System and method for pre-operating system encryption and decryption of data
First Claim
1. An information handling system, comprising:
- a hardware processor;
a memory communicatively coupled to the hardware processor;
an encryption accelerator communicatively coupled to the hardware processor, the encryption accelerator configured to encrypt or decrypt data to perform an encryption or decryption task upon data associated with an input/output operation; and
a basic input/output system (BIOS) communicatively coupled to the hardware processor and having a sealed encryption key and instructions stored thereon, the sealed encryption key issued to the BIOS for use with the encryption accelerator, the instructions configured to, when executed by the hardware processor;
monitor for an input/output operation occurring prior to loading of an operating system into the memory; and
in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator;
unseal the sealed encryption key;
designate a particular one of a plurality of cryptographic hardware or software functions for encrypting or decrypting the data; and
communicate the designation to the encryption accelerator;
wherein the encryption accelerator is configured to;
receive the command and the sealed encryption key from the BIOS;
authenticate the command based on the sealed encryption key; and
perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command.
14 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, an encryption accelerator communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The encryption accelerator may be configured to encrypt or decrypt data in response to a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) monitor for input/output operations occurring prior to loading of an operating system into the memory; and (ii) in response to detection of an input/output operation, communicate a command to the encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation.
-
Citations
9 Claims
-
1. An information handling system, comprising:
-
a hardware processor; a memory communicatively coupled to the hardware processor; an encryption accelerator communicatively coupled to the hardware processor, the encryption accelerator configured to encrypt or decrypt data to perform an encryption or decryption task upon data associated with an input/output operation; and a basic input/output system (BIOS) communicatively coupled to the hardware processor and having a sealed encryption key and instructions stored thereon, the sealed encryption key issued to the BIOS for use with the encryption accelerator, the instructions configured to, when executed by the hardware processor; monitor for an input/output operation occurring prior to loading of an operating system into the memory; and in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator; unseal the sealed encryption key; designate a particular one of a plurality of cryptographic hardware or software functions for encrypting or decrypting the data; and communicate the designation to the encryption accelerator; wherein the encryption accelerator is configured to; receive the command and the sealed encryption key from the BIOS; authenticate the command based on the sealed encryption key; and perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command. - View Dependent Claims (2, 3)
-
-
4. A method for pre-operating system encryption and decryption of data, comprising:
-
loading a sealed encryption key stored in a basic input/output system (BIOS), the sealed encryption key issued to the BIOS for use with an encryption accelerator communicatively coupled to a hardware processor; and loading a program of instructions stored in the BIOS, the program of instructions configured to, when executed by the hardware processor; monitor for an input/output operation occurring prior to loading of an operating system into a memory communicatively coupled to the processor; and in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator to perform an encryption or decryption task upon data associated with the input/output operation based on the sealed encryption key; unseal the sealed encryption key; designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and communicate the designation to the encryption accelerator; wherein the encryption accelerator is configured to; receive the command and the sealed encryption key from the BIOS, authenticate the command based on the sealed encryption key; and perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command. - View Dependent Claims (5, 6)
-
-
7. A non-transitory computer readable medium storing instructions for a basic input/output system (BIOS) for use in an information handling system, the instructions, when executed by a hardware processor, configured to:
-
load a sealed encryption key stored in the BIOS, the sealed encryption key issued to the BIOS for use with an encryption accelerator; monitor for an input/output operation occurring prior to loading of an operating system by the information handling system; and communicate, in response to detection of the input/output operation, a command and the sealed encryption key to the encryption accelerator to perform an encryption or decryption task upon data associated with the input/output operation based on the sealed encryption key; unseal the sealed encryption key; designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and communicate the designation to the encryption accelerator; wherein the encryption accelerator is configured to; receive the command and the sealed encryption key from the BIOS; authenticate the command based on the sealed encryption key; and perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command. - View Dependent Claims (8, 9)
-
Specification