Trusting an unverified code image in a computing device
First Claim
Patent Images
1. A computer implemented method, comprising:
- executing a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image,wherein said executing includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device;
loading, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier;
in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and
in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.
43 Citations
17 Claims
-
1. A computer implemented method, comprising:
-
executing a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image, wherein said executing includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device; loading, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier; in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor; and a memory configured to store computer executable instructions that, when executed by the processor, cause the processor to; execute a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image, wherein the instructions further cause the processor to disable the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device; load, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier; in response to a request to access device hardware based on the execution of the unverified application code image, execute a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and in response to a determination that the unique identifier is disabled, continue the execution of the unverified application code image without access to the device hardware. - View Dependent Claims (13, 14, 15)
-
-
16. A non-transitory machine-readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to carry out steps that include:
-
executing a trusted code image in the computing device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the computing device, and the unique identifier uniquely identifies the computing device and is used to verify an unverified application code image, wherein said executing the trusted code image includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the computing device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the computing device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting values of device hardware parameters of the device; loading, subsequent to the execution of the trusted code image, the unverified application code image into the computing device for execution without verifying the application code image according to the unique identifier; and in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware. - View Dependent Claims (17)
-
Specification