Continuation of trust for platform boot firmware
First Claim
1. A device, comprising:
- a memory module including at least platform boot firmware including a plurality of platform boot firmware files; and
a processing module including a processor configured to load the platform boot firmware when the device is activated, the platform boot firmware causing the processing module to load a hash table, wherein the processing module calculates a hash value for a first platform boot firmware file of the plurality of platform boot firmware files and, upon determining the hash value is in the hash table, proceeding to execute the first platform boot firmware file prior to calculating a subsequent hash value for a subsequent platform boot firmware file of the plurality of platform boot firmware files and, responsive to determining at least one hash value is not in the hash table, denying execution of the respective platform boot firmware file on the processor.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure is directed to continuation of trust for platform boot firmware. A device may comprise a processing module and a memory module including read-only memory (ROM) on which is stored platform boot firmware. On activation, the processing module may load the platform boot firmware. The platform boot firmware may cause the processing module to first load a trusted pre-verifier file to load and verify the signature of a hash table loaded from the platform boot firmware. The processing module may then load firmware program files from the platform boot firmware, calculate a hash for each file, and verify whether each program hash is in the hash table. Firmware program files with hashes in the hash table may be allowed to execute. If any firmware program file hash is not in the hash table, the processing module may perform platform specific security actions to prevent the device from being compromised.
22 Citations
18 Claims
-
1. A device, comprising:
-
a memory module including at least platform boot firmware including a plurality of platform boot firmware files; and a processing module including a processor configured to load the platform boot firmware when the device is activated, the platform boot firmware causing the processing module to load a hash table, wherein the processing module calculates a hash value for a first platform boot firmware file of the plurality of platform boot firmware files and, upon determining the hash value is in the hash table, proceeding to execute the first platform boot firmware file prior to calculating a subsequent hash value for a subsequent platform boot firmware file of the plurality of platform boot firmware files and, responsive to determining at least one hash value is not in the hash table, denying execution of the respective platform boot firmware file on the processor. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
loading a hash table and platform boot firmware files when a device is activated using a processor; calculating a hash value for a first platform boot firmware file; determining whether the hash value for the first platform boot firmware file in the hash table; and responsive to the hash value for the first platform boot firmware file being in the hash table, executing the first platform boot firmware file on the processor prior to calculating a subsequent hash value for a subsequent platform boot firmware file. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. One or more non-transitory machine-readable storage memories having stored thereon, individually or in combination, instructions that when executed by one or more processors result in the following operations comprising:
-
loading a hash table and platform boot firmware files when a device is activated using at least one processor; calculating a hash value for a first platform boot firmware file; determining whether the hash value for the first platform boot firmware file is in the hash table; and responsive to the hash value for the first platform boot firmware file being in the hash table, executing the first platform boot firmware file on the processor prior to calculating a subsequent hash value for a subsequent platform boot firmware file. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification