Memory device with secure boot updates and self recovery
US-2024406008-A1 · Dec 5, 2024 · US
Trusted boot of a virtual machine
US9721103B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9721103-B2 |
| Application number | US-201313929334-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 27, 2013 |
| Priority date | Jun 29, 2012 |
| Publication date | Aug 1, 2017 |
| Grant date | Aug 1, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, system and program product for performing a trusted boot of a virtual machine comprises the steps of executing, in turn, a series of components of the trusted boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module, and generating a request that the virtual trusted platform module be disabled.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system for performing a trusted boot of a virtual machine, the system comprising a server arranged to: execute, in turn, a series of components of the trusted boot; perform a function on each respective component of the series of components prior to the execution of the respective component when attempting to establish a chain of trust for the series of components; store the output of the functions in a virtual trusted platform module; detect that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module; generate a request that the virtual trusted platform module be disabled; and transmit the generated request to a hypervisor and disable the virtual trusted platform module using a command from the hypervisor. 2. The system according to claim 1 , wherein the system is arranged, when detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module, to wait for a predetermined time period. 3. The system according to claim 1 , wherein the system is arranged, when performing a function on each component prior to the execution of the respective component, to perform a predefined hashing function on the respective component. 4. The system according to claim 1 , wherein the system is arranged, when performing a function on each component prior to the execution of the respective component, to perform the function by the previously loaded component. 5. A computer program product comprising instructions stored on a non-transitory computer readable storage device that are operable for performing a trusted boot of a virtual machine, wherein the instructions are operable when executed by a processor for: executing, in turn, a series of components of the trusted boot; performing a function on each respective component of the series of components prior to the execution of the respective component when attempting to establish a chain of trust for the series of components; storing the output of the functions in a virtual trusted platform module; detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module; generating a request that the virtual trusted platform module be disabled; and transmitting the generated request to a hypervisor and disabling the virtual trusted platform module using a command from the hypervisor. 6. The computer program product according to claim 5 , wherein the instructions for detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module comprise instructions for waiting for a predetermined time period. 7. The computer program product according to claim 5 , wherein the instructions for performing a function on each component prior to the execution of the respective component comprise instructions for performing a predefined hashing function on the respective component. 8. The computer program product according to claim 5 , wherein the instructions for performing a function on each component prior to the execution of the respective component is performed by the previously loaded component. 9. The system according to claim 1 , wherein the server is arranged to generate the request responsive to detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module. 10. The system according to claim 1 , wherein the server is arranged to: execute the hypervisor to supervise a plurality of logical, partitionable runtime environments within the server, reserve a logical partition for a hypervisor-based trusted platform module, and present the hypervisor-based trusted platform module to another logical partition as the virtual trusted platform module. 11. The computer program product according to claim 5 , wherein the request is generated responsive to detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module. 12. The computer program product according to claim 5 , wherein the instructions are operable when executed by the processor for: executing the hypervisor to supervise a plurality of logical, partitionable runtime environments within the server, reserve a logical partition for a hypervisor-based trusted platform module, and present the hypervisor-based trusted platform module to another logical partition as the virtual trusted platform module.
Assignees
Inventors
Classifications
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
involving virtual machines · CPC title
Monitoring or debugging support · CPC title
Hypervisor-specific management and integration aspects · CPC title
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9721103B2 cover?
- A method, system and program product for performing a trusted boot of a virtual machine comprises the steps of executing, in turn, a series of components of the trusted boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has n…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 01 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).