Out-of-band host OS boot sequence verification

摘要

Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

主权项

1. A system for verifying a host operating system, the system comprising:
computer system memory; a first computer processor, separate but coupled with the computer system memory to operate out-of-band of the host operating system, which is to be executed on a second computer processor, wherein the first computer processor is an embedded processor co-located with the second computer processor on a computing platform, and the first computer processor is to:
access one or more components of the host operating system in the computer system memory during a boot of the host operating system;generate one or more signatures for the accessed one or more components; andcompare the one or more generated signatures to one or more trusted signatures.