Trusting an unverified code image in a computing device

US 8,826,405 B2
Filed: 09/15/2012
Issued: 09/02/2014
Est. Priority Date: 01/07/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

executing a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image,wherein said executing includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device;

loading, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier;

in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and

in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.

43 Citations

View as Search Results

17 Claims

1. A computer implemented method, comprising:
- executing a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image,wherein said executing includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device;
  
  loading, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier;
  
  in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and
  
  in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising verifying, prior to the executing of the trusted code image, the trusted code image in the device according to the unique identifier stored within the memory of the device, wherein the executing comprises executing the trusted code image in response to successfully verifying the trusted code image.
  - 3. The method of claim 1, wherein the trusted code image is loaded from a provider to set up at least one component of an operating environment of the device, the provider satisfying the predetermined condition.
  - 4. The method of claim 1, further comprising, in response to the determination that the unique identifier is disabled, blocking the access to the device hardware based on a configuration associated with the unique identifier, wherein the memory is a ROM (Read Only Memory), and the configuration is specified according to a diagnostic or testing requirement of the device.
  - 5. The method of claim 4, wherein the configuration is related to a hardware switch of the device.
  - 6. The method of claim 1, wherein the unverified application code image is verified based on the secure code.
  - 7. The method of claim 1, wherein the loading of the unverified application code image comprises loading the unverified application code image in the memory of the device without verifying the unverified application code image according to the unique identifier.
  - 8. The method of claim 7, further comprising executing the unverified application code image for an access to the unique identifier.
  - 9. The method of claim 8, wherein the access to the unique identifier is based on an application programming interface called from the unverified application code image.
  - 10. The method of claim 7, wherein the loading of the unverified application code image comprises:
    - deriving a hash value of the unverified application code image; and
      
      determining whether the unverified application code image is corrupted based on a header value from the unverified application code image and the hash value.
  - 11. The method of claim 1, wherein the unverified application code image comprises diagnostic software for the device.

12. A system comprising:
- a processor; and
  
  a memory configured to store computer executable instructions that, when executed by the processor, cause the processor to;
  
  execute a trusted code image in a device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the device, and the unique identifier uniquely identifies the device and is used to verify an unverified application code image, wherein the instructions further cause the processor to disable the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting one or more values of one or more device hardware parameters of the device;
  
  load, subsequent to the execution of the trusted code image, the unverified application code image into the device for execution without verifying the unverified application code image according to the unique identifier;
  
  in response to a request to access device hardware based on the execution of the unverified application code image, execute a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and
  
  in response to a determination that the unique identifier is disabled, continue the execution of the unverified application code image without access to the device hardware.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the executable instructions further cause the processor to verify, prior to executing the trusted code image, the trusted code image in the device according to the unique identifier stored within the memory of the device, wherein executing the trusted code image comprises executing the trusted code image in response to successfully verifying the trusted code image.
  - 14. The system of claim 12, wherein the trusted code image is loaded from a provider to set up at least one component of an operating environment of the device, the provider satisfying the predetermined condition.
  - 15. The system of claim 12, wherein the executable instructions further cause the processor to, in response to the determination that the unique identifier is disabled, block the access to the device hardware based on a configuration associated with the unique identifier, wherein the memory is a ROM (Read Only Memory), and the configuration is specified according to a diagnostic or testing requirement of the device.

16. A non-transitory machine-readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to carry out steps that include:
- executing a trusted code image in the computing device, wherein the trusted code image comprises a trusted boot image that relates to long term power management associated with the device or a trusted boot image that causes hardware initialization for an operating environment associated with the device, the trusted code image is configured to disable access to a unique identifier stored within a memory of the computing device, and the unique identifier uniquely identifies the computing device and is used to verify an unverified application code image, wherein said executing the trusted code image includes disabling the unique identifier according to a predetermined condition that is preconfigured by a vendor associated with the computing device, wherein the disabling involves preventing the unverified application code image from accessing device hardware of the computing device, and wherein the device hardware is accessed by having the unique identifier enabled and by reading or setting values of device hardware parameters of the device;
  
  loading, subsequent to the execution of the trusted code image, the unverified application code image into the computing device for execution without verifying the application code image according to the unique identifier; and
  
  in response to a request to access the device hardware based on the execution of the unverified application code image, executing a secure code in the memory to determine whether the unique identifier is enabled to grant the request to access the device hardware; and
  
  in response to a determination that the unique identifier is disabled, continuing the execution of the unverified application code image without access to the device hardware.
- View Dependent Claims (17)
- - 17. The non-transitory machine-readable storage medium of claim 16, wherein the steps further include, in response to the determination that the unique identifier is disabled, blocking the access to the device hardware based on a configuration associated with the unique identifier, wherein the memory is a ROM (Read Only Memory), and the configuration is specified according to a diagnostic or testing requirement of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
de Cesare, Joshua, Smith, Michael, De Atley, Dallas Blake, Wright, John Andrew
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US13/621,183
Publication Number

US 20130081124A1
Time in Patent Office

717 Days
Field of Search

726/7, 726/26, 726/30, 726/27, 713/156, 713/193, 713/167, 380/239, 711/E12.001, 711/154
US Class Current

726/7
CPC Class Codes

G06F 21/00 Security arrangements for p...

G06F 21/575 Secure boot

Trusting an unverified code image in a computing device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Trusting an unverified code image in a computing device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links