Platform trust extension

摘要

A system and method of providing a platform trust extension for an information handling system is disclosed herein. The platform trust extension receives a notification that an application is selected for installation or execution on an information handling system. The identify of the application or the source of the application is identified based upon a signature of the application. The platform trust extension determines whether the application or the source of the application is semi-trusted based upon the signature of the application. If the application is semi-trusted, the platform trust extension permits the application to run at an additional trust level.

主权项

1. An information handling system comprising:
one or more processors; and a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to:
present a list of one or more applications installed at the information handling system;present a list of one or more applications available to be installed at the information handling system;present an application source associated with each of the list of one or more applications installed and the list of one or more applications available to be installed;enumerate one or more semi-trusted keys used to sign each of the list of one or more applications installed and the list of one or more applications available to be installed;present a key source associated with each of the one or more semi-trusted keys; andby a platform trust extension:
defining an additional trust level, wherein the additional trust level is granted a subset of permissions granted to the platform trust extension;maintaining the one or more semi-trusted keys;receiving a notification that at least one application from the list of one or more applications available to be installed or the list of one or more applications installed is selected for installation or execution on the information handling system;identifying the at least one application or the application source of the at least one application based, at least in part, on a signature of the at least one application;determining whether the at least one application or the application source of the at least one application is semi-trusted based at least in part upon the signature of the at least one application, wherein at least one of the one or more semi-trusted keys is used to sign the at least one application;setting the at least one application to run at the additional trust level if the at least one application or the application source of the at least one application and the at least one of the one or more semi-trusted keys are semi-trusted; andadding the one or more semi-trusted keys to a data store associated with the platform trust extension.