Techniques for coordinating device boot security

Techniques for coordinating device boot security

Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Poornachandran, Rajesh, Zimmer, Vincent J, Yao, Jiewen, Mudusuru, Giri P, Li, Wei
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.