System and method to manage storage system for startup
US-11630591-B1 · Apr 18, 2023 · US
System and method for startup data verification
US2023112396A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2023112396-A1 |
| Application number | US-202117496066-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 7, 2021 |
| Priority date | Oct 7, 2021 |
| Publication date | Apr 13, 2023 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for providing for trust during startup of an information handling system (IHS) are disclosed. When an IHS starts up, data may be read into memory and used by a processor of the IHS to begin execution of a startup management entity that places the IHS into a desired operating system. To reduce the likelihood of the data used for IHS startup causing the IHS to enter an undesired state (e.g., due to data corruption or intentional action), the data may be verified prior to be being read into memory. If the data is unverifiable, then corrective action may be taken.
First claim
Opening claim text (preview).
What is claimed is: 1 . A computer-implemented method for starting operation of an information handling system, the method comprising: reading, by a management controller of the information handling system, data blocks from a startup data storage, the data blocks comprising an image of a startup management entity for the information handling system and at least one corruption; for a first portion of the data blocks that comprise the at least one corruption, correcting, by the management controller, each data block of the first portion using error correction data to obtain a portion of corrected data blocks without correcting a second portion of the data blocks that do not comprise the at least one corruption based on the error correction data; updating, by the management controller, the data blocks based on the portion of corrected data blocks to obtain updated data blocks stored in the startup data storage, the updated data blocks comprising the image of the startup management entity and not the at least one corruption; determining, by the management controller using the second portion of the data blocks, the portion of corrected data blocks, and verification data, whether the startup management entity is a trusted entity; when the startup management entity is determined as being the trusted entity, initiating, by the management controller, execution of the startup management entity by the information handling system with the updated data blocks in the startup data storage; and when the startup management entity is determined as not being the trusted entity, preventing, by the management controller, the execution of the startup management entity by the information handling system. 2 . The computer-implemented method of claim 1 , further comprising: reading, by the management controller, a version of the data blocks from the startup data storage, the version of the data blocks comprising the image of the startup management entity and not the at least one corruption; performing a cryptographic verification of the data blocks to determine whether the startup management entity is the trusted entity; when the startup management entity is the trusted entity, generating, based on the version of the data blocks, the verification data and the error correction data; and storing the verification data and the error correction data with the management controller. 3 . The computer-implemented method of claim 1 , further comprising: reading, by the management controller, other data blocks from the startup data storage; identifying, by the management controller, a first portion of the other data blocks using second verification data, the verification data being associated with the data blocks and the second verification data being associated with the other data blocks; generating, by the management controller, a restore point based on the first portion of the other data blocks; updating, by the management controller, the second verification data based on the first portion of the other data blocks; and storing the restore point with the management controller. 4 . The computer-implemented method of claim 3 , wherein the other data blocks are used during execution of the startup management entity. 5 . The computer-implemented method of claim 3 , wherein the data blocks comprise immutable data and the other data blocks comprise mutable data. 6 . The computer-implemented method of claim 3 , further comprising: making a second determination, by the management controller, that an attempt to begin execution of the startup management entity failed; in response to the second determination, reverting the other data blocks in the startup data storage with the restore point to obtain reverted other data blocks in the startup data storage; and initiating, by the management controller, execution of the startup management entity by the information handling system with the updated data blocks and the reverted other data blocks in the startup data storage. 7 . The computer-implemented method of claim 1 , wherein reading the data blocks comprises: multiplexing data access to the startup data storage from a processor of the information handling system to the management controller, wherein initiating execution of the startup management entity comprises: multiplexing the data access to the startup data storage from the management controller to the processor, and initiating reading, by the processor, of the startup data storage with the data access to the startup data storage. 8 . The computer-implemented method of claim 1 , wherein determining whether the startup management entity is the trusted entity comprises: performing a hash check of each data block of the second portion of the data blocks against corresponding portions of the verification data; and performing a hash check of each data block of the portion of corrected data blocks against corresponding portions of the verification data. 9 . The computer-implemented method of claim 1 , wherein the determining whether the startup management entity is the trusted entity is completed without performing a cryptographic verification of the data blocks with cryptographic data stored in the data blocks. 10 . The computer-implemented method of claim 1 , wherein the management controller comprises a computing device that is hosted by the information handling system and operates independently from the information handling system. 11 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for starting operation of an information handling system, the operations comprising: reading, by a management controller of the information handling system, data blocks from a startup data storage, the data blocks comprising an image of a startup management entity for the information handling system and at least one corruption; for a first portion of the data blocks that comprise the at least one corruption, correcting, by the management controller, each data block of the first portion using error correction data to obtain a portion of corrected data blocks without correcting a second portion of the data blocks that do not comprise the at least one corruption based on the error correction data; updating, by the management controller, the data blocks based on the portion of corrected data blocks to obtain updated data blocks stored in the startup data storage, the updated data blocks comprising the image of the startup management entity and not the at least one corruption; determining, by the management controller using the second portion of the data blocks, the portion of corrected data blocks, and verification data, whether the startup management entity is a trusted entity; when the startup management entity is determined as being the trusted entity, initiate, by the management controller, execution of the startup management entity by the information handling system with the updated data blocks in the startup data storage; and when the startup management entity is determined as not being the trusted entity, prevent, by the management controller, the execution of the startup management entity by the information handling system. 12 . The non-transitory machine-readable medium of claim 11 , wherein the operation further comprise: reading, by the management controller, a version of the data blocks from the startup data storage, the version of the data blocks comprising the image of the startup management entity and not the at least one corruption; performing a cryptographic verification of the data blocks to determine whether t
Assignees
Inventors
Classifications
Secure boot · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
- G06F11/1417Primary
Boot up procedures · CPC title
Remedial or corrective actions (recovery from an exception in an instruction pipeline G06F9/3861; by retry G06F11/1402; for recovering from a failure of a protocol instance or entity H04L69/40) · CPC title
- G06F11/3604Primary
Analysis of software for verifying properties of programs (testing of software G06F11/3668) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2023112396A1 cover?
- Methods, systems, and devices for providing for trust during startup of an information handling system (IHS) are disclosed. When an IHS starts up, data may be read into memory and used by a processor of the IHS to begin execution of a startup management entity that places the IHS into a desired operating system. To reduce the likelihood of the data used for IHS startup causing the IHS to enter …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F11/1417. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 13 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).