Secure and reliable bootstrap architecture
DC CAFC
First Claim
1. An architecture for initializing a computer system comprising:
- a processor;
an expansion bus coupled to said processor;
a memory coupled to said expansion bus, said memory storing a system BIOS for execution by said processor upon power up of the computer system;
a plurality of boot components coupled to said expansion bus and accessed by said processor when said system BIOS is executed;
a trusted repository coupled to said expansion bus; and
means for verifying the integrity of said boot components and said system BIOS wherein integrity failures are recovered through said trusted repository.
6 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Integrity is rarely a valid presupposition in many systems architectures, yet it is necessary to make any security guarantees. To address this problem, the present invention discloses a secure bootstrap process, which presumes a minimal amount of integrity. The basic principle is sequencing the bootstrap process as a chain of progressively higher levels of abstraction, and requiring each layer to check a digital signature of the next layer before control is passed to it. A major design decision is the consequence of a failed integrity check. A simplistic strategy is to simply halt the bootstrap process. However, the bootstrap process of the present invention can be augmented with automated recovery procedures which preserve the security properties of the bootstrap process of the present invention under the additional assumption of the availability of a trusted repository. A variety of means by which such a repository can be implemented are disclosed with attention focused on a network-accessible repository. The recovery process is easily generalized to applications other than the bootstrap process of the present invention, such as standardized desktop management and secure automated recovery of network elements such as routers or “Active Network” elements.
550 Citations
7 Claims
-
1. An architecture for initializing a computer system comprising:
-
a processor;
an expansion bus coupled to said processor;
a memory coupled to said expansion bus, said memory storing a system BIOS for execution by said processor upon power up of the computer system;
a plurality of boot components coupled to said expansion bus and accessed by said processor when said system BIOS is executed;
a trusted repository coupled to said expansion bus; and
means for verifying the integrity of said boot components and said system BIOS wherein integrity failures are recovered through said trusted repository. - View Dependent Claims (2, 3)
-
-
4. A method for initializing a computer system comprising the steps of:
-
(1) invoking a Power on Self Test (POST);
(2) verifying the integrity of a system BIOS;
(3) verifving the integrity of a boot component; and
(4) when said boot component fails, recovering said failed boot. - View Dependent Claims (5, 6, 7)
(a) computing a cryptographic hash value for said boot component; and
(b) comparing said cryptographic hash value with a digital signature associated with said boot component stored in a trusted memory location.
-
-
7. The method of claim 4, wherein step (4) employs a secure protocol to obtain a replacement boot component from a trusted repository to replace said failed boot component.
Specification
-
- Resources
-
Current AssigneeRembrandt Patent Innovations, LLC (Rembrandt IP Management, LLC), University of Pennsylvania
-
Original AssigneeTrustees Of The University Of Pennsylvania (University of Pennsylvania)
-
InventorsKeromytis, Angelos D., Smith, Jonathan M., Arbaugh, William A., Farber, David J.
-
Primary Examiner(s)BUTLER, DENNIS
-
Application NumberUS09/165,316Time in Patent Office858 DaysField of Search713/1, 713/2, 713/100, 713/200, 713/201US Class Current713/2CPC Class CodesG06F 11/1417 Boot up proceduresG06F 21/575 Secure bootG06F 2211/1097 Boot, Start, Initialise, Power
