Basic Input/Output System (BIOS) Security Display
US-2016162689-A1 · Jun 9, 2016 · US
Secure live media boot system
US2017249133A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017249133-A1 |
| Application number | US-201615054630-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 26, 2016 |
| Priority date | Feb 26, 2016 |
| Publication date | Aug 31, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure live media boot system includes a BIOS that is coupled to a storage subsystem and a non-volatile memory system. The BIOS receives an operating system image. Prior to installing an operating system on a computing device using with the operating system image, the BIOS performs a first measurement action on the operating system image to produce a first operating system measurement that it stores in the non-volatile memory system. The BIOS also stores a read-only version of the operating system image on the storage subsystem. The BIOS subsequently receives a request to install the operating system on the computing device and, in response, performs a second measurement action on the operating system image in order to produce a second operating system measurement. If the BIOS determines that the second operating system measurement matches the first operating system measurement, the BIOS installs the operating system on the computing device.
First claim
Opening claim text (preview).
What is claimed is: 1 . A secure live media boot system, comprising: a storage subsystem; a non-volatile memory system; and a Basic Input/Output System (BIOS) that is coupled to the storage subsystem and the non-volatile memory system, wherein the BIOS is configured to: receive an operating system image; perform a first measurement action on the operating system image prior to performing an installation of an operating system associated with the operating system image on a computing device that includes the BIOS, wherein the performance of the first measurement action produces a first operating system measurement; store the first operating system image measurement in the non-volatile memory system; store the operating system image as a read-only operating system image on the storage subsystem; receive a request to install the operating system provided by the operating system image on the computing device subsequent to storing the first operating system image measurement in the non-volatile memory system and, in response, perform a second measurement action on the operating system image in order to produce a second operating system measurement; and determine that the second operating system measurement matches the first operating system measurement and, in response, perform an installation of the operating system associated with the operating system image on the computing device. 2 . The system of claim 1 , wherein each of the first measurement action and the second measurement action include a hash operation. 3 . The system of claim 1 , wherein each of the first measurement action and the second measurement action are performed on all of a plurality of data that provides the operating system image. 4 . The system of claim 1 , wherein the BIOS is configured to: encrypt the read-only operating system image that is stored on the storage subsystem, wherein the performing the installation of the operating system associated with the operating system image on the computing device includes decrypting the read-only operating system image. 5 . The system of claim 1 , wherein the non-volatile memory system includes a Trusted Platform Module that is coupled to the BIOS. 6 . The system of claim 1 , further comprising: at least one external device connector coupled to the BIOS, wherein the BIOS is configured to perform the installation of the operating system associated with the operating system image on the computing device by: creating a Random Access Memory (RAM) drive; copying the operating system image from the storage subsystem to the RAM drive; disabling at least a portion of the storage subsystem and the at least one external device connector from accessing the computing device; and installing the operating system associated with the operating system image on the computing device using the operating system image that was copied to the RAM drive. 7 . An Information Handling System (IHS), comprising: a mass storage device; a non-volatile memory subsystem; an external device connector; and a Basic Input/Output System (BIOS) that is coupled to the mass storage device, the non-volatile memory subsystem, and the external device connector, wherein the BIOS is configured to: receive an operating system image from an external device that is coupled to the external device connector; perform a first measurement action on the operating system image prior to performing an installation of an operating system associated with the operating system image to produce a first operating system measurement; store the first operating system image measurement in the non-volatile memory subsystem; store the operating system image as a read-only operating system image on the mass storage device; receive a request to install the operating system provided by the operating system image subsequent to storing the first operating system image measurement in the non-volatile memory subsystem and, in response, perform a second measurement action on the operating system image in order to produce a second operating system measurement; and determine that the second operating system measurement matches the first operating system measurement and, in response, perform an installation of the operating system associated with the operating system image. 8 . The IHS of claim 7 , wherein each of the first measurement action and the second measurement action include a hash operation. 9 . The IHS of claim 7 , wherein each of the first measurement action and the second measurement action are performed on all of a plurality of data that provides the operating system image. 10 . The IHS of claim 7 , wherein the BIOS is configured to: encrypt the read-only operating system image that is stored on the mass storage device, wherein the performing the installation of the operating system associated with the operating system image includes decrypting the read-only operating system image. 11 . The IHS of claim 7 , wherein the non-volatile memory system includes a Trusted Platform Module that is coupled to the BIOS. 12 . The IHS of claim 7 , wherein the BIOS is configured to perform the installation of the operating system associated with the operating system image by: creating a Random Access Memory (RAM) drive; copying the operating system image from the mass storage device to the RAM drive; disabling the mass storage device and the external device connector; and installing the operating system associated with the operating system image using the operating system image that was copied to the RAM drive. 13 . The IHS of claim 7 , wherein the BIOS is provided by a Unified Extensible Firmware Interface (UEFI). 14 . A method for providing secure live media booting, comprising: receiving, by a Basic Input/Output System (BIOS) through at least one external device connector, an operating system image; performing, by the BIOS prior to performing an installation of an operating system associated with the operating system image on a computing device, a first measurement action on the operating system image to produce a first operating system measurement; storing, by the BIOS in a non-volatile memory subsystem, the first operating system image measurement; storing, by the BIOS on a storage subsystem, the operating system image as a read-only operating system image; receiving, by the BIOS from an input device on the computing device subsequent to storing the first operating system image measurement in the non-volatile memory subsystem, a request to install the operating system provided by the operating system image and, in response, performing a second measurement action on the operating system image in order to produce a second operating system measurement; and determining, by the BIOS, that the second operating system measurement matches the first operating system measurement and, in response, performing an installation of the operating system associated with the operating system image on the computing device. 15 . The method of claim 14 , wherein each of the first measurement action and the second measurement action include a hash operation. 16 . The method of claim 14 , wherein each of the first measurement action and the second measurement action are performed on all of a plurality of data that provides the operating system image. 17 . The method of claim 14 , further comprising: encrypting, by the BIOS, the read-only operating system image that is stored on the storage subsystem, wherein the performing the installation of the operating system associated with th
Assignees
Inventors
Classifications
- G06F8/63Primary
Image based installation; Cloning; Build to order · CPC title
Providing cryptographic facilities or services · CPC title
Boot device selection · CPC title
using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories · CPC title
Secure boot · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017249133A1 cover?
- A secure live media boot system includes a BIOS that is coupled to a storage subsystem and a non-volatile memory system. The BIOS receives an operating system image. Prior to installing an operating system on a computing device using with the operating system image, the BIOS performs a first measurement action on the operating system image to produce a first operating system measurement that it…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F8/63. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Aug 31 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).