Systems and methods for updating a secure boot process on a computer with a hardware security module
First Claim
1. A computer readable medium bearing instructions for a computer, said computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values match the recorded values, said computer readable medium comprising:
- instructions for securely booting a computer, comprising;
instructions for measuring data involved in a boot process;
instructions for submitting a measurement of said data to the HSM;
instructions for requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;
instructions for updating said data involved in a boot process, comprising;
instructions for measuring updated data involved in the boot process;
instructions for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
-
Citations
20 Claims
-
1. A computer readable medium bearing instructions for a computer, said computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values match the recorded values, said computer readable medium comprising:
-
instructions for securely booting a computer, comprising;
instructions for measuring data involved in a boot process;
instructions for submitting a measurement of said data to the HSM;
instructions for requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;
instructions for updating said data involved in a boot process, comprising;
instructions for measuring updated data involved in the boot process;
instructions for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for recovering a secure computer boot process on a computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said method comprising:
-
securely booting a computer, comprising;
measuring data involved in a boot process;
submitting a measurement of said data to the HSM;
requesting a secret from the HSM, wherein said instructions for securely booting a computer cannot successfully complete a normal boot operation without said secret;
updating said data involved in a boot process, comprising;
measuring updated data involved in the boot process;
restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer comprising a Hardware Security Module (HSM) that accesses recorded values, compares submitted values to the recorded values, and releases a secret if the submitted values are correct, said computer comprising:
-
means for securely booting a computer, comprising;
means for measuring data involved in a boot process;
means for submitting a measurement of said data to the HSM;
means for requesting a secret from the HSM, wherein said means for securely booting a computer cannot successfully complete a normal boot operation without said secret;
means for updating said data involved in a boot process, comprising;
means for measuring updated data involved in the boot process;
means for restricting access to the secret, wherein the secret may be subsequently obtained by submitting at least a measurement of said updated data to the HSM. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification