Protecting Application Secrets from Operating System Attacks
US-2016092678-A1 · Mar 31, 2016 · US
Protection of secured boot secrets for operating system reboot
US9779248B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9779248-B1 |
| Application number | US-201615085054-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 30, 2016 |
| Priority date | Mar 30, 2016 |
| Publication date | Oct 3, 2017 |
| Grant date | Oct 3, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory.
First claim
Opening claim text (preview).
What is claimed: 1. A method, implemented at a computer system that includes one or more processors and system memory, for protecting secured boot secrets while starting an operating system, the method comprising: starting a first operating system in reliance on a trusted computing base (TCB), including obtaining one or more secured boot secrets from the TCB that are usable for attesting a security status of the first operating system; protecting a portion of the system memory, including preventing access to the portion of the system memory by the first operating system; storing the one or more secured boot secrets in the protected portion of the system memory; identifying that a second operating system is to be started to replace the first operating system, without performing a full reboot of the computer system; and based at least on identifying that the second operating system is to be started to replace the first operating system, performing at least: configuring one or more memory data structures in the protected portion of the system memory, including loading code of the second operating system in the protected portion of the system memory for starting the second operating system; unprotecting the portion of the system memory, while mitigating attacks on the portion of the system memory; setting a state of the one or more processors to initiate execution of the code of the second operating system to start the second operating system, the second operating system using the one or more secured boot secrets obtained by the first operating system from the TCB and stored in the portion of the system memory for attesting a security status of the second operating system; and re-protecting the portion of the system the memory, including preventing access to the portion of the system memory by the second operating system. 2. The method of claim 1 , wherein protecting the portion of the system memory compromises using a virtualization technology to establish a secured operating environment that is isolated from the first operating system, including using a hypervisor to establish a secure partition between the first operating system and the secured operating environment. 3. The method of claim 2 , wherein the secured operating environment executes a secured kernel that supports at least a subset of an application programming interface (API) of a kernel of the first operating system. 4. The method of claim 2 , wherein the first operating system access one or more services provided by the secured operating environment using one or more application programming interfaces (APIs) provided by the secured operating environment. 5. The method of claim 4 , wherein the first operating system uses the one or more APIs to store the one or more secured boot secrets in the protected portion of the system memory, and to configure the one or more memory data structures in the protected portion of the system memory. 6. The method of claim 1 , wherein configuring the one or more memory data structures in the protected portion of the system memory comprises identifying one or more of: one or more first memory pages of the system memory corresponding to at least one process executing in the first operating system; or one or more second memory pages of the system memory corresponding to memory of at least one virtual machine executing in the first operating system. 7. The method of claim 6 , wherein initiating execution of the code of the second operating system comprises at least one of: allocating the one or more first memory pages to at least one process that executes in the second operating system; or allocating the one or more second memory pages to at least one virtual machine that executes in the second operating system. 8. The method of claim 1 , wherein configuring the one or more memory data structures in the protected portion of the system memory comprises configuring flags designating one or more first memory pages of the system memory as belonging to the first operating system and one or more second memory pages of the system memory as belonging to the protected portion of the system memory, and wherein re-protecting the portion of the system the memory comprises using the flags to allocate the one or more first memory pages to the second operating system and using the flags to allocate the one or more second memory pages to the protected portion of the system memory. 9. The method of claim 1 , wherein configuring code for starting the second operating system in the protected portion of the system memory comprises configuring an operating system loader of the second operating system that relies on the one or more memory data structures. 10. The method of claim 1 , wherein mitigating attacks on the portion of the system memory comprises at least one of blocking direct memory accesses, blocking processor interrupts, or disabling a system management mode. 11. The method of claim 1 , wherein the TCB comprises a trusted platform module (TPM), and wherein at least one of the one or more secured boot secrets is obtained from the TPM. 12. The method of claim 1 , wherein the TCB comprises firmware, and wherein at least one of the one or more secured boot secrets is obtained from the firmware. 13. The method of claim 1 , wherein the second operating system is one of a different version of the first operation system or the same version of the first operating system. 14. A computer system, comprising: one or more processors; system memory; and one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to protect secured boot secrets while starting an operating system, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following: start a first operating system in reliance on a trusted computing base (TCB), including obtaining one or more secured boot secrets from the TCB that are usable for attesting a security status of the first operating system; protect a portion of the system memory, including preventing access to the portion of the system memory by the first operating system; store the one or more secured boot secrets in the protected portion of the system memory; identify that a second operating system is to be started to replace the first operating system, without performing a full reboot of the computer system; and based at least on identifying that the second operating system is to be started to replace the first operating system, perform at least: configure one or more memory data structures in the protected portion of the system memory, including loading code of the second operating system in the protected portion of the system memory for starting the second operating system; unprotect the portion of the system memory, while mitigating attacks on the portion of the system memory; set a state of the one or more processors to initiate execution of the code of the second operating system to start the second operating system, the second operating system using the one or more secured boot secrets obtained by the first operating system from the TCB and stored in the portion of the system memory for attesting a security status of the second operating system; and re-protect the portion of the system the memory, including preventing access to the portion of the system memory by the second operating system. 15. The computer system of claim 14 , wherein protecting the portion of the system memory compromises using a virtua
Assignees
Inventors
Classifications
Multiboot arrangements, i.e. selecting an operating system to be loaded · CPC title
Protecting data · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Program or device authentication · CPC title
Loading of operating system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9779248B1 cover?
- Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/575. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).