VERIFIED BOOT AND KEY ROTATION

VERIFIED BOOT AND KEY ROTATION

The invention provides methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: KRAHN DARREN DAVID, ZEUTHEN DAVID, DEYMONNAZ ALEJANDRO MARTIN
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device. 用于经验证的引导和密钥轮转的方法、系统和装置,包括计算机可读介质。在一些实施方式中,设备从该设备的安全数据存储区域提取公共密钥。该设备提取用于中间密钥的第一证书和用于签署密钥的第二证书,该第一证书和第二证书是从系统映像所提取的。该设备使用该公共密钥来验证该第一证书的签名。在验证该第一证书的签名之后,该设备使用该第一证书中的公共密钥来验证该第二证书。响应于验证该第二证书,该设备在该设备的引导过程期间加载该系统映像。