DE60330627D1 - Verwendung eines Hash beim Starten eines sicheren Betriebssystems - Google Patents

Verwendung eines Hash beim Starten eines sicheren Betriebssystems

Info

Publication number
DE60330627D1
DE60330627D1 DE60330627T DE60330627T DE60330627D1 DE 60330627 D1 DE60330627 D1 DE 60330627D1 DE 60330627 T DE60330627 T DE 60330627T DE 60330627 T DE60330627 T DE 60330627T DE 60330627 D1 DE60330627 D1 DE 60330627D1
Authority
DE
Germany
Prior art keywords
code
preloader
hash
rom
expected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60330627T
Other languages
English (en)
Inventor
Dinarte Morais
Jon Lange
Dan Simon
Ling Tony Chen
Josh D Benaloh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Application granted granted Critical
Publication of DE60330627D1 publication Critical patent/DE60330627D1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/22Microcontrol or microprogram arrangements
    • G06F9/24Loading of the microprogram
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Footwear And Its Accessory, Manufacturing Method And Apparatuses (AREA)
  • Orthopedics, Nursing, And Contraception (AREA)
  • Diaphragms And Bellows (AREA)
  • Hardware Redundancy (AREA)
  • Emergency Protection Circuit Devices (AREA)
  • Exchange Systems With Centralized Control (AREA)
DE60330627T 2002-06-07 2003-06-02 Verwendung eines Hash beim Starten eines sicheren Betriebssystems Expired - Lifetime DE60330627D1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/165,519 US6907522B2 (en) 2002-06-07 2002-06-07 Use of hashing in a secure boot loader

Publications (1)

Publication Number Publication Date
DE60330627D1 true DE60330627D1 (de) 2010-02-04

Family

ID=29549377

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60330627T Expired - Lifetime DE60330627D1 (de) 2002-06-07 2003-06-02 Verwendung eines Hash beim Starten eines sicheren Betriebssystems

Country Status (10)

Country Link
US (2) US6907522B2 (de)
EP (1) EP1369764B1 (de)
JP (1) JP4052978B2 (de)
KR (1) KR100965717B1 (de)
CN (1) CN100492277C (de)
AT (1) ATE453162T1 (de)
AU (1) AU2003204376B2 (de)
DE (1) DE60330627D1 (de)
HK (1) HK1058561A1 (de)
TW (1) TWI292556B (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9824220B2 (en) 2013-03-28 2017-11-21 International Business Machines Corporation Secure execution of software modules on a computer

Families Citing this family (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6675152B1 (en) * 2000-09-13 2004-01-06 Igt Transaction signature
US20020147918A1 (en) * 2001-04-05 2002-10-10 Osthoff Harro R. System and method for securing information in memory
US6902481B2 (en) 2001-09-28 2005-06-07 Igt Decoupling of the graphical presentation of a game from the presentation logic
US7931533B2 (en) 2001-09-28 2011-04-26 Igt Game development architecture that decouples the game logic from the graphics logics
US8708828B2 (en) 2001-09-28 2014-04-29 Igt Pluggable modular gaming modifiers and configuration templates for gaming environments
EP1338939A1 (de) * 2002-02-22 2003-08-27 Hewlett-Packard Company Vorrichtung zur Validierung des Zustandes eines Rechners
US7194626B2 (en) * 2002-11-21 2007-03-20 International Business Machines Corporation Hardware-based secure code authentication
US8140824B2 (en) * 2002-11-21 2012-03-20 International Business Machines Corporation Secure code authentication
FR2849226B1 (fr) * 2002-12-20 2005-12-02 Oberthur Card Syst Sa Procede et dispositif de securisation de l'execution d'un programme informatique.
US8784195B1 (en) 2003-03-05 2014-07-22 Bally Gaming, Inc. Authentication system for gaming machines
EP1465038B1 (de) * 2003-04-03 2013-03-27 STMicroelectronics (Research & Development) Limited Speichersicherungsgerät für flexible Programmumgebung
US7171563B2 (en) * 2003-05-15 2007-01-30 International Business Machines Corporation Method and system for ensuring security of code in a system on a chip
US7725740B2 (en) * 2003-05-23 2010-05-25 Nagravision S.A. Generating a root key for decryption of a transmission key allowing secure communications
US7475254B2 (en) 2003-06-19 2009-01-06 International Business Machines Corporation Method for authenticating software using protected master key
US7434231B2 (en) * 2003-06-27 2008-10-07 Intel Corporation Methods and apparatus to protect a protocol interface
FR2867929B1 (fr) * 2004-03-19 2007-03-02 Gemplus Card Int Procede d'authentification dynamique de programmes par un objet portable electronique
JP4544901B2 (ja) * 2004-04-19 2010-09-15 株式会社日立製作所 記憶制御システム及びブート制御システム
US20050262337A1 (en) * 2004-05-24 2005-11-24 Siemens Vdo Automotive Corporation Method and device for determining flash software compatibility with hardware
JP4447977B2 (ja) 2004-06-30 2010-04-07 富士通マイクロエレクトロニクス株式会社 セキュアプロセッサ、およびセキュアプロセッサ用プログラム。
US7694121B2 (en) * 2004-06-30 2010-04-06 Microsoft Corporation System and method for protected operating system boot using state validation
US7937593B2 (en) * 2004-08-06 2011-05-03 Broadcom Corporation Storage device content authentication
DE102004047191A1 (de) * 2004-09-29 2006-04-06 Robert Bosch Gmbh Manipulationsgeschütztes Mikroprozessorsystem und Betriebsverfahren dafür
WO2006054128A1 (en) 2004-11-22 2006-05-26 Nokia Corporation Method and device for verifying the integrity of platform software of an electronic device
KR100654446B1 (ko) * 2004-12-09 2006-12-06 삼성전자주식회사 보안 부팅 장치 및 방법
US7725703B2 (en) * 2005-01-07 2010-05-25 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US7774596B2 (en) * 2005-02-02 2010-08-10 Insyde Software Corporation System and method for updating firmware in a secure manner
US7736234B2 (en) * 2005-03-09 2010-06-15 Igt MRAM as critical event storage for powered down gaming machines
US7722468B2 (en) * 2005-03-09 2010-05-25 Igt Magnetoresistive memory units as read only memory devices in gaming machines
US20060205513A1 (en) * 2005-03-09 2006-09-14 Igt MRAM as nonvolatile safe storage for power hit and ESD tolerance in gaming machines
US20060236122A1 (en) * 2005-04-15 2006-10-19 Microsoft Corporation Secure boot
US8966284B2 (en) 2005-09-14 2015-02-24 Sandisk Technologies Inc. Hardware driver integrity check of memory card controller firmware
KR100973733B1 (ko) * 2005-09-14 2010-08-04 쌘디스크 코포레이션 메모리 카드 제어기 펌웨어의 하드웨어 드라이버 무결성체크
KR100675186B1 (ko) 2005-09-29 2007-01-30 엘지전자 주식회사 사용자식별모듈의 사용자식별정보 해시 기능을 가지는이동통신 단말기 및 그 부팅 방법
WO2007041501A2 (en) * 2005-09-30 2007-04-12 Phoenix Technologies Ltd. Secure execution environment by preventing execution of unauthorized boot loaders
US20070101156A1 (en) * 2005-10-31 2007-05-03 Manuel Novoa Methods and systems for associating an embedded security chip with a computer
WO2007064359A1 (en) 2005-11-29 2007-06-07 Thomson Licensing Method and apparatus for securing digital content
WO2007135672A2 (en) * 2006-05-24 2007-11-29 Safend Ltd. Method and system for defending security application in a user's computer
EP1868127A1 (de) * 2006-06-15 2007-12-19 Thomson Telecom Belgium Gerät mit einem öffentlichen und einem privaten Inhalt und verfahren zur Initialisierung des Geräts
US8117429B2 (en) * 2006-11-01 2012-02-14 Nokia Corporation System and method for a distributed and flexible configuration of a TCG TPM-based local verifier
US8291480B2 (en) 2007-01-07 2012-10-16 Apple Inc. Trusting an unverified code image in a computing device
US8239688B2 (en) 2007-01-07 2012-08-07 Apple Inc. Securely recovering a computing device
US8254568B2 (en) * 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
US20080178257A1 (en) * 2007-01-20 2008-07-24 Takuya Mishina Method for integrity metrics management
US7617493B2 (en) * 2007-01-23 2009-11-10 International Business Machines Corporation Defining memory indifferent trace handles
KR101209252B1 (ko) * 2007-02-02 2012-12-06 삼성전자주식회사 전자기기의 부팅 방법 및 부팅 인증 방법
US8392988B2 (en) * 2007-02-09 2013-03-05 Ntt Docomo, Inc. Terminal device and method for checking a software program
US20080222428A1 (en) * 2007-03-07 2008-09-11 Andrew Dellow Method for Securing Authenticity of Data in a Digital Processing System
KR101427646B1 (ko) * 2007-05-14 2014-09-23 삼성전자주식회사 펌웨어의 무결성 검사 방법 및 장치
US8422674B2 (en) * 2007-05-29 2013-04-16 International Business Machines Corporation Application-specific secret generation
US8332635B2 (en) * 2007-05-29 2012-12-11 International Business Machines Corporation Updateable secure kernel extensions
US8433927B2 (en) * 2007-05-29 2013-04-30 International Business Machines Corporation Cryptographically-enabled privileged mode execution
US20110044451A1 (en) * 2007-07-25 2011-02-24 Panasonic Corporation Information processing apparatus and falsification verification method
US8068614B2 (en) * 2007-09-28 2011-11-29 Intel Corporation Methods and apparatus for batch bound authentication
US8332636B2 (en) * 2007-10-02 2012-12-11 International Business Machines Corporation Secure policy differentiation by secure kernel design
US8166304B2 (en) * 2007-10-02 2012-04-24 International Business Machines Corporation Support for multiple security policies on a unified authentication architecture
US20090172420A1 (en) * 2007-12-31 2009-07-02 Kabushiki Kaisha Toshiba Tamper resistant method and apparatus for a storage device
KR101502032B1 (ko) * 2008-03-06 2015-03-12 삼성전자주식회사 보안 기능을 갖는 프로세서 장치
AU2009201191A1 (en) * 2008-03-26 2009-10-15 Aristocrat Technologies Australia Pty Limited A gaming machine
US8150039B2 (en) 2008-04-15 2012-04-03 Apple Inc. Single security model in booting a computing device
CN101299849B (zh) * 2008-04-25 2010-05-12 中兴通讯股份有限公司 一种WiMAX终端及其启动方法
DE102008021567B4 (de) * 2008-04-30 2018-03-22 Globalfoundries Inc. Computersystem mit sicherem Hochlaufmechanismus auf der Grundlage einer Verschlüsselung mit symmetrischem Schlüssel
US9122864B2 (en) * 2008-08-05 2015-09-01 International Business Machines Corporation Method and apparatus for transitive program verification
US20100064125A1 (en) * 2008-09-11 2010-03-11 Mediatek Inc. Programmable device and booting method
US9653004B2 (en) 2008-10-16 2017-05-16 Cypress Semiconductor Corporation Systems and methods for downloading code and data into a secure non-volatile memory
US8832454B2 (en) * 2008-12-30 2014-09-09 Intel Corporation Apparatus and method for runtime integrity verification
US8806220B2 (en) 2009-01-07 2014-08-12 Microsoft Corporation Device side host integrity validation
DE102010005726A1 (de) * 2010-01-26 2011-07-28 Giesecke & Devrient GmbH, 81677 Verfahren zum Zuordnen eines tragbaren Datenträgers, insbesondere einer Chipkarte, zu einem Terminal
KR20120092222A (ko) 2011-02-11 2012-08-21 삼성전자주식회사 보안 부팅 방법 및 보안 부트 이미지 생성 방법
JP2014170255A (ja) * 2011-06-29 2014-09-18 Panasonic Corp セキュアブート方法
WO2013048458A1 (en) * 2011-09-30 2013-04-04 Hewlett-Packard Development Company, L.P. Option read-only memory use
TW201346764A (zh) * 2012-05-11 2013-11-16 Ibase Technology Inc 開機保全軟體方法
US9671945B2 (en) * 2013-12-17 2017-06-06 American Megatrends, Inc. Techniques of launching virtual machine from thin client
US20150286823A1 (en) * 2014-04-07 2015-10-08 Qualcomm Incorporated System and method for boot sequence modification using chip-restricted instructions residing on an external memory device
GB2525409B (en) * 2014-04-24 2016-11-02 Ibm Enabling an external operating system to access encrypted data units of a data storage system
US9195831B1 (en) 2014-05-02 2015-11-24 Google Inc. Verified boot
WO2016167801A1 (en) * 2015-04-17 2016-10-20 Hewlett Packard Enterprise Development Lp Firmware map data
US20160314288A1 (en) * 2015-04-22 2016-10-27 Qualcomm Incorporated Method and apparatus for write restricted storage
US10176094B2 (en) * 2015-06-30 2019-01-08 Renesas Electronics America Inc. Common MCU self-identification information
ES2877364T3 (es) * 2015-07-31 2021-11-16 Hewlett Packard Development Co Suministros de imágenes
WO2017066194A1 (en) 2015-10-11 2017-04-20 Renesas Electronics America Inc. Data driven embedded application building and configuration
US9916452B2 (en) 2016-05-18 2018-03-13 Microsoft Technology Licensing, Llc Self-contained cryptographic boot policy validation
US10365961B2 (en) * 2016-09-09 2019-07-30 Dell Products L.P. Information handling system pre-boot fault management
KR102538096B1 (ko) * 2016-09-13 2023-05-31 삼성전자주식회사 어플리케이션을 검증하는 디바이스 및 방법
CN106778283B (zh) * 2016-11-21 2020-04-07 惠州Tcl移动通信有限公司 一种系统分区关键数据的保护方法及系统
US10417429B2 (en) 2017-06-02 2019-09-17 Apple Inc. Method and apparatus for boot variable protection
US11263326B2 (en) 2017-06-02 2022-03-01 Apple Inc. Method and apparatus for secure system boot
WO2020027815A1 (en) * 2018-07-31 2020-02-06 Hewlett-Packard Development Company, L.P. Executing instructions
JP6925542B2 (ja) 2018-10-12 2021-08-25 三菱電機株式会社 ソフトウェア検証装置、ソフトウェア検証方法およびソフトウェア検証プログラム
CN110262840B (zh) * 2019-06-17 2023-01-10 Oppo广东移动通信有限公司 设备启动监控方法及相关产品
US11960608B2 (en) * 2021-04-29 2024-04-16 Infineon Technologies Ag Fast secure booting method and system

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4654480A (en) * 1985-11-26 1987-03-31 Weiss Jeffrey A Method and apparatus for synchronizing encrypting and decrypting systems
AU3777593A (en) * 1992-02-26 1993-09-13 Paul C. Clark System for protecting computers via intelligent tokens or smart cards
US5643086A (en) * 1995-06-29 1997-07-01 Silicon Gaming, Inc. Electronic casino gaming apparatus with improved play capacity, authentication and security
CA2225805C (en) * 1995-06-29 2002-11-12 Allan E. Alcorn Electronic casino gaming system with improved play capacity, authentication and security
JP3293760B2 (ja) 1997-05-27 2002-06-17 株式会社エヌイーシー情報システムズ 改ざん検知機能付きコンピュータシステム
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6401208B2 (en) * 1998-07-17 2002-06-04 Intel Corporation Method for BIOS authentication prior to BIOS execution
US6081890A (en) * 1998-11-30 2000-06-27 Intel Corporation Method of communication between firmware written for different instruction set architectures
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
JP4812168B2 (ja) * 1999-02-15 2011-11-09 ヒューレット・パッカード・カンパニー 信用コンピューティング・プラットフォーム
US6625730B1 (en) * 2000-03-31 2003-09-23 Hewlett-Packard Development Company, L.P. System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine
US20040064457A1 (en) * 2002-09-27 2004-04-01 Zimmer Vincent J. Mechanism for providing both a secure and attested boot

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9824220B2 (en) 2013-03-28 2017-11-21 International Business Machines Corporation Secure execution of software modules on a computer

Also Published As

Publication number Publication date
JP4052978B2 (ja) 2008-02-27
HK1058561A1 (en) 2004-05-21
KR100965717B1 (ko) 2010-06-24
US6907522B2 (en) 2005-06-14
US20030229777A1 (en) 2003-12-11
US20050138270A1 (en) 2005-06-23
EP1369764A3 (de) 2005-05-18
KR20030095301A (ko) 2003-12-18
EP1369764B1 (de) 2009-12-23
TWI292556B (en) 2008-01-11
JP2004013905A (ja) 2004-01-15
AU2003204376A1 (en) 2004-01-08
US7676840B2 (en) 2010-03-09
CN100492277C (zh) 2009-05-27
TW200401228A (en) 2004-01-16
CN1469238A (zh) 2004-01-21
EP1369764A2 (de) 2003-12-10
AU2003204376B2 (en) 2009-11-26
ATE453162T1 (de) 2010-01-15

Similar Documents

Publication Publication Date Title
DE60330627D1 (de) Verwendung eines Hash beim Starten eines sicheren Betriebssystems
NO20072367L (no) Innlagte optiske signaturer i dokumenter
US11017091B2 (en) Firmware map data
ATE522875T1 (de) Identifizierung von textpassagen
TW200514408A (en) System and method for authenticating software using protected master key
TW200515241A (en) Data management apparatus, data management method and computer program
NO20072364L (no) Integrert optisk signaturer pa dokumenter.
RU2010121177A (ru) Прогрессивная начальная загрузка для беспроводного устройства
TW200638200A (en) System and method for reducing memory requirements of firmware and providing secure updates and storage areas for firmware
WO2009032036A3 (en) Compatible trust in a computing device
DK1743229T3 (da) Certifikatvaliditetskontrol
WO2001050230A3 (en) Electronic security technique for gaming software
BRPI0418838A (pt) método para suportar uma codificação de um sinal de áudio, módulo para suportar uma codificação de um sinal de áudio, dispositivo eletrÈnico, sistema de codificação de áudio, e, produto de programa de software
WO2008085447A3 (en) Securely recovering a computing device
BR0210379A (pt) Método e sistema para assegurar a confiabilidade do dispositivo eletrônico, dispositivo eletrônico, e dispositivo de armazenagem
BRPI0504860A (pt) arquitetura extesìvel para vìdeos auxiliares
NO20084430L (no) En fremgangsmate for a lage et sikkert personkort og dens arbeidsprosess
DE602004021667D1 (de) Vorrichtung und Verfahren zur Beschleunigung eines Sonderzweckprozessors
WO2003073243A3 (en) Embedded processor with direct connection of security devices for enhanced security
WO2003090050A3 (en) System and method for detecting malicicous code
WO2003102727A3 (en) System and method for providing a digital rights scheme for browser downloads
CN103020518A (zh) 一种基于TPM的Linux内核初始化中的数据结构保护方法及系统
ATE462263T1 (de) Verfahren und system zur speicherung von temporären of i-wlan-identitäten
JP6297425B2 (ja) 攻撃コード検出装置、攻撃コード検出方法、及びプログラム
ATE553441T1 (de) Elektronische dateiverwaltung

Legal Events

Date Code Title Description
8364 No opposition during term of opposition