Updating software
First Claim
1. A method for updating code in an executing environment comprising:
- identifying an updater associated with new chain-of-trust code;
measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system;
installing the new chain-of-trust code into the executing environment;
measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system;
notifying the attestation system that the chain-of-trust code has been updated to a new version;
attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and
in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and
in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention relates to updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred. The installing of the new version of the component comprises: identifying an updater associated with new version of the component; measuring an identifying characteristic of the identified updater; loading and installing the new version of the component; and making both the identifying measurement of the updater and the new version of the component available to the attestation system.
61 Citations
16 Claims
-
1. A method for updating code in an executing environment comprising:
-
identifying an updater associated with new chain-of-trust code; measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system; installing the new chain-of-trust code into the executing environment; measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying the attestation system that the chain-of-trust code has been updated to a new version; attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for updating code in a executing environment comprising:
an attestation system; identifying means configured to identify an updater associated with new chain-of-trust code; measuring means configured to measure an identifying characteristic of the identified updater and making means configured to make the identifying measurement of the updater available to the attestation system; installation means configured to install the new chain-of-trust code into the executing environment; measuring means for measuring an identifying characteristic of the new code and making it available to the attestation system, the measuring means further configured to measure an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying means for notifying the attestation system that chain-of-trust code has been updated to a new version; attesting means configured to attest, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; validating means configured to validate the integrity of the updated chain-of-trust code in the executing environment in response to the attestation means matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater; and invalidating means configured to invalidate the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication, in response to the attestation means not matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against a pre-stored attestation value of the updater. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A system for ensuring an integrity of chain-of-trust code in an executing environment, comprising:
-
a memory having a set of computer readable computer instructions, and a processor for executing the set of computer readable instructions, the set of computer readable instructions including; identifying an updater associated with new chain-of-trust code; measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system; installing the new chain-of-trust code into the executing environment; measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system; notifying the attestation system that the chain-of-trust code has been updated to a new version; attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication. - View Dependent Claims (16)
-
Specification