Secure recovery apparatus and method

US 9,836,606 B2
Filed: 11/10/2015
Issued: 12/05/2017
Est. Priority Date: 08/16/2011
Status: Active Grant

First Claim

Patent Images

1. A computing device, comprising:

one or more processors;

a storage location for storing valid boot code; and

a memory including instructions for initiating a boot cycle at, when executed by one or more processors, cause the computing device to;

initiate loading of multiple portions of boot code;

determine, during the boot cycle, whether each portion of boot code is valid; and

in response to determining a respective portion of boot code is invalid, stop the boot cycle, load a corresponding valid portion of boot code from the storage location, replace the invalid portion of boot code using the valid portion of boot code, and resume the same boot cycle at a last known portion of boot code determined to be valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is disclosed for recovering a boot image. Hardware instructions initiate a loading of a computer operating system on a computing device. During the loading of the operating system, multiple portions of boot code are verified and a determination is made whether each portion is valid. If a portion of boot code is determined to be invalid, a secure portion of the boot code is loaded to repair the invalid code and the loading of the operating system resumed.

30 Citations

View as Search Results

20 Claims

1. A computing device, comprising:
- one or more processors;
  
  a storage location for storing valid boot code; and
  
  a memory including instructions for initiating a boot cycle at, when executed by one or more processors, cause the computing device to;
  
  initiate loading of multiple portions of boot code;
  
  determine, during the boot cycle, whether each portion of boot code is valid; and
  
  in response to determining a respective portion of boot code is invalid, stop the boot cycle, load a corresponding valid portion of boot code from the storage location, replace the invalid portion of boot code using the valid portion of boot code, and resume the same boot cycle at a last known portion of boot code determined to be valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device of claim 1, wherein the instructions, when executed by the one or more processors, further causes the computing device to:
    - load the multiple portions of boot code according to a predetermined sequence of loading; and
      
      determine whether each subsequent portion of boot code is valid based on performing a checksum on each of the multiple portions up from a core portion of boot code.
  - 3. The computing device of claim 1, wherein replacing the invalid portion of boot code using the valid portion of boot code comprises repairing the invalid portion based on the valid portion of boot code, and wherein the instructions, when executed by the one or more processors, further cause the computing device to provide the repaired portion of boot code for execution when the boot cycle is resumed.
  - 4. The computing device of claim 1, wherein the instructions, when executed by the one or more processors, further cause the computing device to:
    - load, before stopping the boot cycle, a respective redundant portion of boot code; and
      
      determine that the redundant portion of boot code is invalid, wherein the corresponding valid portion of boot code is used in response to determining that the redundant level of boot code is invalid.
  - 5. The computing device of claim 1, wherein determining whether each portion of boot code is valid comprises verifying each portion of boot code based on a core trusted portion of boot code.
  - 6. The computing device of claim 1, wherein determining whether each portion of boot code is valid comprises checking each of the multiple portions of boot code using a cryptographic key.
  - 7. The computing device of claim 1, wherein determining whether each portion of boot code is valid comprises determining whether a portion of the boot code is corrupted.
  - 8. The computing device of claim 1, wherein the storage location is a secure read-only location.
  - 9. The computing device of claim 8, wherein the secure read-only location comprises a hidden partition or a host protected area of a storage drive associated with the computing device, or an integrated circuit chip located on a control board associated with the computing device.
  - 10. The computing device of claim 1, wherein the valid portion of boot code is loaded in response to a user-initiated command.

11. A computer-implemented method, comprising:
- initiating, by a computing device, loading of multiple portions of boot code;
  
  determining, by the computing device in connection with the loading of the multiple portions of boot code, whether each portion of boot code is valid; and
  
  in response to determining a respective portion of boot code is invalid, stop the loading of the multiple portions of boot code, load a corresponding valid portion of boot code from a storage location, replace the invalid portion of boot code using the valid portion of boot code, and resume the same loading of the multiple portions of boot code at a last known portion of boot code determined to be valid.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer-implemented method of claim 11, wherein the method further comprises:
    - loading the multiple portions of boot code according to a predetermined sequence of loading; and
      
      determining whether each subsequent portion of boot code is valid based on performing a checksum on each of the multiple portions up from a core portion of boot code.
  - 13. The computer-implemented method of claim 11, wherein replacing the invalid portion of boot code using the valid portion of boot code comprises repairing the invalid portion based on the valid portion of boot code, and wherein the method further comprises providing the repaired portion of boot code for execution when the loading is resumed.
  - 14. The computer-implemented method of claim 11, wherein the instructions, when executed by the processor, further cause the computing device to:
    - load, before stopping the loading, a respective redundant portion of boot code; and
      
      determine that the redundant portion of boot code is invalid, wherein the corresponding valid portion of boot code is used in response to determining that the redundant level of boot code is invalid.
  - 15. The computer-implemented method of claim 11, wherein determining whether each portion of boot code is valid comprises verifying each portion of boot code based on a core trusted portion of boot code.
  - 16. The computer-implemented method of claim 11, wherein determining whether each portion of boot code is valid comprises checking each of the multiple portions of boot code using a cryptographic key.
  - 17. The computer-implemented method of claim 11, wherein determining whether each portion of boot code is valid comprises determining whether a portion of the boot code is corrupted.
  - 18. The computer-implemented method of claim 11, wherein the storagelocation is a secure read-only location.
  - 19. The computer-implemented method of claim 11, wherein the valid portion of boot code is loaded in response to a user-initiated command.

20. A non-transitory machine-readable medium having machine-executable instructions stored thereon, which when executed by a machine or computer cause the machine or computer to perform a method, comprising:
- initiating a loading of an operating system on a computing device;
  
  verifying a first portion of boot code during the loading of the operating system;
  
  determining, by the computing device during the loading of the operating system, that a second portion of boot code is invalid;
  
  in response to determining the second level of boot code is invalid, stopping the loading of the operating system and obtaining a valid portion of boot code from a secure location;
  
  replacing the second portion of boot code with the valid portion of boot code; and
  
  resuming the same loading of the operating system at the verified first portion of boot code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Tabone, Ryan, Spangler, Randall R.
Primary Examiner(s)
Patel, Kamini

Application Number

US14/937,838
Publication Number

US 20160063253A1
Time in Patent Office

756 Days
Field of Search

714 36
US Class Current
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 11/1666   where the redundant compone...

G06F 21/57   Certifying or maintaining t...

G06F 9/4403   Processor initialisation

Secure recovery apparatus and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure recovery apparatus and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links