Secure recovery apparatus and method

US 9,189,340 B2
Filed: 04/09/2014
Issued: 11/17/2015
Est. Priority Date: 08/16/2011
Status: Active Grant

First Claim

Patent Images

1. A computing device, comprising:

a processor;

a secure read-only location for storing at least one secure boot image; and

a memory including initiation and recovery instructions for initiating a boot cycle of the computing device that, when executed by the processor, cause the computing device to;

initiate loading of a boot image, the boot image including multiple levels of boot code;

determine, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and

in response to determining a respective level of boot code is unusable, stop the boot cycle, load a corresponding secure level of boot code from the secure read-only location, replace the respective level of boot code with the secure level of boot code, and resume the same boot cycle at a last known level of boot code determined to be usable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is disclosed for recovering a boot image from a secure location. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified and a determination is made whether each level is usable by the device. If a level of boot code is determined to be unusable, a secure copy of the boot code is loaded from a secure read-only location to repair the unusable code to launch the computer operating system.

Citations

20 Claims

1. A computing device, comprising:
- a processor;
  
  a secure read-only location for storing at least one secure boot image; and
  
  a memory including initiation and recovery instructions for initiating a boot cycle of the computing device that, when executed by the processor, cause the computing device to;
  
  initiate loading of a boot image, the boot image including multiple levels of boot code;
  
  determine, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and
  
  in response to determining a respective level of boot code is unusable, stop the boot cycle, load a corresponding secure level of boot code from the secure read-only location, replace the respective level of boot code with the secure level of boot code, and resume the same boot cycle at a last known level of boot code determined to be usable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device of claim 1, wherein the instructions, when executed by the processor, further cause the computing device to:
    - load, before stopping the boot cycle, a respective redundant level of boot code, and determining that the redundant level of boot code is unusable, wherein the corresponding secure level of boot code is loaded in response to determining that the redundant level of boot code is unusable.
  - 3. The computing device of claim 1, wherein each of the multiple levels of boot code is verified up from a core trusted piece of boot code.
  - 4. The computing device of claim 1, wherein causing the computing device to determine whether each of the multiple levels of boot code is usable or unusable comprises causing the computing device to check each of the multiple levels of boot code using a cryptographic key.
  - 5. The computing device of claim 1, wherein the instructions, when executed by the processor, further cause the computing device to verify the secure level of boot code.
  - 6. The computing device of claim 1, wherein the secure read-only location comprises an integrated circuit chip located on a system control board associated with the computing device.
  - 7. The computing device of claim 1, wherein the secure read-only location comprises a hidden partition of a storage drive associated with the computing device, the hidden partition being hidden from an operating system of the computing device.
  - 8. The computing device of claim 1, wherein the secure read-only location comprises a host protected area of a solid state drive associated with the computing device.
  - 9. The computing device of claim 1, wherein the secure level of boot code is loaded in response to a user-initiated keystroke.
  - 10. The computing device of claim 1, wherein the instructions, when executed by the processor, further causes the computing device to:
    - restore an operating system to a default state including network accessibility; and
      
      update the operating system of the computing device to a latest version from a remote network source.

11. A computer-implemented method, comprising:
- initiating a boot cycle to load an operating system on a computing device;
  
  verifying a first level of boot code during the boot cycle;
  
  determining, by the computing device, a second level of boot code is unusable during the boot cycle;
  
  in response to determining the second level of boot code is unusable, stopping the boot cycle and obtaining a secure level of boot code from a secure read-only location;
  
  replacing the second level of boot code with the secure level of boot code to repair the boot cycle; and
  
  resuming the same boot cycle at the end of the verified first level of boot code.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer-implemented method of claim 11, further comprising:
    - determining a redundant level of boot code corresponding to the second level of unusable boot code is also unusable before replacing the second level of unusable boot code with the secure level of boot code.
  - 13. The computer-implemented method of claim 11, further comprising:
    - loading a default operating system from a memory medium associated with the computing device using the repaired boot cycle.
  - 14. The computer-implemented method of claim 11, further comprising:
    - verifying each level of boot code up from a core trusted piece of boot code.
  - 15. The computer-implemented method of claim 11, further comprising:
    - performing a verification of each level of boot code using a cryptographic key.
  - 16. The computer-implemented method of claim 11, wherein the secure read-only location comprises an integrated circuit chip located on a system control board associated with the computing device.
  - 17. The computer-implemented method of claim 11, wherein the secure read-only location comprises a hidden partition of a storage drive associated with the computing device, the hidden partition being hidden from an operating system of the computing device.
  - 18. The computer-implemented method of claim 11, wherein the secure read-only location comprises a host protected area of a solid state drive associated with the computing device.
  - 19. The computer-implemented method of claim 11, wherein the secure level of boot code is replaced in response to a user-initiated keystroke.

20. A non-transitory machine-readable medium having machine-executable instructions stored thereon, which when executed by a machine or computer cause the machine or computer to perform a method, comprising:
- initiating an execution of a boot cycle from a memory medium of a computing device, the boot cycle comprising multiple levels of boot code;
  
  determining, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and
  
  in response to determining a respective level of boot code is unusable, stopping the boot cycle, loading a corresponding secure level of boot code from a secure read-only location in the computing device, replacing the respective level of boot code with the secure level of boot code, and resuming the same boot cycle at a last known level of boot code determined to be usable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Tabone, Ryan, Spangler, Randall R.
Primary Examiner(s)
PATEL, KAMINI B

Application Number

US14/249,330
Publication Number

US 20140223163A1
Time in Patent Office

587 Days
Field of Search

714/36, 713/1, 713/2
US Class Current

1/1
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 11/1666   where the redundant compone...

G06F 21/57   Certifying or maintaining t...

G06F 9/4403   Processor initialisation

Secure recovery apparatus and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure recovery apparatus and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links