SYSTEMS AND METHODS FOR SECURELY BOOTING A COMPUTER WITH A TRUSTED PROCESSING MODULE

In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypt boot component may then...

Full description

Saved in:
Bibliographic Details
Main Authors Schwartz Jr., James Anthony, Hunter, Jamie, England, Paul, Thom, Stefan, Ray, Kenneth D, Humphries, Russell, Schwartz, Jonathan D
Format Patent
LanguageEnglish
French
German
Published 29.01.2020
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypt boot component may then be calculated and the results can be placed in a PCR: The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.
Bibliography:Application Number: EP20160187390