TWI498768B - 具有安全啟動機制之電腦系統、啟動電腦系統的方法、及中央處理單元 - Google Patents

具有安全啟動機制之電腦系統、啟動電腦系統的方法、及中央處理單元 Download PDF

Info

Publication number
TWI498768B
TWI498768B TW098106104A TW98106104A TWI498768B TW I498768 B TWI498768 B TW I498768B TW 098106104 A TW098106104 A TW 098106104A TW 98106104 A TW98106104 A TW 98106104A TW I498768 B TWI498768 B TW I498768B
Authority
TW
Taiwan
Prior art keywords
data
processing unit
central processing
volatile memory
memory
Prior art date
Application number
TW098106104A
Other languages
English (en)
Chinese (zh)
Other versions
TW200943123A (en
Inventor
Ralf Findeisen
Michael Grell
Tim Edward Perley
Marc Edwin Jones
Frank Schuecke
Original Assignee
Globalfoundries Us Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Globalfoundries Us Inc filed Critical Globalfoundries Us Inc
Publication of TW200943123A publication Critical patent/TW200943123A/zh
Application granted granted Critical
Publication of TWI498768B publication Critical patent/TWI498768B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
TW098106104A 2008-02-29 2009-02-26 具有安全啟動機制之電腦系統、啟動電腦系統的方法、及中央處理單元 TWI498768B (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102008011925.3A DE102008011925B4 (de) 2008-02-29 2008-02-29 Sicheres Initialisieren von Computersystemen
US12/186,821 US8656146B2 (en) 2008-02-29 2008-08-06 Computer system comprising a secure boot mechanism

Publications (2)

Publication Number Publication Date
TW200943123A TW200943123A (en) 2009-10-16
TWI498768B true TWI498768B (zh) 2015-09-01

Family

ID=40911374

Family Applications (1)

Application Number Title Priority Date Filing Date
TW098106104A TWI498768B (zh) 2008-02-29 2009-02-26 具有安全啟動機制之電腦系統、啟動電腦系統的方法、及中央處理單元

Country Status (8)

Country Link
US (1) US8656146B2 (enExample)
EP (1) EP2250599A1 (enExample)
JP (1) JP2011527777A (enExample)
KR (1) KR101237527B1 (enExample)
CN (1) CN101965570B (enExample)
DE (1) DE102008011925B4 (enExample)
TW (1) TWI498768B (enExample)
WO (1) WO2009108371A1 (enExample)

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9582676B2 (en) * 2005-01-31 2017-02-28 Unisys Corporation Adding or replacing disks with re-key processing
US10776489B2 (en) 2007-03-06 2020-09-15 Unisys Corporation Methods and systems for providing and controlling cryptographic secure communications terminal operable to provide a plurality of desktop environments
US8522066B2 (en) * 2010-06-25 2013-08-27 Intel Corporation Providing silicon integrated code for a system
US11030305B2 (en) 2010-10-04 2021-06-08 Unisys Corporation Virtual relay device for providing a secure connection to a remote device
US8812828B2 (en) * 2010-11-16 2014-08-19 Intel Corporation Methods and apparatuses for recovering usage of trusted platform module
US8560845B2 (en) * 2011-01-14 2013-10-15 Apple Inc. System and method for tamper-resistant booting
US20120204254A1 (en) * 2011-02-04 2012-08-09 Motorola Mobility, Inc. Method and apparatus for managing security state transitions
US9021244B2 (en) * 2011-11-04 2015-04-28 Insyde Software Corp. Secure boot administration in a Unified Extensible Firmware Interface (UEFI)-compliant computing device
JP5441984B2 (ja) * 2011-11-08 2014-03-12 シャープ株式会社 電子機器システム、電子機器及び記憶媒体
US8775784B2 (en) 2011-11-11 2014-07-08 International Business Machines Corporation Secure boot up of a computer based on a hardware based root of trust
US20130173906A1 (en) * 2011-12-29 2013-07-04 Eric T. Obligacion Cloning storage devices through secure communications links
US9262637B2 (en) * 2012-03-29 2016-02-16 Cisco Technology, Inc. System and method for verifying integrity of platform object using locally stored measurement
US10339051B2 (en) 2012-04-30 2019-07-02 Hewlett Packard Enterprise Development Lp Configurable computer memory
US9047471B2 (en) * 2012-09-25 2015-06-02 Apple Inc. Security enclave processor boot control
US8873747B2 (en) 2012-09-25 2014-10-28 Apple Inc. Key management using security enclave processor
CN102929674B (zh) * 2012-11-02 2016-02-10 威盛电子股份有限公司 电子装置以及开机方法
US9881161B2 (en) 2012-12-06 2018-01-30 S-Printing Solution Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US20140164753A1 (en) * 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd System on chip for performing secure boot, image forming apparatus using the same, and method thereof
WO2014175862A1 (en) * 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Redundant system boot code in a secondary non-volatile memory
WO2014175867A1 (en) 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Verifying controller code and system boot code
US9235710B2 (en) 2013-05-23 2016-01-12 Cisco Technology, Inc. Out of band management of basic input/output system secure boot variables
KR101656092B1 (ko) * 2013-08-13 2016-09-08 윈본드 일렉트로닉스 코포레이션 비동기적인 인증을 갖는 보안 컴퓨팅 시스템
US9367689B2 (en) * 2013-11-13 2016-06-14 Via Technologies, Inc. Apparatus and method for securing BIOS in a trusted computing system
US10049217B2 (en) 2013-11-13 2018-08-14 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US10055588B2 (en) 2013-11-13 2018-08-21 Via Technologies, Inc. Event-based apparatus and method for securing BIOS in a trusted computing system during execution
US9507942B2 (en) * 2013-11-13 2016-11-29 Via Technologies, Inc. Secure BIOS mechanism in a trusted computing system
US9779243B2 (en) * 2013-11-13 2017-10-03 Via Technologies, Inc. Fuse-enabled secure BIOS mechanism in a trusted computing system
US9779242B2 (en) * 2013-11-13 2017-10-03 Via Technologies, Inc. Programmable secure bios mechanism in a trusted computing system
US9767288B2 (en) * 2013-11-13 2017-09-19 Via Technologies, Inc. JTAG-based secure BIOS mechanism in a trusted computing system
US9129113B2 (en) 2013-11-13 2015-09-08 Via Technologies, Inc. Partition-based apparatus and method for securing bios in a trusted computing system during execution
US9798880B2 (en) * 2013-11-13 2017-10-24 Via Technologies, Inc. Fuse-enabled secure bios mechanism with override feature
TWI560611B (en) * 2013-11-13 2016-12-01 Via Tech Inc Apparatus and method for securing bios
US9183394B2 (en) 2013-11-13 2015-11-10 Via Technologies, Inc. Secure BIOS tamper protection mechanism
US10095868B2 (en) 2013-11-13 2018-10-09 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
US9547767B2 (en) 2013-11-13 2017-01-17 Via Technologies, Inc. Event-based apparatus and method for securing bios in a trusted computing system during execution
KR20150078644A (ko) * 2013-12-31 2015-07-08 에릭슨엘지엔터프라이즈 주식회사 소프트웨어 이미지 이중화 방법 및 장치
KR102227263B1 (ko) * 2013-12-31 2021-03-15 삼성전자주식회사 보안 부트 변경 변경시스템, 방법 및 이 변경시스템을 구비한 전자장치
KR20150085301A (ko) * 2014-01-15 2015-07-23 삼성전자주식회사 메모리 시스템의 동작 방법 및 이를 포함하는 메모리 시스템의 초기화 방법
CN104866757B (zh) * 2014-02-24 2019-01-15 联想(北京)有限公司 一种验证方法及电子设备
WO2015147879A1 (en) * 2014-03-28 2015-10-01 Hewlett-Packard Development Company, L.P. Allowing use of a test key for a bios installation
CN105022589A (zh) * 2014-04-29 2015-11-04 光宝科技股份有限公司 电子装置及其操作方法
US9547778B1 (en) 2014-09-26 2017-01-17 Apple Inc. Secure public key acceleration
WO2016073411A2 (en) * 2014-11-03 2016-05-12 Rubicon Labs, Inc. System and method for a renewable secure boot
US11456876B2 (en) * 2015-03-26 2022-09-27 Assa Abloy Ab Virtual credentials and licenses
CN104866343A (zh) * 2015-05-15 2015-08-26 长城信息产业股份有限公司 一种嵌入式设备的安全启动方法及启动安全的嵌入式设备
CN104899524B (zh) * 2015-05-25 2018-11-27 上海兆芯集成电路有限公司 中央处理器和验证主机板数据的方法
CN104881345B (zh) * 2015-05-25 2018-10-23 上海兆芯集成电路有限公司 中央处理器和计算机开机自检的方法
US10467418B2 (en) * 2015-08-28 2019-11-05 Ncr Corporation Computer pre-boot security verification, enforcement, and remediation
US9996711B2 (en) * 2015-10-30 2018-06-12 Intel Corporation Asset protection of integrated circuits during transport
CN105681032B (zh) * 2016-01-08 2017-09-12 腾讯科技(深圳)有限公司 密钥存储方法、密钥管理方法及装置
US10242195B2 (en) * 2016-07-22 2019-03-26 Hewlett Packard Enterprise Development Lp Integrity values for beginning booting instructions
CN106484477B (zh) * 2016-10-11 2019-11-12 上海华虹集成电路有限责任公司 安全的软件下载与启动方法
US11455396B2 (en) * 2017-05-12 2022-09-27 Hewlett Packard Enterprise Development Lp Using trusted platform module (TPM) emulator engines to measure firmware images
AU2018321586B2 (en) 2017-08-22 2023-03-09 Absolute Software Corporation Firmware integrity check using silver measurements
CN109714303B (zh) 2017-10-25 2022-05-27 阿里巴巴集团控股有限公司 Bios启动方法及数据处理方法
CN109710315B (zh) 2017-10-25 2022-05-10 阿里巴巴集团控股有限公司 Bios刷写方法及bios镜像文件的处理方法
US10757087B2 (en) * 2018-01-02 2020-08-25 Winbond Electronics Corporation Secure client authentication based on conditional provisioning of code signature
US11741233B2 (en) 2018-06-11 2023-08-29 Hewlett-Packard Development Company, L.P. Overriding sub-system identifiers with protected variable values
JP7059127B2 (ja) * 2018-06-26 2022-04-25 キヤノン株式会社 起動時に実行されるソフトウェアの改ざんを検知する情報処理装置及びその制御方法
CN109446815B (zh) * 2018-09-30 2020-12-25 华为技术有限公司 基本输入输出系统固件的管理方法、装置和服务器
US11418335B2 (en) 2019-02-01 2022-08-16 Hewlett-Packard Development Company, L.P. Security credential derivation
US10726133B1 (en) * 2019-02-04 2020-07-28 Dell Products L.P. Securely loading UEFI images at runtime
US11520662B2 (en) 2019-02-11 2022-12-06 Hewlett-Packard Development Company, L.P. Recovery from corruption
JP7286381B2 (ja) * 2019-04-01 2023-06-05 キヤノン株式会社 情報処理装置とその制御方法
US11347856B2 (en) * 2019-05-24 2022-05-31 Dell Products L.P. Bios method to block compromised preboot features
US11657157B2 (en) * 2019-06-06 2023-05-23 Macronix International Co., Ltd. Secure boot system, method and apparatus
CN114424166A (zh) * 2019-08-28 2022-04-29 惠普发展公司,有限责任合伙企业 加密表签名
KR102798689B1 (ko) 2019-10-08 2025-04-23 한화비전 주식회사 보안 부팅 장치 및 그 동작 방법
TWI756631B (zh) 2020-02-12 2022-03-01 瑞昱半導體股份有限公司 具有韌體驗證機制的電腦系統及其韌體驗證方法
CN113282930B (zh) * 2020-02-19 2024-03-01 瑞昱半导体股份有限公司 具有固件验证机制的电脑系统及其固件验证方法
US11768611B2 (en) 2020-04-02 2023-09-26 Axiado Corporation Secure boot of a processing chip
US11528276B2 (en) 2020-04-16 2022-12-13 Bank Of America Corporation System for prevention of unauthorized access using authorized environment hash outputs
US11263109B2 (en) 2020-04-16 2022-03-01 Bank Of America Corporation Virtual environment system for validating executable data using accelerated time-based process execution
US11425123B2 (en) 2020-04-16 2022-08-23 Bank Of America Corporation System for network isolation of affected computing systems using environment hash outputs
US11481484B2 (en) 2020-04-16 2022-10-25 Bank Of America Corporation Virtual environment system for secure execution of program code using cryptographic hashes
US11423160B2 (en) 2020-04-16 2022-08-23 Bank Of America Corporation System for analysis and authorization for use of executable environment data in a computing system using hash outputs
CN113553115B (zh) * 2020-04-23 2024-09-10 上汽通用汽车有限公司 一种基于异构多核芯片的启动方法以及存储介质
FR3111441B1 (fr) 2020-06-10 2022-08-05 Proton World Int Nv Démarrage sécurisé d'un circuit électronique
US11372982B2 (en) 2020-07-02 2022-06-28 Bank Of America Corporation Centralized network environment for processing validated executable data based on authorized hash outputs
WO2022015292A1 (en) 2020-07-14 2022-01-20 Hewlett-Packard Development Company, L.P. Compute systems including a security processor
US12278830B2 (en) 2021-08-31 2025-04-15 Axiado Corporation Systems and methods using network artificial intelligence to manage control plane security in real-time
US20230083979A1 (en) * 2021-09-10 2023-03-16 Ampere Computing Llc Method and system for secure boot and rma intervention
US12450400B2 (en) * 2023-10-31 2025-10-21 Dell Products L.P. Out of band component validation
EP4579501A1 (en) * 2023-12-27 2025-07-02 Nxp B.V. Virtually immutable firmware attestation, recovery, and related security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI238357B (en) * 2002-11-27 2005-08-21 Intel Corp Providing a secure execution mode in a pre-boot environment
US20060107320A1 (en) * 2004-11-15 2006-05-18 Intel Corporation Secure boot scheme from external memory using internal memory
US20060112266A1 (en) * 2004-11-22 2006-05-25 Research In Motion Limited Method and device for authenticating software
WO2006086301A1 (en) * 2005-02-07 2006-08-17 Transmeta Corporation System and method for providing a secure boot architecture
TW200802082A (en) * 2006-03-30 2008-01-01 Silicon Image Inc Shared nonvolatile memory architecture

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07146788A (ja) * 1993-11-22 1995-06-06 Fujitsu Ltd ウイルス診断機構の作成システムと作成方法並びにウイルス診断機構と診断方法
JP3293760B2 (ja) * 1997-05-27 2002-06-17 株式会社エヌイーシー情報システムズ 改ざん検知機能付きコンピュータシステム
JPH1139158A (ja) * 1997-07-18 1999-02-12 Nippon Telegr & Teleph Corp <Ntt> 実行プログラムの保護方法およびその装置
US20010007131A1 (en) 1997-09-11 2001-07-05 Leonard J. Galasso Method for validating expansion roms using cryptography
JP2002366748A (ja) * 2001-06-05 2002-12-20 Dainippon Printing Co Ltd Icカードを利用した新規口座開設方式
JP2004348677A (ja) * 2003-05-26 2004-12-09 Sony Corp プログラムおよび情報処理方法
US8332652B2 (en) 2003-10-01 2012-12-11 International Business Machines Corporation Computing device that securely runs authorized software
JP2005227995A (ja) * 2004-02-12 2005-08-25 Sony Corp 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
US8291226B2 (en) * 2006-02-10 2012-10-16 Qualcomm Incorporated Method and apparatus for securely booting from an external storage device
CN1822013A (zh) * 2006-03-14 2006-08-23 上海一维科技有限公司 基于可信平台模块的指纹生物识别引擎系统及其识别方法
CN100504779C (zh) * 2006-06-30 2009-06-24 联想(北京)有限公司 一种加速bios运行的方法
CN1900939A (zh) * 2006-07-18 2007-01-24 上海一维科技有限公司 安全计算机的指纹生物识别装置及其识别方法
US8068614B2 (en) * 2007-09-28 2011-11-29 Intel Corporation Methods and apparatus for batch bound authentication
US8583908B2 (en) * 2007-12-31 2013-11-12 Intel Corporation Enhanced network and local boot of Unified Extensible Firmware Interface images
DE102008021567B4 (de) * 2008-04-30 2018-03-22 Globalfoundries Inc. Computersystem mit sicherem Hochlaufmechanismus auf der Grundlage einer Verschlüsselung mit symmetrischem Schlüssel

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI238357B (en) * 2002-11-27 2005-08-21 Intel Corp Providing a secure execution mode in a pre-boot environment
US20060107320A1 (en) * 2004-11-15 2006-05-18 Intel Corporation Secure boot scheme from external memory using internal memory
US20060112266A1 (en) * 2004-11-22 2006-05-25 Research In Motion Limited Method and device for authenticating software
WO2006086301A1 (en) * 2005-02-07 2006-08-17 Transmeta Corporation System and method for providing a secure boot architecture
TW200802082A (en) * 2006-03-30 2008-01-01 Silicon Image Inc Shared nonvolatile memory architecture

Also Published As

Publication number Publication date
DE102008011925A1 (de) 2009-09-03
EP2250599A1 (en) 2010-11-17
DE102008011925B4 (de) 2018-03-15
US8656146B2 (en) 2014-02-18
KR101237527B1 (ko) 2013-02-26
TW200943123A (en) 2009-10-16
US20090222653A1 (en) 2009-09-03
WO2009108371A1 (en) 2009-09-03
CN101965570A (zh) 2011-02-02
CN101965570B (zh) 2013-09-18
JP2011527777A (ja) 2011-11-04
KR20100125371A (ko) 2010-11-30

Similar Documents

Publication Publication Date Title
TWI498768B (zh) 具有安全啟動機制之電腦系統、啟動電腦系統的方法、及中央處理單元
US8464037B2 (en) Computer system comprising a secure boot mechanism on the basis of symmetric key encryption
CN103221961B (zh) 包括用于保护多用户敏感代码和数据的架构的方法和装置
CN101816004B (zh) 通过安全内核设计划分的安全策略
CN1647443B (zh) 帮助具有多个级别软件的集成系统的安全操作的方法和系统
JP5378460B2 (ja) 状態検証を使用した保護されたオペレーティングシステムブートのためのシステムおよび方法
US8166304B2 (en) Support for multiple security policies on a unified authentication architecture
EP2207121B1 (en) Protecting content on virtualized client platforms
US7308576B2 (en) Authenticated code module
US8261063B2 (en) Method and apparatus for managing a hierarchy of nodes
KR20170095161A (ko) 시큐어 시스템 온 칩
US8689318B2 (en) Trusted computing entities
US20050144448A1 (en) Transferring application secrets in a trusted operating system environment
US8438658B2 (en) Providing sealed storage in a data processing device
EP3440586B1 (en) Method for write-protecting boot code if boot sequence integrity check fails
US8108905B2 (en) System and method for an isolated process to control address translation
Muramoto et al. Improving Hardware Security on Talos II Architecture Through Boot Image Encryption
Amato et al. Mobile Systems Secure State Management
GB2397981A (en) method and apparatus for managing a hierarchy of nodes