Method of verifying integrity of electronic device, storage medium, and electronic device
First Claim
Patent Images
1. A method of verifying integrity of an electronic device, the method comprising:
- instantiating a normal world virtual processor and a secure world virtual processor for the electronic device;
executing an integrity verification agent within a domain of the secure world virtual processor;
intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
verifying, by the integrity verification agent, the intercepted operation,wherein the verifying of the intercepted operation includes;
obtaining a verification table for the kernel module;
calculating a hash value of the kernel module; and
comparing the calculated hash value of the kernel module with a corresponding hash value stored in the verification table; and
loading the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein are techniques for verifying the integrity of an electronic device. A normal world virtual processor and a secure world virtual processor are instantiated. An integrity verification agent is executed by the secure world virtual processor. A kernel operation attempted by the normal world virtual processor is intercepted by the secure world virtual processor.
-
Citations
17 Claims
-
1. A method of verifying integrity of an electronic device, the method comprising:
-
instantiating a normal world virtual processor and a secure world virtual processor for the electronic device; executing an integrity verification agent within a domain of the secure world virtual processor; intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and verifying, by the integrity verification agent, the intercepted operation, wherein the verifying of the intercepted operation includes; obtaining a verification table for the kernel module; calculating a hash value of the kernel module; and comparing the calculated hash value of the kernel module with a corresponding hash value stored in the verification table; and loading the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An electronic device for performing integrity verification, comprising:
-
a normal world virtual processor to execute a normal world operating system; a secure world virtual processor to; execute an integrity verification agent; intercept an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and verify, using the integrity verification agent, the intercepted operation, wherein the secure world virtual processor is configured to; obtain a verification table for the kernel module; calculate a hash value of the kernel module; and compare the calculated hash value of the kernel module wilt a corresponding hash value stored in the verification tablet; load the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.
-
-
17. A non-transitory computer-readable medium which upon execution instructs at least one processor to:
-
instantiate a normal world virtual processor and a secure world virtual processor for an electronic device; execute an integrity verification agent within a domain of the secure world virtual processor; intercept, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and verity, by the integrity verification agent, the intercepted operation, wherein the at least one processor is configured to; obtain a verification table for the kernel module; calculate a hash value of the kernel module; and compare the calculated hash value of the kernel module with a corresponding hash value stored in the verification table, and load the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.
-
Specification