Secure recovery apparatus and method
First Claim
Patent Images
1. A computing device, comprising:
- a processor;
a secure read-only location for storing at least one secure boot image; and
a memory including initiation and recovery instructions for initiating a boot cycle of the computing device that, when executed by the processor, cause the computing device to;
initiate loading of a boot image, the boot image including multiple levels of boot code;
determine, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and
in response to determining a respective level of boot code is unusable, stop the boot cycle, load a corresponding secure level of boot code from the secure read-only location, replace the respective level of boot code with the secure level of boot code, and resume the same boot cycle at a last known level of boot code determined to be usable.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is disclosed for recovering a boot image from a secure location. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified and a determination is made whether each level is usable by the device. If a level of boot code is determined to be unusable, a secure copy of the boot code is loaded from a secure read-only location to repair the unusable code to launch the computer operating system.
-
Citations
20 Claims
-
1. A computing device, comprising:
-
a processor; a secure read-only location for storing at least one secure boot image; and a memory including initiation and recovery instructions for initiating a boot cycle of the computing device that, when executed by the processor, cause the computing device to; initiate loading of a boot image, the boot image including multiple levels of boot code; determine, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and in response to determining a respective level of boot code is unusable, stop the boot cycle, load a corresponding secure level of boot code from the secure read-only location, replace the respective level of boot code with the secure level of boot code, and resume the same boot cycle at a last known level of boot code determined to be usable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method, comprising:
-
initiating a boot cycle to load an operating system on a computing device; verifying a first level of boot code during the boot cycle; determining, by the computing device, a second level of boot code is unusable during the boot cycle; in response to determining the second level of boot code is unusable, stopping the boot cycle and obtaining a secure level of boot code from a secure read-only location; replacing the second level of boot code with the secure level of boot code to repair the boot cycle; and resuming the same boot cycle at the end of the verified first level of boot code. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable medium having machine-executable instructions stored thereon, which when executed by a machine or computer cause the machine or computer to perform a method, comprising:
-
initiating an execution of a boot cycle from a memory medium of a computing device, the boot cycle comprising multiple levels of boot code; determining, during the boot cycle, whether each of the multiple levels of boot code is usable or unusable; and in response to determining a respective level of boot code is unusable, stopping the boot cycle, loading a corresponding secure level of boot code from a secure read-only location in the computing device, replacing the respective level of boot code with the secure level of boot code, and resuming the same boot cycle at a last known level of boot code determined to be usable.
-
Specification