System and method for trusted early boot flow

US 7,752,428 B2
Filed: 03/31/2005
Issued: 07/06/2010
Est. Priority Date: 03/31/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A platform comprising:

a processor having a private key, the processor to communicatively couple to firmware comprising a first authenticated code (AC) module that includes a header, instruction code, data, and a public key,wherein the public and private key allow (i) the first AC module to be trusted in execution during initialization prior to launch of an operating system, (ii) replacing a first hardware component, coupled to the platform, with a second hardware component via hot plugging after initialization of the platform; and

(iii) authenticating and loading a second AC module, corresponding to the hot plugged component, without rebooting the platform,wherein the processor architecture comprises an extensible firmware interface (EFI).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, the invention involves extending trusted computing environments to the boot firmware. In at least one embodiment, the present invention is intended to enable the trusted environment to be extended forward to the pre-boot environment in addition to post-OS load environment. Embodiments of the present invention enable the trusted environment to extend to the firmware at power-on. The firmware is integrated within the secure perimeter which was previously only available to the OS. In other words, the BIOS is made to be a trusted entity, as well as the OS. Extensible firmware interface (EFI) modules are signed with a public key. The processor has an embedded private key. EFI modules are verified using the keys to ensure a trusted environment from boot to OS launch. Other embodiments are described and claimed.

26 Citations

View as Search Results

18 Claims

1. A platform comprising:
- a processor having a private key, the processor to communicatively couple to firmware comprising a first authenticated code (AC) module that includes a header, instruction code, data, and a public key,wherein the public and private key allow (i) the first AC module to be trusted in execution during initialization prior to launch of an operating system, (ii) replacing a first hardware component, coupled to the platform, with a second hardware component via hot plugging after initialization of the platform; and
  
  (iii) authenticating and loading a second AC module, corresponding to the hot plugged component, without rebooting the platform,wherein the processor architecture comprises an extensible firmware interface (EFI).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The platform as recited in claim 1, wherein the first AC module includes a firmware file header;
    - an optional name;
      
      an image section; and
      
      an optional dependency expression section.
  - 3. The platform as recited in claim 1, wherein the private key is embedded in the processor.
  - 4. The platform as recited in claim 1, further comprising:
    - processor microcode to load an AC module manager upon boot up, the AC module manager to load a pre-EFI (PEI) foundation and commence dispatch of one or more AC modules including the first AC module.
  - 5. The platform as recited in claim 4, wherein the AC module manager is a security (SEC) module.
  - 6. The platform as recited in claim 5, wherein the SEC module is to be loaded into cache as random access memory (CRAM), the cache to be coupled to the processor.
  - 7. The platform as recited in claim 4, wherein a first security management extension (SMX) instruction is to be executed prior to loading the AC module manager, and wherein the first SMX instruction allows an AC module to be authenticated using the public and private keys.
  - 8. The platform as recited in claim 7, wherein a second SMX instruction is to be executed by an AC module to allow execution to resume by the AC module manager or one of the one or more AC modules.
  - 9. The platform as recited in claim 1, wherein platform initialization occurs during a pre-EFI (PEI) initialization stage of boot up, the pre-EFI initialization stage comprising initialization of the processor, platform chipset and platform motherboard, and wherein PEI comprises execution of one or more AC modules including the first AC module, the AC modules being authenticated by the public and private keys, and wherein PEI ensures a trusted environment through loading of a trusted operating system.
  - 10. The platform as recited in claim 9, wherein the firmware services initialized during PEI are trusted by the trusted operating system.

11. A method for enabling a trusted environment in a platform comprising:
- authenticating a first authenticated code (AC) module, during initialization of a platform prior to launch of an operating system, using a private key embedded in a processor on the platform and a public key encoded within the first AC module, wherein the first authenticated AC module ensures trusted platform firmware services are available to a trusted operating system;
  
  loading the first authenticated AC module to perform an initialization task;
  
  replacing a first hardware component, coupled to the platform, with a second hardware component via hot plugging after initialization of the platform;
  
  authenticating and loading a second AC module, corresponding to the hot plugged component, without rebooting the platform; and
  
  initializing the hot plugged component without rebooting the platform;
  
  wherein the platform comprises an extensible firmware interface (EFI) architecture.
- View Dependent Claims (12, 13, 17, 18)
- - 12. The method as recited in claim 11, wherein authenticating and loading of the first and second AC modules is allowed by security management extension (SMX) instructions implemented in the platform'"'"'s instruction set architecture (ISA).
  - 13. The method as recited in claim 12, further comprising:
    - when the platform has multiple processors, issuing a first SMX instruction by an initiating logical processor (ILP) to suspend operations by one or more responding logical processors (RLPs);
      
      when the platform has multiple processors, responding by the RLPs to indicate that the issued SMX instruction has been acknowledged prior to loading authenticated AC modules;
      
      launching an authenticated and loaded AC module comprising a PEI core module;
      
      repeating the authenticating, loading and launching for successive AC modules until PEI initialization succeeds or fails;
      
      when PEI initialization succeeds, issuing a second SMX instruction by an initiating logical processor (ILP) to resume and join operations by the one or more RLPs; and
      
      when the PEI initialization fails, aborting boot up of the platform.
  - 17. The method of claim 11 including replacing the first authenticated AC module with the second authenticated AC module.
  - 18. The method of claim 11 including replacing the first authenticated AC module, which includes previously authenticated BIOS code, with the second authenticated AC module.

14. A non-transitory machine accessible medium having instructions that when executed cause the machine to:
- authenticate a first authenticated code (AC) module, during initialization of a platform prior to launch of an operating system, using a private key embedded in a processor on the machine and a public key encoded within the first AC module;
  
  load the first authenticated AC module to perform an initialization task,authenticate and load a second AC module without rebooting the platform, the second AC module corresponding to a second hardware component that is to replace a first hardware component, coupled to the platform, via a hot plug procedure to be performed after initialization of the platform;
  
  wherein the machine comprises an extensible firmware interface (EFI) architecture.
- View Dependent Claims (15, 16)
- - 15. The machine accessible medium as recited in claim 14, wherein authenticating and loading of the one or more AC modules is enabled by security management extension (SMX) instructions implemented in the machine'"'"'s instruction set architecture (ISA).
  - 16. The machine accessible medium as recited in claim 15, further comprising instructions that when executed cause the machine to:
    - when the platform has multiple processors, issue a first SMX instruction by an initiating logical processor (ILP) to suspend operations by one or more responding logical processors (RLPs);
      
      when the platform has multiple processors, respond by the RLPs to indicate that the issued SMX instruction has been acknowledged prior to loading authenticated AC modules;
      
      launch an authenticated and loaded AC module comprising a PEI core module;
      
      repeat the authenticating, loading and launching for successive AC modules until PEI initialization succeeds or fails;
      
      when PEI initialization succeeds, issue a second SMX instruction by an initiating logical processor (ILP) to resume and join operations by the one or more RLPs; and
      
      when the PEI initialization fails, abort boot up of the platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent J., Rothman, Michael A., Datta, Shamanna M.
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/096,832
Publication Number

US 20060224878A1
Time in Patent Office

1,923 Days
Field of Search

713/2, 713/164, 713/165, 713/170, 713/189, 713/193, 713/194, 713/168, 713/176, 713/167
US Class Current

713/2
CPC Class Codes

G06F 21/575   Secure boot

H04L 9/32   including means for verifyi...

H04L 9/3234   involving additional secure...

System and method for trusted early boot flow

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for trusted early boot flow

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links