Secure booting a computing device

US 8,254,568 B2
Filed: 01/07/2007
Issued: 08/28/2012
Est. Priority Date: 01/07/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

receiving, by a device, a first code image from a host;

in response to receiving the first code image, executing code stored in a read only memory (ROM) of the device to certify the first code image according to a chain of certificates and based upon a fingerprint of a root certificate stored in the ROM;

deriving, by the device, a signature from the first code image using a key stored within the ROM when the first code image is certified;

signing, by the device, the signature into a first header of the first code image;

loading the first code image into a main memory of the device;

verifying, at the device, the signature in the first header of the loaded first code image using the key stored within the ROM and without using the certificates; and

in response to successfully verifying the signature of the loaded first code image, executing the verified first code image from the main memory of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.

61 Citations

View as Search Results

24 Claims

1. A computer implemented method, comprising:
- receiving, by a device, a first code image from a host;
  
  in response to receiving the first code image, executing code stored in a read only memory (ROM) of the device to certify the first code image according to a chain of certificates and based upon a fingerprint of a root certificate stored in the ROM;
  
  deriving, by the device, a signature from the first code image using a key stored within the ROM when the first code image is certified;
  
  signing, by the device, the signature into a first header of the first code image;
  
  loading the first code image into a main memory of the device;
  
  verifying, at the device, the signature in the first header of the loaded first code image using the key stored within the ROM and without using the certificates; and
  
  in response to successfully verifying the signature of the loaded first code image, executing the verified first code image from the main memory of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the deriving a signature comprises:
    - deriving a hash value from the first code image; and
      
      encrypting the hash value into the signature based on the key.
  - 3. The method of claim 1, further comprising:
    - storing the first code image in the device including the signature in the first header.
  - 4. The method of claim 3, wherein the first code image replaces a second code image stored in the device, the second code image having a second header digitally signing the second code image, wherein when the code fails to verify a signature of the second code image, the method further comprising:
    - deriving a second signature from the second code image using the key, wherein the second signature fails to match the second header.
  - 5. The method of claim 1, wherein the key is configured to uniquely identify the device.
  - 6. The method of claim 1, wherein the device is a portable device.
  - 7. The method of claim 1, wherein the first code image is configured to establish an operating environment for the device.
  - 8. The method of claim 1, wherein the first code image represents a component of a kernel of an operating system (OS), wherein the method further comprises, for each component of the kernel of the OS, repeating verifying and executing code image of each component until all components of the kernel have been verified and executed.

9. A machine-readable non-transitory storage medium having instructions, which when executed by a machine, cause a machine to perform a method, the method comprising:
- receiving, by a device, a first code image from a host;
  
  in response to receiving the first code image, executing code stored in a read only memory (ROM) of the device to certify the first code image according to a chain of certificates and based upon a fingerprint of a root certificate stored in the ROM;
  
  deriving, by the device, a signature from the first code image using a key stored within the ROM when the first code image is certified;
  
  signing, by the device, the signature as a first header of the first code image;
  
  loading the first code image into a main memory of the device;
  
  verifying, at the device, the signature in the first header of the loaded first code image using a key stored within the ROM and without using the certificates; and
  
  in response to successfully verifying the signature of the loaded first code image, executing the verified first code image from the main memory of the device to establish an operating environment for the device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 24)
- - 10. The machine-readable non-transitory storage medium of claim 9, wherein the deriving a signature comprises:
    - deriving a hash value from the first code image; and
      
      encrypting the hash value into the signature based on the key.
  - 11. The machine-readable non-transitory storage medium of claim 9, further comprising:
    - storing the first code image in the device including the signature in the first header.
  - 12. The machine-readable non-transitory storage medium of claim 11, wherein the first code image replaces a second code image stored in the device, the second code image having a second header digitally signing the second code image, wherein when the code fails to verify the second signature of the second code image, the method further comprising:
    - deriving a second signature from the second code image using the key, wherein the second signature fails to match the second header.
  - 13. The machine-readable non-transitory storage medium of claim 9, wherein the key is configured to uniquely identify the device.
  - 14. The machine-readable non-transitory storage medium of claim 9, wherein the device is a portable device.
  - 15. The machine-readable non-transitory storage medium of claim 9, wherein the first code image is configured to establish an operating environment for the device.
  - 16. The machine-readable non-transitory storage medium of claim 9, wherein the first code image represents a component of a kernel of an operating system (OS), wherein the method further comprises, for each component of the kernel of the OS, repeating verifying and executing code image of each component until all components of the kernel have been verified and executed.
  - 24. The electronic device of claim 14, wherein the first code image represents a component of a kernel of an operating system (OS), wherein the method further comprises, for each component of the kernel of the OS, repeating verifying and executing code image of each component until all components of the kernel have been verified and executed.

17. An electronic device, comprising:
- a read only memory (ROM) to store executable code, a key identifying the electronic device, and a fingerprint of a root certificate;
  
  a mass storage;
  
  a main memory; and
  
  a processor coupled to the ROM, the mass storage, and the main memory,wherein the processor is configured to cause the electronic deviceto receive a first code image from a host,to execute, in response to receiving a first code image, the executable code stored in the ROM to certify the first code image according to a chain of certificates and based upon the fingerprint of the root certificate in the ROM,to derive a signature from the first code image using the key stored within the ROM when the first code image is certified;
  
  to sign the signature into a first header of the first code image,to load the first code image from the mass storage into the main memory,to verify the signature in the first header of the loaded first code image using the key, and upon successfully verifying the signature of the first code image according to the first header of the first code image without using the certificates,to execute the verified first code image from the main memory to establish an operating environment of the electronic device.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The electronic device of claim 17, wherein the deriving a signature comprises:
    - deriving a hash value from the first code image; and
      
      encrypting the hash value into the signature based on the key.
  - 19. The electronic device of claim 17, wherein the processor is further configured to store the first code image in the device including the signature in the first header.
  - 20. The electronic device of claim 19, wherein the first code image replaces a second code image stored in the device, the second code image having a second header digitally signing the second code image, wherein when the executable code fails to verify a signature of the second code image, and wherein the processor is further configured to derive a second signature from the second code image using the key, wherein the second signature fails to match the second header.
  - 21. The electronic device of claim 17, wherein the key is configured to uniquely identify the electronic device.
  - 22. The electronic device of claim 17, wherein the electronic device is a portable device.
  - 23. The electronic device of claim 17, wherein the first code image is configured to establish an operating environment for the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Smith, Michael, de Cesare, Joshua, De Atley, Dallas Blake, Wright, John Andrew
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Anderson, Michael D

Application Number

US11/620,689
Publication Number

US 20080165952A1
Time in Patent Office

2,060 Days
Field of Search

713/189, 713/164, 713/1, 713/2, 713/187, 380/28, 380/277, 700/108, 726/7
US Class Current

380/28
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2129   Authenticate client device ...

Secure booting a computing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure booting a computing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links