Firmware verified boot

US 8,812,854 B2
Filed: 10/12/2010
Issued: 08/19/2014
Est. Priority Date: 10/13/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented boot process for a computing system, the boot process comprising:

verifying, by a processor of the computing system, a first encrypted signature corresponding with a first portion of a read-write portion of firmware of the computing system using a first public-key and a first cryptographic hash algorithm, and halting the boot process if the verification of the first encrypted signature fails;

verifying, by the processor, that a key-version of a second public-key is greater than or equal to a corresponding highest key-version observed by the computing system, and halting the boot process if the key-version of the second public-key is less than the highest key-version;

verifying, by the processor, a second encrypted signature corresponding with a second portion of the read-write portion of the firmware using the second public-key and a second cryptographic hash algorithm, and halting the boot process if the verification of the second encrypted signature fails;

verifying, by the processor, a third encrypted signature corresponding with a third portion of the read-write portion of the firmware using the second public-key and the second cryptographic hash algorithm, and halting the boot process if the verification of the third encrypted signature fails;

verifying, by the processor, a fourth encrypted signature corresponding with a first portion of an operating-system kernel using the second public-key and the second cryptographic hash algorithm, and halting the boot process if the verification of the fourth encrypted signature fails; and

verifying, by the processor, a fifth signature corresponding with a second portion of the operating-system kernel using a third public-key and a third cryptographic hash algorithm, and halting the boot process if the verification of the fifth encrypted signature fails.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.

Citations

31 Claims

1. A computer-implemented boot process for a computing system, the boot process comprising:
- verifying, by a processor of the computing system, a first encrypted signature corresponding with a first portion of a read-write portion of firmware of the computing system using a first public-key and a first cryptographic hash algorithm, and halting the boot process if the verification of the first encrypted signature fails;
  
  verifying, by the processor, that a key-version of a second public-key is greater than or equal to a corresponding highest key-version observed by the computing system, and halting the boot process if the key-version of the second public-key is less than the highest key-version;
  
  verifying, by the processor, a second encrypted signature corresponding with a second portion of the read-write portion of the firmware using the second public-key and a second cryptographic hash algorithm, and halting the boot process if the verification of the second encrypted signature fails;
  
  verifying, by the processor, a third encrypted signature corresponding with a third portion of the read-write portion of the firmware using the second public-key and the second cryptographic hash algorithm, and halting the boot process if the verification of the third encrypted signature fails;
  
  verifying, by the processor, a fourth encrypted signature corresponding with a first portion of an operating-system kernel using the second public-key and the second cryptographic hash algorithm, and halting the boot process if the verification of the fourth encrypted signature fails; and
  
  verifying, by the processor, a fifth signature corresponding with a second portion of the operating-system kernel using a third public-key and a third cryptographic hash algorithm, and halting the boot process if the verification of the fifth encrypted signature fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The boot process of claim 1, wherein:
    - the first encrypted signature is generated using the first cryptographic hash algorithm and a private-key corresponding with the first public-key;
      
      the second. encrypted signature is generated using the second cryptographic hash algorithm and a private-key corresponding with the second public-key;
      
      the third encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key;
      
      the fourth encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key; and
      
      the fifth encrypted signature is generated using the third cryptographic hash algorithm and a private-key corresponding with the third public-key.
  - 3. The boot process of claim 1, wherein the second cryptographic algorithm and the third cryptographic algorithm are the same.
  - 4. The boot process of claim 1, wherein the first cryptographic algorithm is stronger than the second cryptographic algorithm and the third cryptographic algorithm.
  - 5. The boot process of claim 1, wherein the first public-key is larger than the second public-key and the third public-key.
  - 6. The boot process of claim 1, wherein the second public-key is larger than the third public-key.
  - 7. The boot process of claim 1, wherein the first public-key is stored in a read-only portion of the firmware.
  - 8. The boot process of claim 1, further comprising:
    - if the verification of the first, second, or third encrypted signatures fails, initiating a recovery process to restore the read-write portion of the firmware to a trusted state.
  - 9. The boot process of claim 1, further comprising:
    - if the verification of the fourth or fifth encrypted signatures fails, initiating a recovery process to restore the operating-system kernel to a trusted state.

10. A computing system comprising one or more machine readable storage media having instructions stored thereon, the instructions, when executed by a processor of the computing system, cause the computing system to:
- verify a first encrypted signature corresponding with a first portion of a read-write portion of firmware of the computing system using a first public-key and a first cryptographic hash algorithm, and halt the boot process if the verification of the first encrypted signature fails;
  
  verify that a key-version of a second public-key is greater than or equal to a corresponding highest key-version observed by the computing system, and halt the boot process if the key-version of the second public-key is less than the highest key-version;
  
  verify a second encrypted signature corresponding with a second portion of the read-write portion of the firmware using the second public-key and a second cryptographic hash algorithm, and halt the boot process if the verification of the second encrypted signature fails;
  
  verify a third encrypted signature corresponding with a third portion of the read-write portion of the firmware using the second public-key and the second cryptographic hash algorithm, and halt the boot process if the verification of the third encrypted signature fails;
  
  verify a fourth encrypted signature corresponding with a first portion of an operating-system kernel using the second public-key and the second cryptographic hash algorithm, and halt the boot process if the verification of the fourth encrypted signature fails; and
  
  verify a fifth encrypted signature corresponding with a second portion of an operating-system kernel using a third public-key and a third cryptographic hash algorithm, and halt the boot process if the verification of the fifth encrypted signature fails.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computing system of claim 10, wherein:
    - the first encrypted signature is generated using the first cryptographic hash algorithm and a private-key corresponding with the first public-key;
      
      the second encrypted signature is generated using the second cryptographic hash algorithm and a private-key corresponding with the second public-key;
      
      the third encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key;
      
      the fourth encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key; and
      
      the fifth encrypted signature is generated using the third cryptographic hash algorithm and a private-key corresponding with the third public-key.
  - 12. The computing system of claim 10, wherein the second cryptographic algorithm and the third cryptographic algorithm are the same.
  - 13. The computing system of claim 10, wherein the first cryptographic algorithm is stronger than the second cryptographic algorithm and the third cryptographic algorithm.
  - 14. The computing system of claim 10, wherein the first public-key is larger than the second public-key and the third public-key.
  - 15. The computing system of claim 10, wherein the second public-key is larger than the third public-key.
  - 16. The computing system of claim 10, wherein the first public-key is stored in a read-only portion of the firmware.
  - 17. The computing system of claim 10, the instructions further causing the computer to:
    - if the verification of the first, second, or third encrypted signatures fails, initiating a recovery process to restore the read-write portion of the firmware to a trusted state.
  - 18. The computing system of claim 10, the instructions further causing the computer to:
    - if the verification of the fourth or fifth encrypted signatures fails, initiating a recovery process to restore the operating-system kernel to a trusted state.

19. A computer-implemented boot process for a computing system, the boot process comprising:
- verifying, by a processor of the computing system, an encrypted signature corresponding with a first portion of a read-write portion of firmware of the computing system using a first public-key and a first cryptographic hash algorithm and halting the boot process if the verification of the encrypted signature corresponding with the first portion of the read only firmware fails;
  
  verifying, by the processor, that a key-version of a second public-key is greater than or equal to a corresponding highest key-version observed by the computing system and halting the boot process if the key-version of the second public-key is less than the highest key-version;
  
  verifying, by the processor, an encrypted signature corresponding with a second portion of the read-write portion of the firmware using the second public-key and a second cryptographic hash algorithm and halting the boot process if the verification of the encrypted signature corresponding with the second portion of the read-write firmware fails;
  
  verifying, by the processor, an encrypted signature corresponding with a first portion of an operating-system kernel using the second public-key and the second cryptographic hash algorithm and halting the boot process if the verification of the encrypted signature corresponding with the first portion of the operating-system kernel fails; and
  
  verifying, by the processor, an encrypted signature corresponding with a second portion of an operating-system kernel using a third public-key and a third cryptographic hash algorithm and halting the boot process if the verification of the encrypted signature corresponding with the second portion of the operating-system kernel fails.
- View Dependent Claims (20, 21, 22)
- - 20. The boot process of claim 19, wherein the first public-key is larger than the second public-key and the third public-key.
  - 21. The boot process of claim 19, wherein the second public-key is larger than the third public-key.
  - 22. The boot process of claim 19, wherein the first public-key is stored in a read-only portion of the firmware.

23. A computer-implemented boot process for a computing system, the boot process comprising:
- verifying, by a processor of the computing system, a first encrypted signature corresponding with a first portion of a read-write portion of firmware of the computing system using a first public-key and a first cryptographic hash algorithm;
  
  if the verification of the first encrypted signature is successful, verifying, by the processor, that a key-version of a second public-key is greater than or equal to a corresponding highest key-version observed by the computing system and halting the boot process if the key-version of the second public-key is less than the highest key-version;
  
  if the key-version of the second public-key is greater than or equal to the highest key-version, verifying, by the processor, a second encrypted signature corresponding with a second portion of the read-write portion of the firmware using the second public-key and a second cryptographic hash algorithm;
  
  if the verification of the second encrypted signature is successful, verifying, by the processor, a third encrypted signature corresponding with a third portion of the read-write portion of the firmware using the second public-key and the second cryptographic hash algorithm;
  
  if the verification of the third encrypted signature is successful, verifying, by the processor, an encrypted signature corresponding with a first portion of an operating-system kernel using the second public-key and the second cryptographic hash algorithm; and
  
  if the verification of the fourth encrypted signature is successful, verifying, by the processor, an encrypted signature corresponding with a second portion of an operating-system kernel using a third public-key and a third cryptographic hash algorithm.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The boot process of claim 23, wherein the first public-key is larger than the second public-key and the third public-key.
  - 25. The boot process of claim 23, wherein the second public-key is larger than the third public-key.
  - 26. The boot process of claim 23, wherein the first public-key is stored in a read-only portion of the firmware.
  - 27. The boot process of claim 23, wherein:
    - the first encrypted signature is generated using the first cryptographic hash algorithm and a private-key corresponding with the first public-key;
      
      the second encrypted signature is generated using the second cryptographic hash algorithm and a private-key corresponding with the second public-key;
      
      the third encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key; and
      
      the fourth encrypted signature is generated using the second cryptographic hash algorithm and the private-key corresponding with the second public-key.
  - 28. The boot process of claim 23, wherein the second cryptographic algorithm and the third cryptographic algorithm are the same.
  - 29. The boot process of claim 23, wherein the first cryptographic algorithm is stronger than the second cryptographic algorithm and the third cryptographic algorithm.
  - 30. The boot process of claim 23, further comprising:
    - if the verification of the first, second, or third encrypted signatures fails, initiating a recovery process to restore the read-write portion of the firmware to a trusted state.
  - 31. boot process of claim 23, further comprising:
    - if the verification of the fourth encrypted signature fails, initiating a recovery process to restore the operating-system kernel to a trusted state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Shah, Gaurav, Drewry, William, Spangler, Randall, Tabone, Ryan, Gwalani, Sumit, Semenzato, Luigi
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
DO, KHANG D

Application Number

US12/903,202
Publication Number

US 20110087872A1
Time in Patent Office

1,407 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

G06F 21/74   operating in dual or compar...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Firmware verified boot

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Firmware verified boot

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links