Technologies for secure software update using bundles and merkle signatures
US-2017357496-A1 · Dec 14, 2017 · US
Updating software
US10108413B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10108413-B2 |
| Application number | US-201614994110-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 12, 2016 |
| Priority date | Jan 19, 2011 |
| Publication date | Oct 23, 2018 |
| Grant date | Oct 23, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred. The installing of the new version of the component comprises: identifying an updater associated with new version of the component; measuring an identifying characteristic of the identified updater; loading and installing the new version of the component; and making both the identifying measurement of the updater and the new version of the component available to the attestation system.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: establishing, using a hypervisor, a chain of trust for a first set of boot components, wherein the hypervisor represents a trust anchor for the chain of trust; loading, using a boot process, the first set of boot components in the chain of trust; loading, with respect to the set of boot components, an update forming part of the chain of trust during the boot process in an execution environment; notifying an attestation system, by the hypervisor, of the update; detecting, for the set of boot components, a set of boot component measurements including measuring, by the attestation system, the update for an update measurement while preventing the hypervisor from accessing the attestation system; retrieving, by the attestation system, the detected set of boot component measurements for the set of boot components; comparing, by the attestation system, the detected set of boot component measurements for the set of boot components with a set of stored attestation values; determining, by the attestation system and based on comparing the detected set of boot component measurements for the set of boot components with the set of stored attestation values, a pass indication for the update with respect to the set of boot components, the pass indication being responsive to the detected set of boot component measurements matching the set of stored attestation values or a non-matching value of the detected set of boot component measurements being an updater measuring the update measurement and a fail indication being determined where the non-matching value is not an updater measuring the update measurement; responsive to the pass indication, modifying, in a platform configuration register, the set of stored attestation values to include the update measurement while preventing the hypervisor from accessing the attestation system; notifying, by the attestation system, the hypervisor of the pass indication; and performing, by the hypervisor, in response to the pass indication, the update for the set of boot components. 2. A computer system comprising: a hardware processor set; and a computer readable storage medium; wherein: the processor set is structured, located, connected, and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions which, when executed by the processor set, cause the processor set to perform an update for a set of boot components by: establishing, using a hypervisor, a chain of trust for a first set of boot components, wherein the hypervisor represents a trust anchor for the chain of trust; loading, using a boot process, the first set of boot components in the chain of trust; loading, with respect to the set of boot components, an update forming part of the chain of trust during the boot process in an execution environment; notifying an attestation system, by the hypervisor, of the update; detecting, for the set of boot components, a set of boot component measurements including measuring, by the attestation system, the update for an update measurement while preventing the hypervisor from accessing the attestation system; retrieving, by the attestation system, the detected set of boot component measurements for the set of boot components; comparing, by the attestation system, the detected set of boot component measurements for the set of boot components with a set of stored attestation values; determining, by the attestation system and based on comparing the detected set of boot component measurements for the set of boot components with the set of stored attestation values, a pass indication for the update with respect to the set of boot components, the pass indication being responsive to the detected set of boot component measurements matching the set of stored attestation values or a non-matching value of the detected set of boot component measurements being an updater measuring the update measurement and a fail indication being determined where the non-matching value is not an updater measuring the update measurement; responsive to the pass indication, modifying, in a platform configuration register, the set of stored attestation values to include the update measurement while preventing the hypervisor from accessing the attestation system; notifying, by the attestation system, the hypervisor of the pass indication; and performing, by the hypervisor, in response to the pass indication, the update for the set of boot components. 3. A computer program product comprising a non-transitory computer-readable storage medium having a set of instructions stored therein which, when executed by a processor, causes the processor to perform an update for a set of boot components by: establishing, using a hypervisor, a chain of trust for a first set of boot components, wherein the hypervisor represents a trust anchor for the chain of trust; loading, using a boot process, the first set of boot components in the chain of trust; loading, with respect to the set of boot components, an update forming part of the chain of trust during the boot process in an execution environment; notifying an attestation system, by the hypervisor, of the update; detecting, for the set of boot components, a set of boot component measurements including measuring, by the attestation system, the update for an update measurement while preventing the hypervisor from accessing the attestation system; retrieving, by the attestation system, the detected set of boot component measurements for the set of boot components; comparing, by the attestation system, the detected set of boot component measurements for the set of boot components with a set of stored attestation values; determining, by the attestation system and based on comparing the detected set of boot component measurements for the set of boot components with the set of stored attestation values, a pass indication for the update with respect to the set of boot components, the pass indication being responsive to the detected set of boot component measurements matching the set of stored attestation values or a non-matching value of the detected set of boot component measurements being an updater measuring the update measurement and a fail indication being determined where the non-matching value is not an updater measuring the update measurement; responsive to the pass indication, modifying, in a platform configuration register, the set of stored attestation values to include the update measurement while preventing the hypervisor from accessing the attestation system; notifying, by the attestation system, the hypervisor of the pass indication; and performing, by the hypervisor, in response to the pass indication, the update for the set of boot components.
Assignees
Inventors
Classifications
Secure boot · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Version control (security arrangements therefor G06F21/57); Configuration management · CPC title
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Software deployment · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10108413B2 cover?
- This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it avail…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F8/65. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 23 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).