Processing

Please wait...

Settings

Settings

Goto Application

1. WO2017172560 - PROTECTION OF SECURED BOOT SECRETS FOR OPERATING SYSTEM REBOOT

Publication Number WO/2017/172560
Publication Date 05.10.2017
International Application No. PCT/US2017/024219
International Filing Date 27.03.2017
IPC
G06F 21/57 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
CPC
G06F 21/44
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
G06F 21/51
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/575
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
575Secure boot
G06F 21/60
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
G06F 9/4406
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
4401Bootstrapping
4406Loading of operating system
G06F 9/441
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
4401Bootstrapping
4406Loading of operating system
441Multiboot arrangements, i.e. selecting an operating system to be loaded
Applicants
  • MICROSOFT TECHNOLOGY LICENSING, LLC [US]/[US]
Inventors
  • GEFFLAUT, Alain
  • SHEDEL, Andrey
Agents
  • MINHAS, Sandip
  • CHEN, Wei-Chen Nicholas
  • DRAKOS, Katherine J.
  • KADOURA, Judy M.
  • HOLMES, Danielle J.
  • SWAIN, Cassandra T.
  • WONG, Thomas S.
  • CHOI, Daniel
Priority Data
15/085,05430.03.2016US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) PROTECTION OF SECURED BOOT SECRETS FOR OPERATING SYSTEM REBOOT
(FR) PROTECTION DE SECRETS D'AMORÇAGE SÉCURISÉ POUR UN RÉAMORÇAGE DE SYSTÈME D'EXPLOITATION
Abstract
(EN)
Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory.
(FR)
L'invention concerne la protection de secrets d'amorçage sécurisé lors du démarrage d'un système d'exploitation. Des modes de réalisation consistent à démarrer un premier système d'exploitation à l'aide d'une base informatique sécurisée, à protéger une partie de la mémoire de système pour empêcher un accès à la partie de la mémoire de système par le premier système d'exploitation, et à stocker des secrets d'amorçage sécurisé dans la partie protégée de la mémoire de système. Sur la base au moins de l'identification du fait qu'un second système d'exploitation doit être démarré pour remplacer le premier système d'exploitation, les modes de réalisation consistent à configurer une ou plusieurs structures de données de mémoire, comprenant un code du second système d'exploitation, dans la partie protégée de la mémoire de système. La partie protégée de la mémoire de système n'est pas protégée, tout en atténuant les attaques sur la partie de la mémoire de système, et l'état de processeur est réglé de façon à exécuter le code du second système d'exploitation. Le second système d'exploitation démarre en utilisant les secrets d'amorçage sécurisé stockés dans la partie de la mémoire de système.
Latest bibliographic data on file with the International Bureau