Systems and methods for updating a secure boot process on a computer with a hardware security module

US 20060161784A1
Filed: 01/14/2005
Published: 07/20/2006
Est. Priority Date: 01/14/2005
Status: Active Grant

First Claim

Patent Images

1. A computer readable medium bearing instructions for a computer, said computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values match the recorded values, said computer readable medium comprising:

instructions for securely booting a computer, comprising;

instructions for measuring data involved in a boot process;

instructions for submitting a measurement of said data to the HSM;

instructions for requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;

instructions for updating said data involved in a boot process, comprising;

instructions for measuring updated data involved in the boot process;

instructions for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

Citations

20 Claims

1. A computer readable medium bearing instructions for a computer, said computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values match the recorded values, said computer readable medium comprising:
- instructions for securely booting a computer, comprising;
  
  instructions for measuring data involved in a boot process;
  
  instructions for submitting a measurement of said data to the HSM;
  
  instructions for requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;
  
  instructions for updating said data involved in a boot process, comprising;
  
  instructions for measuring updated data involved in the boot process;
  
  instructions for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable medium of claim 1 wherein the HSM is a Trusted Platform Module (TPM).
  - 3. The computer readable medium of claim 1 wherein the data is at least one of a software and a data component.
  - 4. The computer readable medium of claim 1 wherein said instructions for measuring data comprise instructions for computing a hash of the data.
  - 5. The computer readable medium of claim 1 wherein said instructions for submitting a measurement comprise instructions for extending a platform configuration register (PCR)
  - 6. The computer readable medium of claim 1 wherein the instructions for restricting access to the secret use an anticipated measurement of the updated data.
  - 7. The computer readable medium of claim 1 further comprising instructions for rebooting the computer.

8. A method for recovering a secure computer boot process on a computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said method comprising:
- securely booting a computer, comprising;
  
  measuring data involved in a boot process;
  
  submitting a measurement of said data to the HSM;
  
  requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;
  
  updating said data involved in a boot process, comprising;
  
  measuring updated data involved in the boot process;
  
  restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the HSM is a Trusted Platform Module (TPM).
  - 10. The method of claim 8 wherein the data is a software component.
  - 11. The method of claim 8 wherein said measuring data comprises computing a hash of the data.
  - 12. The method of claim 8 wherein said submitting a measurement comprises extending a platform configuration register (PCR)
  - 13. The method of claim 8 wherein an anticipated measurement is used when sealing the secret to a measurement of said updated data.
  - 14. The method of claim 8 further comprising rebooting the computer.

15. A computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer comprising:
- means for securely booting a computer, comprising;
  
  means for measuring data involved in a boot process;
  
  means for submitting a measurement of said data to the HSM;
  
  means for requesting a secret from the HSM, wherein said means for securely booting a computer cannot successfully complete a normal boot operation without said secret;
  
  means for updating said data involved in a boot process, comprising;
  
  means for measuring updated data involved in the boot process;
  
  means for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer of claim 15 wherein the HSM is a Trusted Platform Module (TPM).
  - 17. The computer of claim 15 wherein the data is a software component.
  - 18. The computer of claim 15 wherein said means for measuring data comprise means for computing a hash of the data.
  - 19. The computer of claim 15 wherein said means for submitting a measurement comprise means for extending a platform configuration register (PCR)
  - 20. The computer of claim 15 further comprising means for rebooting the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schwartz, Jonathan, England, Paul, Ray, Kenneth D., Thom, Stefan, Hunter, Jamie, Schwartz, James Anthony Jr., Humphries, Russell

Granted Patent

US 8,028,172 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/575 Secure boot

Systems and methods for updating a secure boot process on a computer with a hardware security module

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for updating a secure boot process on a computer with a hardware security module

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links