Digital signing authority dependent platform secret
First Claim
Patent Images
1. A method comprising:
- generating, in a device, a representation of a configuration of a firmware environment of the device;
obtaining a secret of the device; and
generating, based on both the firmware environment configuration representation and the secret of the device, a platform secret such that a same platform secret is generated for firmware environments having different versions of a firmware component.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
-
Citations
20 Claims
-
1. A method comprising:
-
generating, in a device, a representation of a configuration of a firmware environment of the device; obtaining a secret of the device; and generating, based on both the firmware environment configuration representation and the secret of the device, a platform secret such that a same platform secret is generated for firmware environments having different versions of a firmware component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing device comprising:
-
one or more processors; and one or more computer storage media having stored thereon multiple instructions that, when executed by the one or more processors, cause the one or more processors to; obtain, in the computing device, a platform secret generated based at least in part on both a secret of the computing device and a representation of a configuration of a firmware environment of the computing device, the platform secret being usable by an operating system loader of the computing device to generate one or more keys before executing an operating system kernel; and generate, based on the platform secret, one or more keys. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
generating, in a device, a list of authorities that digitally signed firmware components loaded on the device, the list of authorities identifying one or more authorities that digitally signed firmware components that were loaded on the device regardless of which firmware components those one or more authorities digitally signed and regardless of how many firmware components those one or more authorities digitally signed; obtaining a secret of the device; generating, by applying a key derivation function to a combination of both the list of authorities and the secret of the device, a platform secret specific to a particular operating system resulting in different platform secrets being generated for different operating systems despite at least some of the firmware components of the different operating systems being the same; and generating, based on the platform secret, one or more volume keys used to encrypt data on a storage volume of the device.
-
Specification