GB2595509A - Computer secure boot method and system - Google Patents

Computer secure boot method and system Download PDF

Info

Publication number
GB2595509A
GB2595509A GB2008064.4A GB202008064A GB2595509A GB 2595509 A GB2595509 A GB 2595509A GB 202008064 A GB202008064 A GB 202008064A GB 2595509 A GB2595509 A GB 2595509A
Authority
GB
United Kingdom
Prior art keywords
controller unit
secondary controller
memory device
stored
firmware program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB2008064.4A
Other versions
GB202008064D0 (en
Inventor
Ren Shuqin
Lok Yap Wei
Chan John
Dat Tran Tien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Continental Automotive GmbH
Original Assignee
Continental Automotive GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Continental Automotive GmbH filed Critical Continental Automotive GmbH
Priority to GB2008064.4A priority Critical patent/GB2595509A/en
Publication of GB202008064D0 publication Critical patent/GB202008064D0/en
Publication of GB2595509A publication Critical patent/GB2595509A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

A computer secure boot system 100 comprising a memory device 112 for storing a secondary controller unit firmware program 124 for example in a non-volatile memory device, a primary processing unit 110, 111 of a primary controller unit 102 for authenticating the secondary controller unit firmware program 124 stored in the memory device 112, and a secondary controller unit for running the secondary controller unit firmware program 124 stored in the memory device 112 in order to boot the secondary controller unit up. the system may comprise an authentication program 120 comprising instructions, that when executed, is configured to authenticate the secondary controller unit firmware program 124 stored in the memory device 112.

Description

COMPUTER SECURE BOOT METHOD AND SYSTEM FIELD OF THE INVENTION
The invention relates to a computer secure boot system, such as a vehicular computer secure boot system, and a corresponding computer secure boot method.
BACKGROUND
A secure boot method is used to confirm the integrity of firmware programs or software programs of computer systems. Hence, a computer secure hoot system, a computer system capable of performing a secure boot method, is able to a detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of Its firmware, before the computer system boots up. However, the hardware required to perform a secure boot method is currently substantially more expensive to manufacture due to the additional functionality.
SUMMARY
An objective is to provide a computer secure boot system that may be implemented at a reasonable cost.
According to a first aspect of the invention, there is provided a computer secure boot system comprising: a memory device for storing a secondary controller unit firmware program; a primary processing unit of a primary controller unit for authenticating the secondary controller unit firmware program stored in the memory device; and a secondary controller unit for running the secondary controller unit firmware program stored in the memory device in order to boot the secondary controller unit up.
Since the memory device is a separate element from, and thus not part of, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the computer secure boot system is that the primary controller unit is configured to authenticate the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit is configured to perform the authentication of the secondary controller unit firmware program, without involving the secondary controller unit. Hence, the secondary controller unit does not require a secure memory section in order to store an authentication program; hence, the cost of manufacturing the secondary controller unit may be further reduced. Furthermore, the secondary controller unit does not need to be powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost of manufacturing the secondary controller unit.
Optionally, the memory device comprises a nonvolatile memory device for storing the secondary controller unit firmware program.
Optionally, the computer secure boot system further comprises the secondary controller unit firmware program configured to be stored in the memory device. Since the memory device is a separate element from, and thus not part of, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Optionally, the memory device is comprised in the primary controller unit. One advantage is that the computer secure boot system may be made into a more compact and convenient package if the memory device where the secondary controller unit firmware program is configured to be stored were part of the primary controller unit.
Optionally, the computer secure boot system further comprises an authentication program comprising instructions, that when executed, is configured to authenticate the secondary controller unit firmware program stored in the memory device. One advantage of the authentication program is that it is able to authenticate the secondary controller unit firmware program in order to detect a cyberthreat, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up.
Optionally, the authentication program is configured to be stored in the memory device. The memory device may then advantageously 20 function as a convenient and centralised depository for storing programs.
Optionally, the memory comprises a secure memory section and the authentication program is configured to be stored in the secure memory section of the memory device. Advantageously, the secure memory section of the memory device is configured to protect any authentication program stored in it from any cyberthreat or cyberattack.
Optionally, the secondary controller unit comprises a secondary controller unit bootloader configured to run the second controller unit firmware program stored in the memory device in order to boot the secondary controller unit up. The secondary controller unit bootloader is a small software program that is configured to run the second controller unit firmware program, which advantageously requires only a small amount of memory in the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Optionally, the computer secure boot system further comprises a trigger program comprising instructions, that when executed, is configured to trigger the secondary controller unit to boot up. Hence, the booting up of the secondary controller unit may advantageously be externally regulated.
Optionally, the trigger program is configured to be stored in the memory device. The memory device may then advantageously function as a convenient and centralised depository for storing programs.
Optionally, the computer secure hoot system further comprises a plurality of the secondary controller units. Each of the secondary controller units may require a respective different secondary controller unit firmware program. In that case, if the secondary controller unit firmware programs were to be stored in the memory device, the memory device may then advantageously function as a convenient and centralised depository for storing firmware programs.
In addition, since the memory device is a separate element from, and thus not part of, any of the secondary controller units, advantageously, none of the secondary controller units requires a large memory in order to store its secondary controller unit firmware program. In fact, the secondary controller units may each only store a respective bootloader, a small software program that is configured to run a firmware program, in the corresponding memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the computer secure boot system is that the primary controller unit is configured to authenticate the secondary controller unit firmware programs in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit is configured to perform the authentication of the secondary controller unit firmware programs, without involving the secondary controller units. Hence, the secondary controller units do not require secure memory sections in order to store authentication programs; hence, the cost of manufacturing the secondary controller units maybe further reduced. Furthermore, the secondary controller units do not need to be powerful enough to perform the complex operations required when running the authentication programs, and thus substantially reducing the cost of manufacturing the secondary controller units.
Such cost savings and reductions may be considerable, par-ticularly if the computer secure boot system comprises a large number of secondary controller units, because the cost savings and reductions for manufacturing each secondary controller unit may be correspondingly multiplied. For instance, currently, a vehicular computer secure boot system may comprise hundreds of secondary controller units.
Optionally, the computer secure boot system further comprises a network connector configured to operatively connect the secondary controller unit or the secondary controller units and the primary processing unit of the primary controller unit into a distributed network system. Advantageously, the primary controller unit and the secondary controller unit or the secondary controller units may be physically located in different locations, because the network connector may provide the corn-munication link between them.
Optionally, the computer secure boot system is comprised in a network.
Optionally, the computer secure boot system is comprised in a vehicle.
Optionally, the computer secure boot system is comprised in an embedded system.
Optionally, there is provided a computer secure boot method using 5 the computer boot system, the method comprising the steps of: storing the secondary controller unit firmware program on the memory device; authenticating, by the primary processing unit of the primary controller unit, the secondary controller unit firmware program stored in the memory device; and running, by the 10 secondary controller unit, the secondary controller unit firmware program stored in the memory device.
Since the memory device is a separate element from, and thus not part of, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the computer secure boot method is that the primary controller unit authenticates the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit performs the authenti-cation of the secondary controller unit firmware program, without involving the secondary controller unit. Hence, the secondary controller unit does not require a secure memory section in order to store an authentication program; hence, the cost of manufacturing the secondary controller unit maybe further reduced.
Furthermore, the secondary controller unit does not need to be powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost of manufacturing the secondary controller unit.
Any feature or step disclosed in the context of the first aspect of the invention may also be used, to the extent possible, in combination with and/or in the context of other aspects of the 5 Invention, and in the inventions generally.
According to a second aspect of the invention, there is provided a vehicular computer secure boot system comprising: a memory device for storing a secondary controller unit firmware program; a primary processing unit of a primary controller unit for authenticating the secondary controller unit firmware program stored in the memory device; and a secondary controller unit for running the secondary controller unit firmware program stored in the memory device in order to boot the secondary controller unit up.
Since the memory device is a separate element from, and thus not part of, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the vehicular computer secure boot system is that the primary controller unit is configured to authenticate the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit is configured to perform the authentication of the secondary controller unit firmware program, without involving the secondary controller unit. Hence, the secondary controller unit does not require a secure memory section in order to store an authentication program; hence, the cost of manufacturing the secondary controller unit may be further reduced. Furthermore, the secondary controller unit does not need to be powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost of manufacturing the secondary controller unit.
Any feature or step disclosed in the context of any other aspect of the invention may also be used, to the extent possible, in combination with and/or in the context of the second aspect of 10 the invention, and in the inventions generally.
According to a third aspect of the invention, there is provided an embedded computer secure boot system comprising: a memory device for storing a secondary controller unit firmware program; a primary processing unit of a primary controller unit for authenticating the secondary controller unit firmware program stored in the memory device; and a secondary controller unit for running the secondary controller unit firmware program stored in the memory device in order to boot the secondary controller unit up.
Since the memory device is a separate element from, and thus not part of, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the embedded computer secure boot system is that the primary controller unit is configured to authenticate the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit is configured to perform the authentication of the secondary controller unit firmware program, without involving the secondary controller unit. Hence, the secondary controller unit does not require a secure memory section in order to store an au-5 thentication program; hence, the cost of manufacturing the secondary controller unit may be further reduced. Furthermore, the secondary controller unit does not need to be powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost 10 of manufacturing the secondary controller unit.
Any feature or step disclosed in the context of any other aspect of the invention may also be used, to the extent possible, in combination with and/or in the context of the third aspect of the 15 invention, and in the inventions generally.
According to a fourth aspect of the invention, there is provided a non-transitory computer-readable medium with instructions stored thereon, that when executed, perform a computer secure boot method comprising the steps of: providing a secondary controller unit and a memory device not comprised in the secondary controller unit; storing a secondary controller unit firmware program on the memory device; authenticating, by a primary processing unit of a primary controller unit, the secondary controller unit firmware program stored in the memory device; and running, by the secondary controller unit, the secondary controller unit firmware program stored in the memory device.
Since the memory device is not comprised in, and thus a separate element from, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the fourth aspect of the invention is that the primary controller unit is configured to authenticate the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit is configured to perform the authentication of the secondary controller unit firmware program, without involving the sec-ondarycontroller unit. Hence, the secondary controllerunit does not require a secure memory section in order to store an authentication program; hence, the cost of manufacturing the secondary controller unit may be further reduced. Furthermore, the secondary controller unit does not need to he powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost of manufacturing the secondary controller unit.
Any feature or step disclosed in the context of any other aspect 20 of the invention may also be used, to the extent possible, in combination with and/or in the context of the fourth aspect of the invention, and in the inventions generally.
According to a fifth aspect of the Invention, there is provided a computer-implemented secure boot method comprising the steps of: providing a secondary controller unit and a memory device not comprised in the secondary controller unit; storing a secondary controller unit firmware program on the memory device; authenticating, by a primary processing unit of a primary con-troller unit, the secondary controller unit firmware program stored in the memory device; and running, by the secondary controller unit, the secondary controller unit firmware program stored in the memory device.
Since the memory device is not comprised in, and thus a separate element from, the secondary controller unit, the secondary controller unit advantageously does not require a large memory in order to store the secondary controller unit firmware program. 7_1
In fact, the secondary controller unit may only store a bootloader, a small software program that is configured to run a firmware program, in the memory of the secondary controller unit. The memory of a controller unit is expensive to manufacture.
Hence, the cost of manufacturing the secondary controller unit may be greatly reduced if it only requires a small memory.
Another advantage of the computer-implemented secure boot method is that the primary controller unit authenticates the secondary controller unit firmware program in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit up. Moreover, the primary controller unit performs the authentication of the secondary controller unit firmware program, without involving the secondary controller unit. Hence, the secondary controller unit does not require a secure memory section in order to store an authentication program; hence, the cost of manufacturing the secondary controller unit maybe further reduced. Furthermore, the secondary controller unit does not need to be powerful enough to perform the complex operations required when running the authentication program, and thus substantially reducing the cost of manufacturing the secondary controller unit.
Any feature or step disclosed in the context of any other aspect 25 of the invention may also be used, to the extent possible, in combination with and/or in the context of the fifth aspect of the invention, and in the inventions generally.
According to a sixth aspect of the Invention, there is provided a computer secure boot system comprising: a memory device for storing a secondary controller unit firmware program; wherein the memory device comprises a nonvolatile memory device for storing the secondary controller unit firmware program, and the nonvolatile memory device comprises a secure memory section; the secondary controller unit firmware program configured to be stored in the nonvolatile memory device; a primary processing unit of a primary controller unit for authenticating the secondary controller unit firmware program stored in the nonvolatile memory device; wherein the memory device is comprised in the primary controller unit; a secondary controller unit for running the secondary controller unit firmware program stored in the nonvolatile memory device in order to boot the secondary controller unit up; wherein the secondary controller unit comprises a secondary controller unit bootloader configured to run the second controller unit firmware program stored in the nonvolatile memory device in order to boot the secondary controller unit up; an authentication program comprising in-structions, that when executed, is configured to authenticate the secondary controller unit firmware program stored in the nonvolatile memory device; wherein the authentication program is configured to he stored in the secure memory section of the nonvolatile memory device; and a trigger program comprising instructions, that when executed, is configured to trigger the secondary controller unit to boot up; wherein the trigger program is configured to be stored in the nonvolatile memory device.
Any feature or step disclosed in the context of any other aspect 20 of the invention may also be used, to the extent possible, in combination with and/or in the context of the sixth aspect of the invention, and in the inventions generally.
As used in this summary, in the description be_ow, in the claims below, and in the accompanying drawings, the term "volatile memory" means any type of computer memory where the contents of the memory are lost if there is no power to the computer. Random-access memory (RAM) is an example of a type of volatile memory. As used in the summary above, in this description, in the claims below, and in the accompanying drawings, the term "nonvolatile memory" or the term "non-transitory computer-readable medium" means any type of computer memory where the contents of the memory are retained even if there is no power to the computer. Hard disk and solid-state drive (SSD) are examples of types of nonvolatile memory or non-transitory computer-readable medium.
As used in this summary, in the description below, in the claims below, and in the accompanying drawings, the term "processing unit" means a computer component that is configured to perform calculations and to control other components. Central processing unit (CPU) and graphics processing unit (GPU) are examples of types of processing unit.
As used in this summary, in the description below, in the claims below, and in the accompanying drawings, the term "controller unit" means a computer component that comprises one or more processing units. A controller unit may also comprise a memory device comprising volatile memory and/or nonvolatile memory.
As used in this summary, in the description below, in the claims 15 below, and in the accompanying drawings, the term "embedded system" means a computer system that is embedded within a larger system.
As used in this summary, in the description below, in the claims below, and in the accompanying drawings, the term "network" means at least two computers and/or devices operatively connected together, for instance, to permit data to be shared. Personal area network (PAN), local area network (LAN) and wide area network (WAN) are examples of types of network.
As used in this summary, in the description below, in the claims below, and in the accompanying drawings, the term "threat" or the term "cyberthreat" means something that may or may not happen, but that has the potential to cause harm or damage to a computer system or a computer network. An example of a threat is un-authorised access to information, for instance, when information has been leaked out of a computer system or a computer network, or when a computer system or a computer network has been hacked to access the information stored within.
As used in the summary above, in this description, in the claims below, and in the accompanying drawings, the term "attack" or the term "cyberattack" means any type of offensive manoeuvre that gains unauthorised access to or damages a computer system or a computer network. An attack or a cyberattack is an example of a threat. An attack may the involve unauthorised interception of information, the unauthorised alteration or corruption of information, the fabrication of false information, or the inundation of unwanted information.
In this summary, in the description below, in the claims below, and in the accompanying drawings, reference is made to particular features (including method steps) of the invention. It is to be understood that the disclosure of the invention in this specification includes all possible combinations of such particular features. For example, where a particular feature is disclosed in the context of a particular aspect or embodiment of the invention, or a particular claim, that feature can also be used, to the extent possible, in com-bination with and/or in the context of other particular aspects and embodiments of the invention, and in the inventions generally.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other features, aspects, and advantages will become better understood with regard to the following description, appended claims, and accompanying drawings where: Figure 1 shows a computer secure boot system; Figure 2 shows a primary controller unit of the computer secure boot system of Figure 1; Figure 3 shows a secondary controller unit of the computer secure 30 boot system of Figure 1; Figure 4 shows a memory device of the computer secure boot system of Figure 1; Figure 5 shows a vehicle comprising the computer secure boot system of Figure 1; Figure 6 shows an embedded system comprising the computer secure boot system of Figure 1; and Figure 7 shows a diagram for a computer secure boot method using the computer secure boot system of Figure 1.
In the drawings, like parts are denoted by like reference numerals.
DESCRIPTION
In the summary above, in this description, in the claims below, and in the accompanying drawings, reference is made to particular features (including method steps) of the invention. It is to be understood that the disclosure of the invention in this specification includes all possible combinations of such particular features. For example, where a particular feature is disclosed in the context of a particular aspect or embodiment of the invention, or a particular claim, that feature can also be used, to the extent possible, in combination with and/or in the context of other particular aspects and embodiments of the invention, and in the inventions generally.
The term "comprises" and grammatical equivalents thereof are used herein to mean that other components, ingredients, steps, et cetera are optionally present. For example, an article "comprising" (or "which comprises") components A, B, and C can consist of (that is, contain only) components A, B, and C, or can contain not only components A B, and C but also one or more other components.
Where reference is made herein to a method comprising two or more defined steps, the defined steps can be carried out in any order or simultaneously (except where the context excludes that possibility), and the method can include one or more other steps which are carried out before any of the defined steps, between two of the defined steps, or after all the defined steps (except where the context excludes that possibility) . The term 'at least" followed by a number is used in to denote the start of a range beginning with that number (which may be a range having an upper limit or no upper limit, depending on the variable being defined). For example, "at least 1" means 1 or more than 1. The term "at most" followed by a number is used herein to denote the end of a range ending with that number (which may be a range having 1 or 0 as its lower limit, or a range having no lower limit, depending on the variable being defined). For example, "at most 5 4" means 4 or less than 4, and "at most 40%" means 40% or less than 40%. When, in this specification, a range is given as "(a first number) to (a second number)" or "(a first number) -(a second number)", this means a range whose lower limit is the first number and whose upper limit is the second number For example, 10 25 to 100 nun means a range whose lower limit is 25 mm, and whose upper limit is 100 mm.
Figure 1 shows a computer secure boot system 100 comprising a primary controller unit 102 and a plurality of secondary controller units 104. The computer secure boot system 100 may further comprise a memory device 106, and a network access device 108 comprising hardware and software to operatively connect, either wirelessly or physically, to a network. For instance, the memory device 106 may be comprised in a remotely located server, and the primary controller unit 102 or the secondary controller units 104 may access the memory device 106 through the network access device 108.
The computer secure boot system 100 may further comprise a network connector configured to operatively connect the secondary controller units 104 and the primary controller unit 102 into a distributed network system. Advantageously, the primary controller unit 102 and the secondary controller units 104 may be physically located in different locations, because the network connector may provide the communication link between them. In addition, the computer secure boot system may be comprised in a network.
Figure 2 shows the primary controller unit 102 of the computer 35 secure boot system 100 of Figure 1.
The primary controller unit 102 comprises a primary processing unit 110 and a primary memory device 112 that comprises a primary volatile memory device 114 and a primary nonvolatile memory device 116. The primary nonvolatile memory device 116 may comprise a primary secure memory section 118 that protects data or programs stored in it from any cyberthreat. The primary secure memory section 118 may be used to store keys 119 for encryption and decryption. The primary controller unit 102 may further comprise a secure primary processing unit 111 configured to assess the primary secure memory section 118.
An authentication program 120 comprising instructions, that when executed, is configured to authenticate a secondary controller unit firmware program 124, may be stored in the primary memory device 112 of the primary controller unit 102. One advantage of the authentication program 120 is that it is able to authenticate the secondary controller unit firmware program 124 in order to detect a cyberthreat, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit 104 up. One advantage of using the primary memory device 112 to store the authentication program 120 is that the primary memory device 112 may then advantageously function as a convenient and centralised depository for storing programs. The authentication program 120 may also be stored in the primary nonvolatile memory device 116. Furthermore, the authentication program 120 may be stored in the primary secure memory section 118. Advantageously, the primary secure memory section 118 of the primary memory device 112 is configured to protect the authentication program 120 stored in it from any cyberthreat or cyberattack.
The authentication program 120 may be run by the primary processing unit 110 or the secure primary processing unit 111 of the primary controller unit 102. The authentication program 120 may perform either symmetric encryption and decryption, or asymmetric encryption and decryption.
The authentication program 120 performs symmetric encryption and decryption using a secret key 119 to perform encryption or decryption. Hence, the authentication program 120 may use the secret key 119 to encrypt the secondary controller unit firmware program 124, or to decrypt the secondary controller unit firmware program 124 that has been encrypted with the same secret key 119. The authentication program 120 may also use the secret key 119 5 to verify the integrity of the secondary controller unit firmware program 124 and to detect whether there is an unauthorised alteration or corruption of the secondary controller unit firmware program 124. The secret key 119 may be stored in the primary secure memory section 118 in order to prevent any 10 unauthorised access to the secret key 119.
The authentication program 120 performs asymmetric encryption and decryption using a private key 119 and a public key 119. Hence, if encryption is performed with the public key 119, then de-cryption will be performed with the private key 119. Alternatively, if encryption is performed with the private key 119, then decryption will be performed with the public key 119. For instance, the secondary controller unit firmware program 124 may be encrypted with the private key 119, and thus the authentication program 120 uses the public key 119 to decrypt the encrypted secondary controller unit firmware program 124. In addition, the authentication program 120 may use the private key 119 or the public key 119 to verify the integrity of the secondary controller unit firmware program 124 and to detect whether there is an unauthorised alteration or corruption of the secondary controller unit firmware program 124. The private key 119 and the public key 119 may be stored in the primary secure memory section 118 in order to prevent any unauthorised access to the private key 119 and the public key 119.
A trigger program 122 comprising instructions, that when executed, is configured to trigger the secondary controller units 104 to hoot up, may be stored in the primary memory device 112 of the primary controller unit 102. Hence, the hooting up of the secondary controller units 104 may advantageously be externally regulated. One advantage of using the primary memory device 112 to store the trigger program 122 is that the primary memory device 112 may then advantageously function as a convenient and centralised depository for storing programs. The trigger program 122 may also be stored in the primary nonvolatile memory device 116.
The trigger program 122 may be run by the primary processing unit 110 of the primary controller unit 102. The trigger program 112 triggers a secondary controller unit 104 by sending a signal to the secondary controller unit 104. When the secondary controller unit 104 receives the signal, a secondary controller unit bootloader 138 is triggered to run the secondary controller unit's 104 secondary controller unit firmware program 124, and thus boot the secondary controller unit 104 up.
The secondary controller unit firmware programs 124 maybe stored in the primary memory device 112 of the primary controller unit 102. The secondary controller unit firmware programs 124 may also be stored in the primary nonvolatile memory device 116. Since the primary memory device 112 is a separate element from, and thus not part of, the secondary controller unit 104, the secondary controller unit 104 advantageously does not require a large memory in order to store the secondary controller unit firmware program 124. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit 104 may be greatly reduced if it only requires a small memory. One advantage of storing the secondary controller unit firmware programs 124 in the primary memory device 112 is that the computer secure boot system 100 may be made into a more compact and convenient package, because the memory device 106 is then optional and may be eliminated.
The secondary controller unit firmware programs 124 comprise instructions, that when executed, are configured to boot the secondary controller units 104 up. The secondary controller unit firmware programs 124 maybe run by the secondary processing unit 130 of the secondary controller unit 104.
A primary controller unit firmware program 126 may be stored in the primary memory device 112 of the primary controller unit 102.
The primary controller unit firmware program 126 may also be stored in the primary nonvolatile memory device 116. The primary controller unit firmware program 126 comprises instructions, that when executed, is configured to boot the primary controller unit 102 up. Theprimarycontrollerunit firmware program 126 may be run by the primary processing unit 110 of the primary controller unit 102.
A primary controller unit bootloader 128 may be stored in the primary memory device 112 of the primary controller unit 102. The primary controller unit bootloader 128 may also be stored in the primary nonvolatile memory device 116. The primary controller unit bootloader 128 comprises instructions, that when executed, is configured to run the primary controller unit firmware program 126. The primary controller unit bootloader 128 may be run by the primary processing unit 110 of the primary controller unit 102. The primary controller unit boctloader 128 may only be permitted to run the primary controller unit firmware program 126 after the authentication program 120 successfully authenticates the primary controller unit firmware program 126.
Figure 3 shows the secondary controller unit 104 of the computer secure boot system 100 of Figure 1.
The secondary controller unit 104 comprises a secondary processing unit 130 and a secondary memory device 132 that comprises a secondary volatile memory device 134 and a secondary nonvolatile memory device 136.
The secondary processing unit 130 of the secondary controller unit 104 may be less powerful than the primary processing unit 110 of the primary controller unit 102, and the secondary memory device 132 may have a smaller capacity than the primary memory device 112. In that case, the secondary controller unit 104 may be substantially cheaper to manufacture than the primary controller unit 102. In addition, in some systems, there maybe a large number of the secondary controller units 104, and thus cost savings for manufacturing each secondary controller unit 104 may be correspondingly multiplied.
The secondary controller unit bootloader 138 maybe stored in the secondary memory device 132 of the secondary controller unit 104. The secondary controller unit bootloader 138 may also be stored in the secondary nonvolatile memory device 136. The secondary controller unit bootloader 138 comprises instructions, that when executed, is configured to run the secondary controller unit firmware program 124. The secondary controller unit bootloader 138 may be run by the secondary processing unit 130 of the secondary controller unit 104. The secondary controller unit bootloader 138 may only be permitted to run the secondary controller unit firmware program 124 after the authentication program 120 successfully authenticates the secondary controller unit firmware program 124.
Figure 4 shows the memory device 106 of the computer secure boot system 100 of Figure 1.
The memory device 106 comprises a volatile memory device 140 and a nonvolatile memory device 142. The nonvolatile memory device 142 may comprise a secure memory section 144 that protects data or programs stored in it from any cyberthreat. The secure memory section 144 maybe used to store the keys 119 for encryption and decryption. The secure primary processing unit 111 may be configured to assess the secure memory section 144.
The authentication program 120 comprising instructions, that when executed, is configured to authenticate the secondary controller unit firmware program 124, maybe stored in the memory device 106. One advantage of the authentication program 120 is that it is able to authenticate the secondary controller unit firmware program 124 in order to detect a cyberthreat, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller unit 104 up. One advantage of using the memory device 106 to store the authentication program 120 is that the memory device 106 may then advantageously function as a convenient and centralised depository for storing programs. The authentication program 120 may also be stored in the nonvolatile memory device 142. Furthermore, the authentication program 120 may be stored in the secure memory section 144.
Advantageously, the secure memory section 144 is configured to protect the authentication program 120 stored in it from any cyberthreat or cyberattack.
The authentication program 120 may be run by the primary processing unit 110 or the secure primary processing unit 111 of the primary controller unit 102. The authentication program 120 may perform either symmetric encryption and decryption, or asymmetric encryption and decryption.
The authentication program 120 performs symmetric encryption and decryption using the secret key 119 to perform encryption or decryption. Hence, the authentication program 120 may use the secret key 119 to encrypt the secondary controller unit firmware program 124, or to decrypt the secondary controller unit firmware program 124 that has been encrypted with the same secret key 119. The authentication program 120 may also use the secret key 119 to verify the integrity of the secondary controller unit firmware program 124 and to detect whether there is an unauthorised alteration or corruption of the secondary controller unit firmware program 124. The secret key 119 may be stored in the secure memory section 144 in order to prevent any unauthorised access to the secret key 119.
The authentication program 120 performs asymmetric encryption and decryption using the private key 119 and the public key 119. Hence, if encryption is performed with the public key 119, then decryption will be performed with the private key 119. Alternatively, if decryption is performed with the private key 119, then decryption will be performed with the public key 119. For instance, the secondary controller unit firmware program 124 may be encrypted with the private key 119, and thus the authentication program 120 uses the public key 119 to decrypt the encrypted secondary controller unit firmware program 124. In addition, the authentication program 120 may use the private key 119 or the public key 119 to verify the integrity of the secondary controller unit firmware program 124 and to detect whether there is an unauthorised alteration or corruption of the secondary con-troller unit firmware program 124. The private key 119 and the public key 119 may be stored in the secure memory section 144 in order to prevent any unauthorised access to the private key 119 and the public key 119.
The trigger program 122 comprising instructions, that when executed, is configured to trigger the secondary controller units 104 to boot up, may be stored in the memory device 106. Hence, the booting up of the secondary controller units 104 may ad-vantageously be externally regulated. One advantage of using the memory device 106 to store the trigger program 122 is that the memory device 106 may then advantageously function as a convenient and centralised depository for storing programs. The trigger program 122 may also be stored in the nonvolatile memory device 142.
The trigger program 122 may be run by the primary processing unit 110 of the primary controller unit 102. The trigger program 112 triggers a secondary controller unit 104 by sending a signal to the secondary controller unit 104. When the secondary controller unit 104 receives the signal, the secondary controller unit bootloader 138 is triggered to run the secondary controller unit's 104 secondary controller unit firmware program 124, and thus boot the secondary controller unit 104 up.
The secondary controller unit firmware programs 124 maybe stored in the memory device 106. The secondary controller unit firmware programs 124 may also be stored in the nonvolatile memory device 142. Since the memory device 106 is a separate element from, and thus not part of, the secondary controller unit 104, the secondary controller unit 104 advantageously does not require a large memory in order to store the secondary controller unit firmware program 124. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit 104 may be greatly reduced if it only requires a small memory.
The secondary controller unit firmware programs 124 comprise 5 instructions, that when executed, are configured to boot the secondary controller units 104 up. The secondary controller unit firmware programs 124 comprise instructions, that when executed, are configured to boot the secondary controller units 104 up. The secondary controller unit firmware programs 124 may be run by the 10 secondary processing unit 130 of the secondary controller unit 104.
The primary controller unit firmware program 126 may be stored in the memory device 106. The primary controller unit firmware program 126 may also be stored in the nonvolatile memory device 142. The primary controller unit firmware program 126 comprises instructions, that when executed, is configured to boot the primary controller unit 102 up. The primary controller unit firmware program 126 may be run by the primary processing unit 110 of the primary controller unit 102.
Figure 5 shows a vehicle 150 comprising the computer secure boot system 100 of Figure 1.
Figure 6 shows an embedded system 160 comprising the computer secure boot system 100 of Figure 1 One advantage of the computer secure boot system 100 is that since the memory device 106 or the primary memory device 112 is a separate element from, and thus not part of, any of the secondary controller units 104, none of the secondary controller units 104 requires a large memory in order to store its secondary controller unit firmware program 129. In fact, the secondary controller units 104 may each only store a respective secondary controller unit bootloader 138, a small software program that is configured to run a firmware program, in the corresponding secondary memory device 132 of the secondary controller unit 104. The memory of a controller unit is expensive to manufacture. Hence, the cost of manufacturing the secondary controller unit 104 maybe greatly reduced if it only requires a small memory.
Another advantage of the computer secure boot system 100 is that the primary controller unit 102 is configured to authenticate the secondary controller unit firmware programs 124 in order to detect a cyberthreat or cyberattack, such as an unauthorised alteration or corruption of its firmware, before booting the secondary controller units 104 up. Moreover, the primary controller unit 102 is configured to perform the authentication of the secondary controller unit firmware programs 124, without involving the secondary controller units 104. Hence, the secondary controller units 104 do not require secure memory sections in order to store authentication programs; hence, the cost of manufacturing the secondary controller units 104 maybe further reduced. Furthermore, the secondary controller units 104 do not need to be powerful enough to perform the complex operations required when running the authentication program 120, and thus substantially reducing the cost of manufacturing the secondary controller units 104.
Such cost savings and reductions may be considerable, particularly if the computer secure boot system comprises a large number of secondary controller units, because the cost savings and reductions for manufacturing each secondary controller unit may be correspondingly multiplied. For instance, currently, a vehicular computer secure boot system may comprise hundreds of secondary controller units.
Figure 7 shows a diagram for a computer secure boot method 200 using the computer secure boot system 100 of Figure 1.
At step 202, the computer secure boot system 100 initialises. At step 204, the primary processing unit 110 of the primary controller unit 102 executes the instructions of the primary controller unit bootloader 128. At step 206, the primary processing unit 110 or the secure primary processing unit 111 executes the instructions of the authentication program 120 to authenticate the primary controller unit firmware program 126. If the authentication fails, the primary controller unit 102 goes into bootloader mode at step 208, and then the computer secure boot method 200 ends at step 230. If the authentication is successful, the primary processing unit 110 executes the instructions of the primary controller unit firmware program 126 to boot the primary controller unit 102 up, at step 210.
At step 212, the secondary controller unit firmware programs 124 are stored in the memory device 106 or the primary memory device 112. The secondary controller unit firmware programs 124 maybe retrieved from an external server. At step 214, the primary processing unit 110 or the secure primary processing unit 111 executes the instructions of the authentication program 120 to authenticate the secondary controller unit firmware programs 124 either simultaneously or sequentially.
If the authentication for a secondary controller unit firmware program 124 of a particular secondary controller unit 104 fails, the primary processing unit 110 executes the instructions of the trigger program 122 to trigger the particular secondary controller unit 104 to boot up using its previous version of secondary controller unit firmware program 124, at step 216. Hence, at step 218, the secondary processing unit 130 of the particular secondary controller unit 104 executes the instructions of its secondary controller unit bootloader 138. Thereafter, at step 220, the secondary processing unit 130 of the particular secondary controller unit 104 executes the instructions of its previous version of secondary controller unit firmware program 124 to boot the particular secondary controller unit 104 up. Then, the computer secure boot method 200 ends at step 230.
If the authentication for a secondary controller unit firmware program 124 of a specific secondary controller unit 104 is successful, the primary processing unit 110 executes the instructions of the trigger program 122 to trigger the specific secondary controller unit 104 to boot up using the authenticated secondary controller unit firmware program 124, at step 222. Hence, at step 224, the secondary processing unit 130 of the specific secondary controller unit 104 executes the instructions of its secondary controller unit bootloader 138. Thereafter, at step 226, the secondary processing unit 130 of the specific secondary controller unit 104 executes the instructions of the authenticated secondary controller unit firmware program 124 to boot the specific secondary controller unit 104 up. Then, the computer secure boot method 200 ends at step 230.
Although the invention has been described in considerable detail with reference to certain embodiments or aspects, other embodiments or aspects are possible.
For example, the primary processing unit 110 may be configured to execute the instructions of the secondary controller unit bootloaders 138 instead.
In addition, the primary controller unit bootloader 128 and the 20 secondary controller unit bootloaders 138 may be stored in the memory device 106 instead.
Furthermore, the step of storing of the secondary controller unit firmware programs 124 in the memory device 106 or the primary memory device 112, at step 212, maybe performed before the step of executing by the primary processing unit 110 of the instructions of the primary controller unit bootloader 128, at step 204.
Therefore, the spirit and scope of the appended claims should not be limited to the description of the embodiments contained herein.
All features disclosed in this specification (including the appended claims, abstract, and accompanying drawings) may be replaced by alternative features serving the same, equivalent, or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.

Claims (20)

  1. PATENT CLAIMS1. A computer secure boot system (100) comprising: a memory device (106, 112) for storing a secondary con-5 troller unit firmware program (124); a primary processing unit (110, 111) of a primary controller unit (102) for authenticating the secondary controller unit firmware program (124) stored in the memory device (106, 112); and a secondary controller unit (104) for running the secondary controller unit firmware program (124) stored in the memory device (106, 112) in order to boot the secondary controller unit (104) up.
  2. 2. The computer secure boot system (100) of claim 1, wherein the memory device (106, 112) comprises a nonvolatile memory device (116, 142) for storing the secondary controller unit firmware program (124).
  3. 3. The computer secure boot system (100) of any one of the preceding claims, further comprising the secondary controller unit firmware program (124) configured to be stored in the memory device (106, 112).
  4. 4. The computer secure boot system (100) of any one of the preceding claims, wherein the memory device (112) is comprised in the primary controller unit (102).
  5. 5. The computer secure boot system (100) of any one of the preceding claims, further comprising an authentication program (120) comprising instructions, that when executed, is configured to authenticate the secondary controller unit firmware program (124) stored in the memory device (106, 112).
  6. 6. The computer secure boot system (100) of claim 5, wherein the authentication program (120) is configured to be stored in the memory device (106, 112).
  7. 7. The computer secure boot system (100) of any one of claims 5-6, wherein the memory device (106, 112) comprises a secure memory section (118, 144) and the authentication program (120) is configured to be stored in the secure memory section (118, 144) of the memory device (106, 112).
  8. 8. The computer secure boot system (100) of any one of the preceding claims, wherein the secondary controller unit (104) comprises a secondary controller unit bootloader (138) con-figured to run the second controller unit firmware program stored in the memory device (106, 112) in order to boot the secondary controller unit (104) up.
  9. 9. The computer secure boot system (100) of any one of the preceding claims, further comprising a trigger program (122) comprising instructions, that when executed, is configured to trigger the secondary controller unit (104) to boot up.
  10. 10. The computer secure boot system (100) of claim 9, wherein 20 the trigger program (122) is configured to be stored in the memory device (106, 112).
  11. 11. The computer secure boot system (100) of any one of the preceding claims, further comprisingapluralityofthesecondary 25 controller units (104).
  12. 12. The computer secure boot system (100) of any one of the preceding claims, further comprising a network connector configured to operatively connect the secondary controller unit (104) or the secondary controller units (104) and the primary processing unit (110, 111) of the primary controller unit (102) into a distributed network system.
  13. 13. A network comprising the computer secure boot system (100) 35 of any one of the preceding claims.
  14. 14. A computer secure boot method (200) using the computer boot system (100) of any one of claims 1-12, the method (200) comprising the steps of: storing the secondary controller unit firmware program (124) on the memory device (106, 112); authenticating, by the primary processing unit (110, 111) of the primary controller unit (102), the secondary controller unit firmware program (124) stored in the memory device (106, 112); and running, by the secondary controller unit (104), the secondary controller unit firmware program (124) stored in the memory device (106, 112).
  15. 15. A vehicle (150) comprising the computer secure hoot system (100) of any one of claims 1-12.
  16. 16. An embedded system (160) comprising the computer secure boot system (100) of any one of claims 1-11.
  17. 17. A vehicular computer secure boot system (100) comprising: a memory device (106, 112) for storing a secondary controller unit firmware program (124); a primary processing unit (110, 111) of a primary controller unit (102) for authenticating the secondary controller unit 25 firmware program (124) stored in the memory device (106, 112); and a secondary controller unit (104) for running the secondary controller unit firmware program (124) stored in the memory device (106, 112) in order to boot the secondary controller unit (104) up.
  18. 18. A non-transitory computer-readable medium with instructions stored thereon, that when executed, perform a computer secure boot method (200) comprising the steps of: providing a secondary controller unit (104) and a memory device (106, 112) not comprised in the secondary controller unit (104); storing a secondary controller unit firmware program (124) on the memory device (106, 112); authenticating, by a primary processing unit (110, 111) of a primary controller unit (102), the secondary controller unit 5 firmware program (124) stored in the memory device (106, 112); and running, by the secondary controller unit (104), the secondary controller unit firmware program (124) stored in the memory device (106, 112).
  19. 19. A computer-implemented secure boot method (200) comprising the steps of: providing a secondary controller unit (104) and a memory device (106, 112) not comprised in the secondary controller unit (104); storing a secondary controller unit firmware program (124) on the memory device (106, 112); authenticating, by a primary processing unit (110, 111) of a primary controller unit (102), the secondary controller unit 20 firmware program (124) stored in the memory device (106, 112); and running, by the secondary controller unit (104), the secondary controller unit firmware program (124) stored in the memory device (106, 112).
  20. 20. A computer secure boot system (100) comprising: a memory device (112) for storing a secondary controller unit firmware program (124); wherein the memory device (112) comprises a nonvolatile 30 memory device (116) for storing the secondary controller unit firmware program (124), and the nonvolatile memory device (116) comprises a secure memory section (118); the secondary controller unit firmware program (124) configured to be stored in the nonvolatile memory device (116) ; a primary processing unit (110, 111) of a primary controller unit (102) for authenticating the secondary controller unit firmware program (124) stored in the nonvolatile memory device (116); wherein the memory device (112) is comprised in the primary controller unit (102); a secondary controller unit (104) for running the secondary controller unit firmware program (124) stored in the nonvolatile 5 memory device (116) in order to boot the secondary controller unit (104) up; wherein the secondary controller unit (104) comprises a secondary controller unit bootloader (138) configured to run the second controller unit firmware program stored in the nonvolatile memory device (116) in order to boot the secondary controller unit (104) up; an authentication program (120) comprising instructions, that when executed, is configured to authenticate the secondary controller unit firmware program (124) stored in the nonvolatile 15 memory device (116); wherein the authentication program (120) is configured to be stored in the secure memory section (118) of the nonvolatile memory device (116); and a trigger program (122) comprising instructions, that when 20 executed, is configured to trigger the secondary controller unit (104) to boot up; wherein the trigger program (122) is configured to be stored in the nonvolatile memory device (116).
GB2008064.4A 2020-05-29 2020-05-29 Computer secure boot method and system Withdrawn GB2595509A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2008064.4A GB2595509A (en) 2020-05-29 2020-05-29 Computer secure boot method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2008064.4A GB2595509A (en) 2020-05-29 2020-05-29 Computer secure boot method and system

Publications (2)

Publication Number Publication Date
GB202008064D0 GB202008064D0 (en) 2020-07-15
GB2595509A true GB2595509A (en) 2021-12-01

Family

ID=71526455

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2008064.4A Withdrawn GB2595509A (en) 2020-05-29 2020-05-29 Computer secure boot method and system

Country Status (1)

Country Link
GB (1) GB2595509A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022128183B3 (en) 2022-10-25 2023-12-07 Audi Aktiengesellschaft Method for starting a data processing device, data processing device and motor vehicle

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150121054A1 (en) * 2013-10-31 2015-04-30 Advanced Micro Devices, Inc. Platform Secure Boot
WO2018127393A1 (en) * 2017-01-04 2018-07-12 Connaught Electronics Ltd. Control system for a motor vehicle, with a central control device and multiple further control devices
CN108363918A (en) * 2017-04-28 2018-08-03 清华大学 Processor operating system is booted up method, apparatus and processor system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150121054A1 (en) * 2013-10-31 2015-04-30 Advanced Micro Devices, Inc. Platform Secure Boot
WO2018127393A1 (en) * 2017-01-04 2018-07-12 Connaught Electronics Ltd. Control system for a motor vehicle, with a central control device and multiple further control devices
CN108363918A (en) * 2017-04-28 2018-08-03 清华大学 Processor operating system is booted up method, apparatus and processor system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RICHARD PETRI ET AL: "Evaluation of lightweight TPMs for automotive software updates over the air: Paper presented at 4th escar USA, The World's Leading Automotive Cyber Security Conference, Detroit, MI, June 1-2, 2016", 1 January 2016 (2016-01-01), XP055674768, Retrieved from the Internet <URL:http://ftp.pwg.org/pub/pwg/liaison/escar/tpm_paper_2016_0513_final.pdf> *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022128183B3 (en) 2022-10-25 2023-12-07 Audi Aktiengesellschaft Method for starting a data processing device, data processing device and motor vehicle

Also Published As

Publication number Publication date
GB202008064D0 (en) 2020-07-15

Similar Documents

Publication Publication Date Title
US8775784B2 (en) Secure boot up of a computer based on a hardware based root of trust
US9191202B2 (en) Information processing device and computer program product
US10585676B2 (en) Authorizing a bios policy change for storage
EP2681689B1 (en) Protecting operating system configuration values
KR101567620B1 (en) Secure memory management system and method
WO2019104988A1 (en) Plc security processing unit and bus arbitration method thereof
US10318765B2 (en) Protecting critical data structures in an embedded hypervisor system
US9563769B2 (en) System and method for secure loading data in a cache memory
US20160275019A1 (en) Method and apparatus for protecting dynamic libraries
US11520596B2 (en) Selective boot sequence controller for resilient storage memory
TW201319863A (en) Method and system for preventing execution of malware
JP2016531508A (en) Data secure storage
US8683212B2 (en) Method and system for securely loading code in a security processor
US10803176B2 (en) Bios security
US9256756B2 (en) Method of encryption and decryption for shared library in open operating system
US11416604B2 (en) Enclave handling on an execution platform
US11336444B2 (en) Hardware security module for verifying executable code, device having hardware security module, and method of operating device
US11461479B2 (en) Computing device and method for operating same
CN104899524A (en) Central processing unit and method for verifying data of main board
GB2595509A (en) Computer secure boot method and system
EP3440586B1 (en) Method for write-protecting boot code if boot sequence integrity check fails
US11520595B2 (en) Industrial internet of things gateway boot methods
WO2016024967A1 (en) Secure non-volatile random access memory
CN112470153A (en) Secure data processing
CN106233266A (en) The accumulator system of safety and method thereof

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)