CN101965570B - 具有安全启动机制的计算机系统 - Google Patents

具有安全启动机制的计算机系统 Download PDF

Info

Publication number
CN101965570B
CN101965570B CN200980106728XA CN200980106728A CN101965570B CN 101965570 B CN101965570 B CN 101965570B CN 200980106728X A CN200980106728X A CN 200980106728XA CN 200980106728 A CN200980106728 A CN 200980106728A CN 101965570 B CN101965570 B CN 101965570B
Authority
CN
China
Prior art keywords
data
group
instruction
memory
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200980106728XA
Other languages
English (en)
Chinese (zh)
Other versions
CN101965570A (zh
Inventor
R·芬代斯
M·格雷尔
T·E·铂利
M·E·约内斯
F·许克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GlobalFoundries US Inc
Original Assignee
GlobalFoundries Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GlobalFoundries Inc filed Critical GlobalFoundries Inc
Publication of CN101965570A publication Critical patent/CN101965570A/zh
Application granted granted Critical
Publication of CN101965570B publication Critical patent/CN101965570B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN200980106728XA 2008-02-29 2009-02-27 具有安全启动机制的计算机系统 Active CN101965570B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
DE102008011925.3A DE102008011925B4 (de) 2008-02-29 2008-02-29 Sicheres Initialisieren von Computersystemen
DE102008011925.3 2008-02-29
US12/186,821 2008-08-06
US12/186,821 US8656146B2 (en) 2008-02-29 2008-08-06 Computer system comprising a secure boot mechanism
PCT/US2009/001289 WO2009108371A1 (en) 2008-02-29 2009-02-27 A computer system comprising a secure boot mechanism

Publications (2)

Publication Number Publication Date
CN101965570A CN101965570A (zh) 2011-02-02
CN101965570B true CN101965570B (zh) 2013-09-18

Family

ID=40911374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200980106728XA Active CN101965570B (zh) 2008-02-29 2009-02-27 具有安全启动机制的计算机系统

Country Status (8)

Country Link
US (1) US8656146B2 (enExample)
EP (1) EP2250599A1 (enExample)
JP (1) JP2011527777A (enExample)
KR (1) KR101237527B1 (enExample)
CN (1) CN101965570B (enExample)
DE (1) DE102008011925B4 (enExample)
TW (1) TWI498768B (enExample)
WO (1) WO2009108371A1 (enExample)

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9582676B2 (en) * 2005-01-31 2017-02-28 Unisys Corporation Adding or replacing disks with re-key processing
US10776489B2 (en) 2007-03-06 2020-09-15 Unisys Corporation Methods and systems for providing and controlling cryptographic secure communications terminal operable to provide a plurality of desktop environments
US8522066B2 (en) * 2010-06-25 2013-08-27 Intel Corporation Providing silicon integrated code for a system
US11030305B2 (en) 2010-10-04 2021-06-08 Unisys Corporation Virtual relay device for providing a secure connection to a remote device
US8812828B2 (en) * 2010-11-16 2014-08-19 Intel Corporation Methods and apparatuses for recovering usage of trusted platform module
US8560845B2 (en) * 2011-01-14 2013-10-15 Apple Inc. System and method for tamper-resistant booting
US20120204254A1 (en) * 2011-02-04 2012-08-09 Motorola Mobility, Inc. Method and apparatus for managing security state transitions
US9021244B2 (en) * 2011-11-04 2015-04-28 Insyde Software Corp. Secure boot administration in a Unified Extensible Firmware Interface (UEFI)-compliant computing device
JP5441984B2 (ja) * 2011-11-08 2014-03-12 シャープ株式会社 電子機器システム、電子機器及び記憶媒体
US8775784B2 (en) 2011-11-11 2014-07-08 International Business Machines Corporation Secure boot up of a computer based on a hardware based root of trust
US20130173906A1 (en) * 2011-12-29 2013-07-04 Eric T. Obligacion Cloning storage devices through secure communications links
US9262637B2 (en) * 2012-03-29 2016-02-16 Cisco Technology, Inc. System and method for verifying integrity of platform object using locally stored measurement
US10339051B2 (en) 2012-04-30 2019-07-02 Hewlett Packard Enterprise Development Lp Configurable computer memory
US9047471B2 (en) * 2012-09-25 2015-06-02 Apple Inc. Security enclave processor boot control
US8873747B2 (en) 2012-09-25 2014-10-28 Apple Inc. Key management using security enclave processor
CN102929674B (zh) * 2012-11-02 2016-02-10 威盛电子股份有限公司 电子装置以及开机方法
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US20140164753A1 (en) * 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd System on chip for performing secure boot, image forming apparatus using the same, and method thereof
WO2014175862A1 (en) * 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Redundant system boot code in a secondary non-volatile memory
WO2014175867A1 (en) 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Verifying controller code and system boot code
US9235710B2 (en) 2013-05-23 2016-01-12 Cisco Technology, Inc. Out of band management of basic input/output system secure boot variables
KR101656092B1 (ko) * 2013-08-13 2016-09-08 윈본드 일렉트로닉스 코포레이션 비동기적인 인증을 갖는 보안 컴퓨팅 시스템
US9367689B2 (en) * 2013-11-13 2016-06-14 Via Technologies, Inc. Apparatus and method for securing BIOS in a trusted computing system
US10049217B2 (en) 2013-11-13 2018-08-14 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US10055588B2 (en) 2013-11-13 2018-08-21 Via Technologies, Inc. Event-based apparatus and method for securing BIOS in a trusted computing system during execution
US9507942B2 (en) * 2013-11-13 2016-11-29 Via Technologies, Inc. Secure BIOS mechanism in a trusted computing system
US9779243B2 (en) * 2013-11-13 2017-10-03 Via Technologies, Inc. Fuse-enabled secure BIOS mechanism in a trusted computing system
US9779242B2 (en) * 2013-11-13 2017-10-03 Via Technologies, Inc. Programmable secure bios mechanism in a trusted computing system
US9767288B2 (en) * 2013-11-13 2017-09-19 Via Technologies, Inc. JTAG-based secure BIOS mechanism in a trusted computing system
US9129113B2 (en) 2013-11-13 2015-09-08 Via Technologies, Inc. Partition-based apparatus and method for securing bios in a trusted computing system during execution
US9798880B2 (en) * 2013-11-13 2017-10-24 Via Technologies, Inc. Fuse-enabled secure bios mechanism with override feature
TWI560611B (en) * 2013-11-13 2016-12-01 Via Tech Inc Apparatus and method for securing bios
US9183394B2 (en) 2013-11-13 2015-11-10 Via Technologies, Inc. Secure BIOS tamper protection mechanism
US10095868B2 (en) 2013-11-13 2018-10-09 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US9547767B2 (en) 2013-11-13 2017-01-17 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
KR20150078644A (ko) * 2013-12-31 2015-07-08 에릭슨엘지엔터프라이즈 주식회사 소프트웨어 이미지 이중화 방법 및 장치
KR102227263B1 (ko) * 2013-12-31 2021-03-15 삼성전자주식회사 보안 부트 변경 변경시스템, 방법 및 이 변경시스템을 구비한 전자장치
KR20150085301A (ko) * 2014-01-15 2015-07-23 삼성전자주식회사 메모리 시스템의 동작 방법 및 이를 포함하는 메모리 시스템의 초기화 방법
CN104866757B (zh) * 2014-02-24 2019-01-15 联想(北京)有限公司 一种验证方法及电子设备
WO2015147879A1 (en) * 2014-03-28 2015-10-01 Hewlett-Packard Development Company, L.P. Allowing use of a test key for a bios installation
CN105022589A (zh) * 2014-04-29 2015-11-04 光宝科技股份有限公司 电子装置及其操作方法
US9547778B1 (en) 2014-09-26 2017-01-17 Apple Inc. Secure public key acceleration
WO2016073411A2 (en) * 2014-11-03 2016-05-12 Rubicon Labs, Inc. System and method for a renewable secure boot
US11456876B2 (en) * 2015-03-26 2022-09-27 Assa Abloy Ab Virtual credentials and licenses
CN104866343A (zh) * 2015-05-15 2015-08-26 长城信息产业股份有限公司 一种嵌入式设备的安全启动方法及启动安全的嵌入式设备
CN104899524B (zh) * 2015-05-25 2018-11-27 上海兆芯集成电路有限公司 中央处理器和验证主机板数据的方法
CN104881345B (zh) * 2015-05-25 2018-10-23 上海兆芯集成电路有限公司 中央处理器和计算机开机自检的方法
US10467418B2 (en) * 2015-08-28 2019-11-05 Ncr Corporation Computer pre-boot security verification, enforcement, and remediation
US9996711B2 (en) * 2015-10-30 2018-06-12 Intel Corporation Asset protection of integrated circuits during transport
CN105681032B (zh) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 密钥存储方法、密钥管理方法及装置
US10242195B2 (en) * 2016-07-22 2019-03-26 Hewlett Packard Enterprise Development Lp Integrity values for beginning booting instructions
CN106484477B (zh) * 2016-10-11 2019-11-12 上海华虹集成电路有限责任公司 安全的软件下载与启动方法
US11455396B2 (en) * 2017-05-12 2022-09-27 Hewlett Packard Enterprise Development Lp Using trusted platform module (TPM) emulator engines to measure firmware images
AU2018321586B2 (en) 2017-08-22 2023-03-09 Absolute Software Corporation Firmware integrity check using silver measurements
CN109714303B (zh) 2017-10-25 2022-05-27 阿里巴巴集团控股有限公司 Bios启动方法及数据处理方法
CN109710315B (zh) 2017-10-25 2022-05-10 阿里巴巴集团控股有限公司 Bios刷写方法及bios镜像文件的处理方法
US10757087B2 (en) * 2018-01-02 2020-08-25 Winbond Electronics Corporation Secure client authentication based on conditional provisioning of code signature
US11741233B2 (en) 2018-06-11 2023-08-29 Hewlett-Packard Development Company, L.P. Overriding sub-system identifiers with protected variable values
JP7059127B2 (ja) * 2018-06-26 2022-04-25 キヤノン株式会社 起動時に実行されるソフトウェアの改ざんを検知する情報処理装置及びその制御方法
CN109446815B (zh) * 2018-09-30 2020-12-25 华为技术有限公司 基本输入输出系统固件的管理方法、装置和服务器
US11418335B2 (en) 2019-02-01 2022-08-16 Hewlett-Packard Development Company, L.P. Security credential derivation
US10726133B1 (en) * 2019-02-04 2020-07-28 Dell Products L.P. Securely loading UEFI images at runtime
US11520662B2 (en) 2019-02-11 2022-12-06 Hewlett-Packard Development Company, L.P. Recovery from corruption
JP7286381B2 (ja) * 2019-04-01 2023-06-05 キヤノン株式会社 情報処理装置とその制御方法
US11347856B2 (en) * 2019-05-24 2022-05-31 Dell Products L.P. Bios method to block compromised preboot features
US11657157B2 (en) * 2019-06-06 2023-05-23 Macronix International Co., Ltd. Secure boot system, method and apparatus
CN114424166A (zh) * 2019-08-28 2022-04-29 惠普发展公司,有限责任合伙企业 加密表签名
KR102798689B1 (ko) 2019-10-08 2025-04-23 한화비전 주식회사 보안 부팅 장치 및 그 동작 방법
TWI756631B (zh) 2020-02-12 2022-03-01 瑞昱半導體股份有限公司 具有韌體驗證機制的電腦系統及其韌體驗證方法
CN113282930B (zh) * 2020-02-19 2024-03-01 瑞昱半导体股份有限公司 具有固件验证机制的电脑系统及其固件验证方法
US11768611B2 (en) 2020-04-02 2023-09-26 Axiado Corporation Secure boot of a processing chip
US11528276B2 (en) 2020-04-16 2022-12-13 Bank Of America Corporation System for prevention of unauthorized access using authorized environment hash outputs
US11263109B2 (en) 2020-04-16 2022-03-01 Bank Of America Corporation Virtual environment system for validating executable data using accelerated time-based process execution
US11425123B2 (en) 2020-04-16 2022-08-23 Bank Of America Corporation System for network isolation of affected computing systems using environment hash outputs
US11481484B2 (en) 2020-04-16 2022-10-25 Bank Of America Corporation Virtual environment system for secure execution of program code using cryptographic hashes
US11423160B2 (en) 2020-04-16 2022-08-23 Bank Of America Corporation System for analysis and authorization for use of executable environment data in a computing system using hash outputs
CN113553115B (zh) * 2020-04-23 2024-09-10 上汽通用汽车有限公司 一种基于异构多核芯片的启动方法以及存储介质
FR3111441B1 (fr) 2020-06-10 2022-08-05 Proton World Int Nv Démarrage sécurisé d'un circuit électronique
US11372982B2 (en) 2020-07-02 2022-06-28 Bank Of America Corporation Centralized network environment for processing validated executable data based on authorized hash outputs
WO2022015292A1 (en) 2020-07-14 2022-01-20 Hewlett-Packard Development Company, L.P. Compute systems including a security processor
US12278830B2 (en) 2021-08-31 2025-04-15 Axiado Corporation Systems and methods using network artificial intelligence to manage control plane security in real-time
US20230083979A1 (en) * 2021-09-10 2023-03-16 Ampere Computing Llc Method and system for secure boot and rma intervention
US12450400B2 (en) * 2023-10-31 2025-10-21 Dell Products L.P. Out of band component validation
EP4579501A1 (en) * 2023-12-27 2025-07-02 Nxp B.V. Virtually immutable firmware attestation, recovery, and related security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1659472A1 (en) * 2004-11-22 2006-05-24 Research In Motion Limited Method and Device for Authenticating Software
CN1822013A (zh) * 2006-03-14 2006-08-23 上海一维科技有限公司 基于可信平台模块的指纹生物识别引擎系统及其识别方法
CN1900939A (zh) * 2006-07-18 2007-01-24 上海一维科技有限公司 安全计算机的指纹生物识别装置及其识别方法

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07146788A (ja) * 1993-11-22 1995-06-06 Fujitsu Ltd ウイルス診断機構の作成システムと作成方法並びにウイルス診断機構と診断方法
JP3293760B2 (ja) * 1997-05-27 2002-06-17 株式会社エヌイーシー情報システムズ 改ざん検知機能付きコンピュータシステム
JPH1139158A (ja) * 1997-07-18 1999-02-12 Nippon Telegr & Teleph Corp <Ntt> 実行プログラムの保護方法およびその装置
US20010007131A1 (en) 1997-09-11 2001-07-05 Leonard J. Galasso Method for validating expansion roms using cryptography
JP2002366748A (ja) * 2001-06-05 2002-12-20 Dainippon Printing Co Ltd Icカードを利用した新規口座開設方式
US7974416B2 (en) * 2002-11-27 2011-07-05 Intel Corporation Providing a secure execution mode in a pre-boot environment
JP2004348677A (ja) * 2003-05-26 2004-12-09 Sony Corp プログラムおよび情報処理方法
US8332652B2 (en) 2003-10-01 2012-12-11 International Business Machines Corporation Computing device that securely runs authorized software
JP2005227995A (ja) * 2004-02-12 2005-08-25 Sony Corp 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
US8667580B2 (en) * 2004-11-15 2014-03-04 Intel Corporation Secure boot scheme from external memory using internal memory
US20060179308A1 (en) * 2005-02-07 2006-08-10 Andrew Morgan System and method for providing a secure boot architecture
US8291226B2 (en) * 2006-02-10 2012-10-16 Qualcomm Incorporated Method and apparatus for securely booting from an external storage device
JP5188493B2 (ja) * 2006-03-30 2013-04-24 シリコン イメージ,インコーポレイテッド 可変のポート速度を有するマルチポート・メモリ・デバイス
CN100504779C (zh) * 2006-06-30 2009-06-24 联想(北京)有限公司 一种加速bios运行的方法
US8068614B2 (en) * 2007-09-28 2011-11-29 Intel Corporation Methods and apparatus for batch bound authentication
US8583908B2 (en) * 2007-12-31 2013-11-12 Intel Corporation Enhanced network and local boot of Unified Extensible Firmware Interface images
DE102008021567B4 (de) * 2008-04-30 2018-03-22 Globalfoundries Inc. Computersystem mit sicherem Hochlaufmechanismus auf der Grundlage einer Verschlüsselung mit symmetrischem Schlüssel

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1659472A1 (en) * 2004-11-22 2006-05-24 Research In Motion Limited Method and Device for Authenticating Software
CN1822013A (zh) * 2006-03-14 2006-08-23 上海一维科技有限公司 基于可信平台模块的指纹生物识别引擎系统及其识别方法
CN1900939A (zh) * 2006-07-18 2007-01-24 上海一维科技有限公司 安全计算机的指纹生物识别装置及其识别方法

Also Published As

Publication number Publication date
DE102008011925A1 (de) 2009-09-03
EP2250599A1 (en) 2010-11-17
DE102008011925B4 (de) 2018-03-15
US8656146B2 (en) 2014-02-18
KR101237527B1 (ko) 2013-02-26
TW200943123A (en) 2009-10-16
US20090222653A1 (en) 2009-09-03
WO2009108371A1 (en) 2009-09-03
CN101965570A (zh) 2011-02-02
JP2011527777A (ja) 2011-11-04
KR20100125371A (ko) 2010-11-30
TWI498768B (zh) 2015-09-01

Similar Documents

Publication Publication Date Title
CN101965570B (zh) 具有安全启动机制的计算机系统
US8464037B2 (en) Computer system comprising a secure boot mechanism on the basis of symmetric key encryption
JP5378460B2 (ja) 状態検証を使用した保護されたオペレーティングシステムブートのためのシステムおよび方法
US9762399B2 (en) System and method for validating program execution at run-time using control flow signatures
CN1647443B (zh) 帮助具有多个级别软件的集成系统的安全操作的方法和系统
US7421588B2 (en) Apparatus, system, and method for sealing a data repository to a trusted computing platform
US7243230B2 (en) Transferring application secrets in a trusted operating system environment
US7137004B2 (en) Manifest-based trusted agent management in a trusted operating system environment
US7318150B2 (en) System and method to support platform firmware as a trusted process
US7159240B2 (en) Operating system upgrades in a trusted operating system environment
US8478973B2 (en) System and method for providing a secure application fragmentation environment
US8261063B2 (en) Method and apparatus for managing a hierarchy of nodes
US8438658B2 (en) Providing sealed storage in a data processing device
TW202141321A (zh) 安全儲存及載入韌體的方法及電子裝置
KR20170095161A (ko) 시큐어 시스템 온 칩
CN119293791A (zh) 一种基于risc-v架构服务器的固件加密系统及方法
JP4791250B2 (ja) マイクロコンピュータおよびそのソフトウェア改竄防止方法
US8108905B2 (en) System and method for an isolated process to control address translation
Muramoto et al. Improving Hardware Security on Talos II Architecture Through Boot Image Encryption
HK40068985A (en) Virtual environment type validation for policy enforcement
GB2397981A (en) method and apparatus for managing a hierarchy of nodes

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: GLOBALFOUNDRIES SEMICONDUCTOR INC.

Free format text: FORMER OWNER: ADVANCED MICRO DEVICES INC.

Effective date: 20121109

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20121109

Address after: Grand Cayman, Cayman Islands

Applicant after: Globalfoundries Semiconductor Inc.

Address before: American California

Applicant before: Advanced Micro Devices Inc.

C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210301

Address after: California, USA

Patentee after: Lattice chip (USA) integrated circuit technology Co.,Ltd.

Address before: Grand Cayman Islands

Patentee before: GLOBALFOUNDRIES Inc.