Server active management technology (AMT) assisted secure boot
First Claim
Patent Images
1. A system for secure boot on a platform, comprising:
- a host processor coupled with a firmware memory store to store firmware to boot the host processor; and
a second processor on the platform, the second processor communicatively coupled to a secure area of a memory store, the secure area of the memory store being inaccessible to the firmware and other host processor applications, the second processor to retrieve and validate a signature key from the secure area to control image loading during boot the second processor has network access for an out-of-band connection, even when the host processor has not yet booted, and the second processor to validate the key when the host processor is not even booted using the out-of-band connection by accessing an active directory listing valid keys on a remote server to determine if the signature key is valid or revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves a system and method relating to secure booting of a platform. In at least one embodiment, the present invention is intended to securely boot a platform using one or more signature keys stored in a secure location on the platform, where access to the signature is by a microcontroller on the platform and the host processor has no direct access to alter the signature key. Other embodiments are described and claimed.
-
Citations
12 Claims
-
1. A system for secure boot on a platform, comprising:
-
a host processor coupled with a firmware memory store to store firmware to boot the host processor; and a second processor on the platform, the second processor communicatively coupled to a secure area of a memory store, the secure area of the memory store being inaccessible to the firmware and other host processor applications, the second processor to retrieve and validate a signature key from the secure area to control image loading during boot the second processor has network access for an out-of-band connection, even when the host processor has not yet booted, and the second processor to validate the key when the host processor is not even booted using the out-of-band connection by accessing an active directory listing valid keys on a remote server to determine if the signature key is valid or revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification