Protected computing environment
First Claim
Patent Images
1. A method of loading a plurality of kernel components to create a secure computing environment within a computing device, the method comprising:
- loading, by a kernel loader of the plurality of kernel components of a kernel of an operating system of the computing device, a protected environment (“
PE”
) management component into the kernel, where the loaded PE management component is operational on the computing device, where the PE management component is one of the plurality of kernel components, and where the kernel loader is operational on the computing device;
validating, by the loaded and operational PE management component, that the operational kernel loader is secure, the validating based on a valid signature of the operational kernel loader;
determining that a debugger is coupled to the computing device; and
determining that a debug credential that corresponds to the debugger indicates that debugging via the debugger is authorized on the computing device with the secure computing environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.
-
Citations
10 Claims
-
1. A method of loading a plurality of kernel components to create a secure computing environment within a computing device, the method comprising:
-
loading, by a kernel loader of the plurality of kernel components of a kernel of an operating system of the computing device, a protected environment (“
PE”
) management component into the kernel, where the loaded PE management component is operational on the computing device, where the PE management component is one of the plurality of kernel components, and where the kernel loader is operational on the computing device;validating, by the loaded and operational PE management component, that the operational kernel loader is secure, the validating based on a valid signature of the operational kernel loader; determining that a debugger is coupled to the computing device; and determining that a debug credential that corresponds to the debugger indicates that debugging via the debugger is authorized on the computing device with the secure computing environment. - View Dependent Claims (2, 3, 4)
-
-
5. A computer comprising:
-
a memory; an operating system including a kernel that includes a plurality of kernel components; a kernel loader configured for loading a protected environment (“
PE”
) management component into the kernel, where the kernel loader and the PE management component are each being one of the plurality of kernel components;the protected environment (“
PE”
) management component configured for validating that the kernel loader is secure based on a valid signature of the operational kernel loader; anda kernel secure flag maintained in the kernel and configured to indicate, in response to the validating, that the computer is allowed to load a trusted application into the memory, and where the kernel secure flag is further configured to indicate, in response to the validating, that the computer is not allowed to load the trusted application into the memory. - View Dependent Claims (6)
-
-
7. At least one storage device that is not a signal per se, the at least one storage device storing computer-executable instruction that, when executed by a computer, cause the computer to perform a method of loading a plurality of kernel components to create a protected environment (“
- PE”
), the method comprising;loading, by a kernel loader of the plurality of kernel components of a kernel of an operating system of the computer, a PE management component into the kernel, where the loaded PE management component is operational on the computer, where the PE management component is one of the plurality of kernel components, and where the kernel loader is operational on the computer; validating, by the loaded and operational PE management component, that the operational kernel loader is secure based on a valid signature of the operational kernel loader; determining that a debugger is coupled to the computer; and determining that a debug credential that corresponds to the debugger indicates that debugging via the debugger is authorized on the computer computing device with the protected environment. - View Dependent Claims (8, 9, 10)
- PE”
Specification