legacy image format;
  
  the policy engine communicatively coupled to a certificate database stored in the memory store, wherein the policy engine is configured to authenticate each of the plurality of images to be loaded during boot of the platform based, at least in part, on the hash values, and when an image is not authenticated, the policy engine to prohibit the unauthenticated image from being loaded and launched during boot.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as recited in claim 1, wherein the certificate database is configured according to a platform policy and comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 3. The system as recited in claim 2, wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key, wherein the policy engine is configured to match the public key with an image identifier signature to verify that the image is authorized to be loaded.
  - 4. The system as recited in claim 2, wherein the certificate database comprises:
    - a certificate database header; and
      
      a plurality of certificate lists,wherein each certificate list further comprises;
      
      a certificate list size;
      
      a certificate count;
      
      a certificate type;
      
      a certificate header size;
      
      a certificate size;
      
      a certificate header; and
      
      a plurality of certificates, each certificate having a identifier,wherein each certificate corresponds to an image authorized to be loaded on the platform.
  - 5. The system as recited in claim 1, wherein the policy engine is to be executed during a driver execution environment phase of a boot on a platform conforming to unified extensible interface architecture.
  - 6. The system as recited in claim 1, wherein the plurality of images to be loaded includes an operating system loader.
  - 7. The system as recited in claim 6, wherein when the operating system loader is not authorized, the policy engine to prohibit booting of an operating system.
  - 8. The system as recited in claim 1, wherein an image of the plurality of images comprises one of an option-ROM driver and an operating system loader.
  - 9. The system as recited in claim 1, wherein the certificate database is configured to be initialized and updated by an administrator, wherein administrator authority is to be validated prior to allowing administrator action.
  - 10. The system as recited in claim 9, wherein when an administrator removes policy settings from the certificate database, the policy engine is configured to boot the platform in legacy mode and load all images and drivers without further authentication.

11. A method for securely booting a platform, comprising:
- retrieving a plurality of boot images to be loaded during boot the platform, wherein at least one of the plurality of boot images to be loaded during boot of the platform conforms to a unified extensible firmware interface image format and wherein at least another of the plurality of boot images to be loaded during boot of the platform conforms to a legacy image format;
  
  calculating, by a trust platform module, at least one a hash value for the boot image to be loaded on the platform;
  
  comparing, by a policy engine, the hash value associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform;
  
  when the comparison results in a valid match, allowing the boot image to be loaded on the platform during boot; and
  
  when the comparison results in a failed match, then disallowing the image to be loaded on the platform, during boot, and recording, by a trusted platform manager, said failure and platform status information associated with said failure.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method as recited in claim 11, further comprising executing the policy engine during a driver execution environment phase of boot on the platform, wherein the platform conforms to a unified extensible interface architecture.
  - 13. The method as recited in claim 11, when the image to be loaded is an operating system loader and the comparison to the certificate database fails, prohibiting launch of an operating system on the platform.
  - 14. The method as recited in claim 11, further comprising:
    - before initiating a full boot of the platform,validating authority of an administrator; and
      
      configuring the certificate database by initialization or update by the administrator when the administrator has valid authority.
  - 15. The method as recited in claim 14, wherein when the initializing comprises removing policy settings from the certificate database, booting the platform in legacy mode and loading all images and drivers without further authentication.
  - 16. The method as recited in claim 11, further comprising:
    - configuring the certificate database according to a platform policy, wherein the certificate database comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 17. The method as recited in claim 16, further comprising matching a public key in a certificate with an image identifier signature to verify that the image is authorized to be loaded,wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key.

18. A non-transitory computer readable storage medium having instructions for securely booting a platform stored therein, the instructions when executed on a platform cause the platform to:
- retrieve a plurality of boot images to be loaded during boot the platform, wherein at least one of the plurality of boot images to be loaded during boot of the platform conforms to a unified extensible firmware interface image format and wherein at least another of the plurality of boot images to be loaded during boot of the platform conforms to a legacy image format;
  
  calculating, by a trust platform module, at least one a hash value for the boot image to be loaded on the platform;
  
  comparing, by a policy engine, the hash value associated with the boot image with a certificate in a certificate database stored in memory coupled to the platform;
  
  when the comparison results in a valid match, allow the boot image to be loaded on the platform during boot; and
  
  when the comparison results in a failed match, then disallow the image to be loaded on the platform, during boot, and recording, by a trusted platform manager, said failure and platform status information associated with said failure.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The medium as recited in claim 18, further comprising instructions to execute the policy engine during a driver execution environment phase of boot on the platform, wherein the platform conforms to a unified extensible interface architecture.
  - 20. The medium as recited in claim 18, when the image to be loaded is an operating system loader and the comparison to the certificate database fails, prohibit launch of an operating system on the platform.
  - 21. The medium as recited in claim 18, further comprising instructions to:
    - before initiating a full boot of the platform,validate authority of an administrator; and
      
      configure the certificate database by initialization or update by the administrator when the administrator has valid authority.
  - 22. The medium as recited in claim 21, wherein when the initializing comprises removing policy settings from the certificate database, boot the platform in legacy mode and load all images and drivers without further authentication.
  - 23. The medium as recited in claim 18, further comprising instructions to:
    - configure the certificate database according to a platform policy, wherein the certificate database comprises a plurality of certificates, each certificate corresponding to one of a plurality of images that is permitted to be loaded during platform boot.
  - 24. The medium as recited in claim 23, further comprising instructions to match a public key in a certificate with an image identifier signature to verify that the image is authorized to be loaded,wherein each certificate in the certificate database is associated with an image authorized to be loaded, and the certificate further comprises a public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent, Kumar, Mohan, Natu, Mahesh, Yao, Jiewen, Long, Qin, Cui, Liang
Primary Examiner(s)
YANCHUS III, PAUL B

Application Number

US12/347,834
Publication Number

US 20100169633A1
Time in Patent Office

1,924 Days
Field of Search

713/1, 713/2, 713/100, 713/187, 713/188, 713/189, 713/193
US Class Current

713/1
CPC Class Codes

G06F 21/575 Secure boot

System and method to secure boot both UEFI and legacy option ROM's with common policy engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to secure boot both UEFI and legacy option ROM's with common policy engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links