Memory device with secure boot updates and self recovery
US-2024406008-A1 · Dec 5, 2024 · US
Method for Generating and Executing Encrypted BIOS Firmware and System Therefor
US2016147996A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016147996-A1 |
| Application number | US-201414551745-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 24, 2014 |
| Priority date | Nov 24, 2014 |
| Publication date | May 26, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A firmware image is received at an information handling system. A symmetric key is generated and stored at a trusted platform module (TPM). The firmware image is encrypted using the symmetric key. The encrypted firmware image is stored in a non-volatile memory.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: receiving a firmware image at an information handling system; generating a symmetric key; storing the symmetric key at a trusted platform module (TPM); encrypting the firmware image using the symmetric key; and storing the encrypted firmware image in a non-volatile memory. 2 . The method of claim 1 , further comprising storing the symmetric key sealed to a first TPM platform configuration register (PCR) state. 3 . The method of claim 1 , further comprising storing the symmetric key during a pre extensible firmware interface (PEI) phase of a platform innovation framework for extensible firmware interface (EFI). 4 . The method of claim 1 , wherein a portion of the firmware image that is to be executed during a pre-extensible firmware interface (PEI) phase of a platform innovation framework for extensible firmware interface (EFI) is not encrypted. 5 . The method of claim 1 , further comprising initiating a system boot at the information handling system after receiving the firmware image and before generating the symmetric key. 6 . The method of claim 1 , wherein receiving the firmware image further comprises: storing the firmware image at a memory device; setting a firmware update flag; initiating a boot process at the information handling system; and determining the firmware update flag is set; 7 . The method of claim 1 , further comprising encrypting the firmware image during a driver execution environment (DXE) phase of a platform innovation framework for extensible firmware interface (EFI). 8 . The method of claim 1 , wherein generating the symmetric key further comprises: storing the symmetric key at a memory device; and deleting the symmetric key from memory after encrypting the firmware image. 9 . The method of claim 1 , further comprising: retrieving the symmetric key from the TPM; retrieving the encrypted firmware image from the non-volatile memory; and decrypting the encrypted firmware image using the symmetric key. 10 . The method of claim 9 , wherein retrieving the symmetric key further comprises un-sealing the symmetric key at the TPM based on a current TPM platform configuration register (PCR) state. 11 . A method comprising: initializing a trusted platform module (TPM) and memory at an information handling system; retrieving a symmetric key from the TPM; retrieving an encrypted firmware image from a non-volatile memory; decrypting the encrypted firmware image using the symmetric key; decompressing the decrypted firmware image; measuring the decompressed firmware image to a TPM platform configuration register (PCR); and executing the decompressed firmware image to complete booting of the information handling system. 12 . The method of claim 11 , wherein retrieving the symmetric key further comprises un-sealing the symmetric key based on a current PCR state. 13 . The method of claim 11 , wherein retrieving the symmetric key further comprises: storing the symmetric key in a memory device; and clearing the symmetric key from system the memory device after the decrypting. 14 . An information handling system comprising: a trusted platform module (TPM); a non-volatile memory; and a processor coupled to the TPM and the non-volatile memory, the processor configured to execute instructions to: receive a firmware image at the information handling system; generate a symmetric key; store the symmetric key at the TPM; encrypt the firmware image using the symmetric key; and store the encrypted firmware image in the non-volatile memory. 15 . The information handling system of claim 14 , wherein the processor is further to store the symmetric key sealed to a first TPM platform configuration register (PCR) state. 16 . The information handling system of claim 14 , wherein the processor is further to store the symmetric key during a pre-extensible firmware interface (PEI) phase of a platform innovation framework for extensible firmware interface (EFI). 17 . The information handling system of claim 14 , wherein the processor is further to initiate a system boot at the information handling system after receiving the firmware image and before generating the symmetric key. 18 . The information handling system of claim 14 , wherein the processor is further to encrypt the firmware image during a driver execution environment (DXE) phase of a platform innovation framework for extensible firmware interface (EFI). 19 . The information handling system of claim 14 , wherein the processor is further to: retrieve the symmetric key from the TPM; retrieve the encrypted firmware image from the non-volatile memory; and decrypt the encrypted firmware image using the symmetric key. 20 . The information handling system of claim 19 , wherein retrieving the symmetric key further comprises un-sealing the symmetric key at the TPM based on a current TPM platform configuration register (PCR) state.
Assignees
Inventors
Classifications
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Providing cryptographic facilities or services · CPC title
Secure boot · CPC title
Encoding or coding, e.g. Huffman coding or error correction · CPC title
Protecting data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016147996A1 cover?
- A firmware image is received at an information handling system. A symmetric key is generated and stored at a trusted platform module (TPM). The firmware image is encrypted using the symmetric key. The encrypted firmware image is stored in a non-volatile memory.
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/572. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu May 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).