Protecting operating system configuration values using a policy identifying operating system configuration settings
US-9256745-B2 · Feb 9, 2016 · US
Platform Secure Boot
US2015121054A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2015121054-A1 |
| Application number | US-201314068102-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 31, 2013 |
| Priority date | Oct 31, 2013 |
| Publication date | Apr 30, 2015 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for securing a boot process on the electronic device using a hardware-based secure processor are provided. The hardware-based secure processor receives a boot instruction. In response to the received boot instruction, the hardware-based secure processor authenticates the boot code in hardware while stalling the processor. Once the boot code is authenticated, the processor is released from the stall and processes the boot code.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system comprising: a hardware-based secure processor configured to: receive a boot instruction; in response to the received boot instruction, authenticate a boot code in hardware while stalling an unsecure processor, wherein the unsecure processor executes the boot code; and release the unsecure processor from the stall once the authentication completes. 2 . The system of claim 1 , wherein the boot instruction is a reset instruction. 3 . The system of claim 1 , wherein the hardware-based secure processor is a cryptographic secure processor. 4 . The system of claim 1 , wherein the hardware-based secure processor is a secure asset management unit. 5 . The system of claim 1 , wherein the hardware-based secure processor is further configured to: authenticate a basic input/output system (BIOS) prior to the unsecure processor executing instructions included in the BIOS. 6 . The system of claim 1 , further comprising: an on-chip memory configured to initialize the unsecure processor in response to the boot instruction, wherein the on-chip memory is located within an integrated circuit that includes the unsecure processor. 7 . The system of claim 1 , further comprising: an off-chip memory configured to store the boot code, wherein the off-chip memory is located outside of an integrated circuit that includes the unsecure processor. 8 . The system of claim 1 , further comprising: an off-chip memory configured to store a secure processor firmware, wherein the secure processor firmware initializes the hardware based secure processor and causes the hardware based secure processor to load and authenticate the boot code and wherein the off-chip memory is located outside of an integrated circuit that includes the unsecure processor. 9 . The system of claim 1 , wherein the hardware-based secure processor is further configured to decrypt or decompress off-chip code executable on the unsecure processor, and wherein the unsecure processor executes the off-chip code subsequent to the decryption or decompression of the off-chip code. 10 . The system of claim 9 , wherein the hardware-based secure processor authenticates the off-chip code and not the encryption of the off-chip code based on a root-of-trust embedded in an electronic fuse (eFUSE). 11 . A method comprising: receiving a boot instruction; and in response to the received boot instruction, authenticating a boot code using a hardware-based secure processor while stalling an unsecure processor that executes the boot code; and releasing the unsecure processor from the stall once the authentication completes, wherein the released unsecure processor executes the boot code. 12 . The method of claim 11 , wherein the boot instruction is a reset instruction. 13 . The method of claim 11 , wherein the hardware-based secure processor is a cryptographic secure processor. 14 . The method of claim 11 , wherein the hardware-based secure processor is a secure asset management unit. 15 . The method of claim 11 , further comprising: authenticating a basic input/output system (BIOS) prior to the processor executing instructions included in the BIOS. 16 . The method of claim 11 , further comprising: initializing the unsecure processor in response to the boot instruction using an on-chip memory code, wherein the on-chip memory code is stored within an integrated circuit that includes the unsecure processor. 17 . The method of claim 11 , further comprising: storing the boot code in an off-chip memory, wherein the off-chip memory is located outside of an integrated circuit that includes the unsecure processor. 18 . The method of claim 11 , further comprising: initializing, using the secure processor firmware, the hardware-based secure processor; and causing the hardware-based secure processor to load and authenticate the boot code. 19 . The method of claim 11 , further comprising: decrypting or decompressing off-chip code executable on the unsecure processor, using the hardware-based secure processor; and executing, using the unsecure processor the off-chip code subsequent to the decryption or decompression of the off-chip code, wherein the off-chip code is stored in an off-chip memory located outside of an integrated circuit that includes the unsecure processor. 20 . The method of claim 19 , wherein the hardware-based secure processor authenticates the off-chip code and not the encryption of the off-chip code based on a root-of-trust embedded in an electronic fuse (eFUSE).
Assignees
Inventors
Classifications
- G06F21/575Primary
Secure boot · CPC title
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2015121054A1 cover?
- A system and method for securing a boot process on the electronic device using a hardware-based secure processor are provided. The hardware-based secure processor receives a boot instruction. In response to the received boot instruction, the hardware-based secure processor authenticates the boot code in hardware while stalling the processor. Once the boot code is authenticated, the processor is…
- Who is the assignee on this patent?
- Advanced Micro Devices Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 30 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).