WO2007097700A3 - Method and system for secure software provisioning - Google Patents

Method and system for secure software provisioning Download PDF

Info

Publication number
WO2007097700A3
WO2007097700A3 PCT/SE2007/000169 SE2007000169W WO2007097700A3 WO 2007097700 A3 WO2007097700 A3 WO 2007097700A3 SE 2007000169 W SE2007000169 W SE 2007000169W WO 2007097700 A3 WO2007097700 A3 WO 2007097700A3
Authority
WO
WIPO (PCT)
Prior art keywords
software
bios
external media
boot
state
Prior art date
Application number
PCT/SE2007/000169
Other languages
French (fr)
Other versions
WO2007097700A2 (en
Inventor
Hans Thorsen
Original Assignee
Projectmill Ab
Hans Thorsen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Projectmill Ab, Hans Thorsen filed Critical Projectmill Ab
Priority to EP07709379A priority Critical patent/EP1999679A4/en
Priority to US12/279,771 priority patent/US8694763B2/en
Publication of WO2007097700A2 publication Critical patent/WO2007097700A2/en
Publication of WO2007097700A3 publication Critical patent/WO2007097700A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • G06F9/441Multiboot arrangements, i.e. selecting an operating system to be loaded

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

A method and system for the provisioning of software that enable large scale installation and management of software in computer units in a highly secure manner. The BIOS of the target computer unit is adapted such that upon power up the system attempts to boot from an external media. The BIOS features functions within the code for the implementing a system watchdog for assuring the system remains in a known state, a function for digital signature verification, and loads drivers for a file system. The external media includes the operating system (OS) image and other bootstrap files, each having been digitally signed with an asymmetric private key that corresponds to the public key. A programmable read-only parameter memory on the motherboard is configured to store the public keys and the (failure) state of the system independently of the primary and secondary media enabling reboot from an alternative boot path.
PCT/SE2007/000169 2006-02-24 2007-02-23 Method and system for secure software provisioning WO2007097700A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP07709379A EP1999679A4 (en) 2006-02-24 2007-02-23 Method and system for secure software provisioning
US12/279,771 US8694763B2 (en) 2006-02-24 2007-02-23 Method and system for secure software provisioning

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0600416-2 2006-02-24
SE0600416A SE531992C2 (en) 2006-02-24 2006-02-24 Method and system for secure software commissioning

Publications (2)

Publication Number Publication Date
WO2007097700A2 WO2007097700A2 (en) 2007-08-30
WO2007097700A3 true WO2007097700A3 (en) 2007-10-25

Family

ID=38437808

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2007/000169 WO2007097700A2 (en) 2006-02-24 2007-02-23 Method and system for secure software provisioning

Country Status (4)

Country Link
US (1) US8694763B2 (en)
EP (1) EP1999679A4 (en)
SE (1) SE531992C2 (en)
WO (1) WO2007097700A2 (en)

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9525666B2 (en) * 2005-01-31 2016-12-20 Unisys Corporation Methods and systems for managing concurrent unsecured and cryptographically secure communications across unsecured networks
US8254568B2 (en) 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
US8239688B2 (en) 2007-01-07 2012-08-07 Apple Inc. Securely recovering a computing device
SE532600C2 (en) 2007-06-29 2010-03-02 Oniteo Ab Method and system for secure provisioning of hardware
US7840687B2 (en) * 2007-07-11 2010-11-23 Intel Corporation Generic bootstrapping protocol (GBP)
US8286093B2 (en) * 2008-01-09 2012-10-09 Dell Products L.P. Replacement motherboard configuration
US8150039B2 (en) 2008-04-15 2012-04-03 Apple Inc. Single security model in booting a computing device
ATE530962T1 (en) * 2008-06-25 2011-11-15 Abb Research Ltd FLEXIBLE SMART ELECTRONIC DEVICE
US8095799B2 (en) * 2008-07-28 2012-01-10 Apple Inc. Ticket authorized secure installation and boot
US8127146B2 (en) 2008-09-30 2012-02-28 Microsoft Corporation Transparent trust validation of an unknown platform
US8510542B2 (en) * 2008-10-01 2013-08-13 Oracle International Corporation Flash memory device having memory partitions and including an embedded general purpose operating system for booting a computing device
US8768843B2 (en) 2009-01-15 2014-07-01 Igt EGM authentication mechanism using multiple key pairs at the BIOS with PKI
US9250672B2 (en) * 2009-05-27 2016-02-02 Red Hat, Inc. Cloning target machines in a software provisioning environment
US9134987B2 (en) 2009-05-29 2015-09-15 Red Hat, Inc. Retiring target machines by a provisioning server
US8296579B2 (en) * 2009-11-06 2012-10-23 Hewlett-Packard Development Company, L.P. System and method for updating a basic input/output system (BIOS)
JP5515904B2 (en) * 2010-03-17 2014-06-11 株式会社リコー Information processing system, management apparatus, information processing apparatus, installation processing method, program, and storage medium
US8694777B2 (en) * 2010-08-13 2014-04-08 International Business Machines Corporation Securely identifying host systems
TWI470420B (en) * 2011-04-27 2015-01-21 Wistron Corp Dubugging method and computer system using the smae
EP2521032A1 (en) * 2011-05-04 2012-11-07 Océ Print Logic Technologies S.A. Method for secure booting of a printer controller
US20130007726A1 (en) 2011-06-30 2013-01-03 Indrajit Poddar Virtual machine disk image installation
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US9904557B2 (en) 2011-09-30 2018-02-27 International Business Machines Corporation Provisioning of operating systems to user terminals
US9183415B2 (en) * 2011-12-01 2015-11-10 Microsoft Technology Licensing, Llc Regulating access using information regarding a host machine of a portable storage drive
US9098302B2 (en) * 2012-06-28 2015-08-04 Intel Corporation System and apparatus to improve boot speed in serial peripheral interface system using a baseboard management controller
CN102968588B (en) * 2012-12-20 2015-07-29 四川长虹电器股份有限公司 Intelligent terminal system
US9703697B2 (en) 2012-12-27 2017-07-11 Intel Corporation Sharing serial peripheral interface flash memory in a multi-node server system on chip platform environment
US9311475B2 (en) * 2013-08-30 2016-04-12 Vmware, Inc. Trusted execution of binaries and modules
US20150220348A1 (en) * 2014-02-04 2015-08-06 Bluedata Software, Inc. Computing system initiation
US10454919B2 (en) * 2014-02-26 2019-10-22 International Business Machines Corporation Secure component certificate provisioning
US20150278526A1 (en) * 2014-03-25 2015-10-01 Wipro Limited Computerized systems and methods for presenting security defects
CN106104561B (en) * 2014-03-28 2019-10-22 惠普发展公司,有限责任合伙企业 Allow the method and apparatus for installing and using test key for BIOS
CN103996001A (en) * 2014-05-21 2014-08-20 浪潮电子信息产业股份有限公司 Authorization encryption method for main board start authority control
EP2958039B1 (en) * 2014-06-16 2019-12-18 Vodafone GmbH Device for decrypting and providing content of a provider and method for operating the device
GB201413836D0 (en) 2014-08-05 2014-09-17 Arm Ip Ltd Device security apparatus and methods
US9608823B2 (en) * 2014-08-11 2017-03-28 Red Hat, Inc. Secure remote kernel module signing
US10474484B2 (en) * 2015-03-26 2019-11-12 Vmware, Inc. Offline management of virtualization software installed on a host computer
US9871895B2 (en) 2015-04-24 2018-01-16 Google Llc Apparatus and methods for optimizing dirty memory pages in embedded devices
EP3299986A4 (en) * 2015-05-20 2018-05-16 Fujitsu Limited Program verification method, verification program, and information processing device
GB2540965B (en) 2015-07-31 2019-01-30 Arm Ip Ltd Secure configuration data storage
GB2540961B (en) 2015-07-31 2019-09-18 Arm Ip Ltd Controlling configuration data storage
US10122533B1 (en) 2015-12-15 2018-11-06 Amazon Technologies, Inc. Configuration updates for access-restricted hosts
US10666517B2 (en) * 2015-12-15 2020-05-26 Microsoft Technology Licensing, Llc End-to-end automated servicing model for cloud computing platforms
US10425229B2 (en) 2016-02-12 2019-09-24 Microsoft Technology Licensing, Llc Secure provisioning of operating systems
US10467416B2 (en) 2017-06-16 2019-11-05 International Business Machines Corporation Securing operating system configuration using hardware
TW201913391A (en) * 2017-09-01 2019-04-01 慧榮科技股份有限公司 Methods for resetting a flash memory device and apparatuses using the same
GB2579056B (en) * 2018-11-16 2021-07-28 Trustonic Ltd Bootloader verification extension method
US10965551B2 (en) * 2018-11-21 2021-03-30 Microsoft Technology Licensing, Llc Secure count in cloud computing networks
JP7289641B2 (en) * 2018-11-30 2023-06-12 キヤノン株式会社 Information processing device and its control method
US11340894B2 (en) 2019-04-30 2022-05-24 JFrog, Ltd. Data file partition and replication
US11386233B2 (en) 2019-04-30 2022-07-12 JFrog, Ltd. Data bundle generation and deployment
US11886390B2 (en) 2019-04-30 2024-01-30 JFrog Ltd. Data file partition and replication
US11106554B2 (en) 2019-04-30 2021-08-31 JFrog, Ltd. Active-active environment control
US10972289B2 (en) 2019-07-19 2021-04-06 JFrog, Ltd. Software release verification
US11695829B2 (en) 2020-01-09 2023-07-04 JFrog Ltd. Peer-to-peer (P2P) downloading
US11860680B2 (en) 2020-11-24 2024-01-02 JFrog Ltd. Software pipeline and release validation
US20220269494A1 (en) * 2021-02-24 2022-08-25 Red Hat, Inc. Provisioning bare metal machines with a complex software product
US12061889B2 (en) 2021-10-29 2024-08-13 JFrog Ltd. Software release distribution across a hierarchical network
CN117492800B (en) * 2023-11-08 2024-04-19 珠海海奇半导体有限公司 Method for upgrading firmware through usb

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0606771A2 (en) * 1993-01-07 1994-07-20 International Business Machines Corporation Method and apparatus for providing enhanced data verification in a computer system
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
WO2001027770A1 (en) * 1999-10-08 2001-04-19 Centurion Tech Holdings Pty Ltd Security card
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
US20030196085A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for authenticating an operating system
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
US20050055566A1 (en) * 2003-09-10 2005-03-10 Tsu-Ti Huang Computer system and method for controlling the same
US20050138414A1 (en) * 2003-12-17 2005-06-23 Zimmer Vincent J. Methods and apparatus to support the storage of boot options and other integrity information on a portable token for use in a pre-operating system environment

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5742758A (en) * 1996-07-29 1998-04-21 International Business Machines Corporation Password protecting ROM based utilities in an adapter ROM
US6546547B1 (en) * 1999-09-22 2003-04-08 Cisco Technology, Inc. Method and system for an automated net booting tool
US6754818B1 (en) * 2000-08-31 2004-06-22 Sun Microsystems, Inc. Method and system for bootstrapping from a different boot image when computer system is turned on or reset
CN1122281C (en) * 2001-06-30 2003-09-24 深圳市朗科科技有限公司 Multifunctional semiconductor storage device
US7340638B2 (en) * 2003-01-30 2008-03-04 Microsoft Corporation Operating system update and boot failure recovery
SG138439A1 (en) * 2003-04-02 2008-01-28 Trek 2000 Int Ltd Portable operating system and method to load the same
US8095783B2 (en) * 2003-05-12 2012-01-10 Phoenix Technologies Ltd. Media boot loader
US8291226B2 (en) * 2006-02-10 2012-10-16 Qualcomm Incorporated Method and apparatus for securely booting from an external storage device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0606771A2 (en) * 1993-01-07 1994-07-20 International Business Machines Corporation Method and apparatus for providing enhanced data verification in a computer system
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
US20030196085A1 (en) * 1998-10-26 2003-10-16 Lampson Butler W. System and method for authenticating an operating system
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
WO2001027770A1 (en) * 1999-10-08 2001-04-19 Centurion Tech Holdings Pty Ltd Security card
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
US20050055566A1 (en) * 2003-09-10 2005-03-10 Tsu-Ti Huang Computer system and method for controlling the same
US20050138414A1 (en) * 2003-12-17 2005-06-23 Zimmer Vincent J. Methods and apparatus to support the storage of boot options and other integrity information on a portable token for use in a pre-operating system environment

Also Published As

Publication number Publication date
SE0600416L (en) 2007-08-25
US20100287363A1 (en) 2010-11-11
US8694763B2 (en) 2014-04-08
EP1999679A2 (en) 2008-12-10
WO2007097700A2 (en) 2007-08-30
SE531992C2 (en) 2009-09-22
EP1999679A4 (en) 2012-08-01

Similar Documents

Publication Publication Date Title
WO2007097700A3 (en) Method and system for secure software provisioning
US8850177B2 (en) System and method for validating components during a booting process
US8032942B2 (en) Configuration of virtual trusted platform module
EP2962241B1 (en) Continuation of trust for platform boot firmware
US9880908B2 (en) Recovering from compromised system boot code
EP3494471B1 (en) Systems and methods for secure recovery of host system code
US9026771B2 (en) Secure computer system update
US10733288B2 (en) Verifying controller code and system boot code
KR101232558B1 (en) Automated modular and secure boot firmware update
US8347071B2 (en) Converting virtual deployments to physical deployments to simplify management
EP2989583B1 (en) Configuring a system
US20120297177A1 (en) Hardware Assisted Operating System Switch
US11036863B2 (en) Validating an image using an embedded hash in an information handling system
US20110113181A1 (en) System and method for updating a basic input/output system (bios)
US20130013905A1 (en) Bios flash attack protection and notification
US8522356B2 (en) Information processing apparatus and information processing method
Hendricks et al. Secure bootstrap is not enough: Shoring up the trusted computing base
JP2010073193A (en) System and method to secure boot uefi firmware and uefi-aware operating system in mobile internet device (mid)
US11995188B2 (en) Method for faster and safe data backup using GPT remote access boot signatures to securely expose GPT partitions to cloud during OS crash
US20190042368A1 (en) System and Method to Enable Rapid Recovery of an Operating System Image of an Information Handling System after a Malicious Attack
TW202044022A (en) Update signals
CN113127879A (en) Trusted firmware starting method, electronic equipment and readable storage medium
TWI467485B (en) Verification of the basic input and output system update method, the computer can read the recording media and computer program products
Pirker et al. Dynamic enforcement of platform integrity
US20200293336A1 (en) Server and method of replacing a server in a network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2007709379

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 12279771

Country of ref document: US