Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Measuring platform components with a single trusted platform module
US9384367B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9384367-B2 |
| Application number | US-201213602449-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 4, 2012 |
| Priority date | Sep 4, 2012 |
| Publication date | Jul 5, 2016 |
| Grant date | Jul 5, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management controller. In some embodiments, a management engine image is validated using a read only memory embedded in a chipset such as a platform controller hub, as the root of trust. Before the baseboard management controller (BMC) is allowed to boot, it must validate the integrity of its flash memory. But the BMC image may be stored in a memory coupled to a platform controller hub (PCH) in a way that it can be validated by the PCH.
First claim
Opening claim text (preview).
What is claimed is: 1. A machine-implemented method comprising: in a platform including a chipset together with a baseboard management controller and a flash memory directly connected to the chipset to store a firmware image, creating a manageability engine to provide isolated computer hardware operating below an operating system; storing code for an innovation engine that enables the integration of the baseboard management controller into the chipset, code for a baseboard management controller and a basic input/output system in said flash memory; and using a single trusted platform module for said chipset, said controller, said basic input/output system and said innovation engine. 2. The method of claim 1 including coupling said chipset and said baseboard management controller using an enhanced serial parallel interface bus. 3. The method of claim 1 including directly connecting a serial parallel interface memory to said chipset to store code for said baseboard management controller. 4. The method of claim 1 including providing a physical trusted platform module directly connected to said chipset. 5. The method of claim 1 including providing a firmware trusted platform module within said chipset. 6. The method of claim 1 including storing code to verify a signature of a management engine in an embedded read only memory in said chipset. 7. The method of claim 1 including using the management engine to verify a signature of an innovation engine. 8. The method of claim 1 including enabling the baseboard management controller to fetch the authenticated firmware via an enhanced serial parallel interface bus. 9. One or more non-transitory computer readable media storing instructions to: storing code for an innovation engine, code for a baseboard management controller and a basic input/output system in a flash memory in a platform including a chipset together with the baseboard management controller and the flash memory directly connected to the chipset to store a firmware images and a manageability engine; and enabling use of a single trusted platform module for said chipset, said controller, said basic input/output system and said innovation engine. 10. The medium of claim 9 further storing instructions to couple said chipset and said baseboard management controller using an enhanced serial parallel interface bus. 11. The medium of claim 9 further storing instructions to directly connect a serial parallel interface memory to said chipset to store code for said baseboard management controller. 12. The medium of claim 9 further storing instructions to directly connect a physical trusted platform module to said chipset. 13. The medium of claim 9 further storing instructions to provide a firmware trusted platform module within said chipset. 14. The medium of claim 9 further storing instructions to provide embedded read only memory in said chipset storing code to verify a signature of a management engine. 15. The medium of claim 9 further storing instructions to use a management engine to verify a signature of an innovation engine. 16. The medium of claim 9 further storing instructions to use a baseboard management controller to fetch authenticated firmware via an enhanced serial parallel interface bus. 17. An apparatus comprising: a chipset; a flash memory directly connected to said chipset to store a firmware image, code for an innovation engine and a basic input/output system; a baseboard management controller coupled to said chipset; and a single trusted platform module for said chipset, said baseboard management controller, said innovation engine and said basic input/output system. 18. The apparatus of claim 17 including a central processing unit coupled to said chipset. 19. The apparatus of a system of claim 17 further including a serial parallel interface flash coupled to said chipset. 20. The apparatus of claim 19 , said serial parallel interface to store a basic input output system, an image for a baseboard management controller, an image for a management engine and an image for an innovation engine. 21. The apparatus of claim 17 including an embedded read only memory in said chipset to verify the signature of a management engine image. 22. The apparatus of claim 17 said chipset coupled to said baseboard management controller via an enhanced serial parallel interface bus. 23. The apparatus of claim 17 , including a serial parallel interface memory connected to said chipset to store code for said baseboard management controller. 24. The apparatus of claim 17 , including a management engine to verify a signature of an innovation engine. 25. The apparatus of claim 17 , said baseboard management controller to fetch authenticated firmware via an enhanced serial parallel interface bus.
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9384367B2 cover?
- In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management control…
- Who is the assignee on this patent?
- Swanson Robert C, Sakthikumar Palsamy, Bulusu Mallik, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).