发明名称 |
SYSTEMS AND METHODS FOR SECURELY BOOTING A COMPUTER WITH A TRUSTED PROCESSING MODULE |
摘要 |
In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypt boot component may then be calculated and the results can be placed in a PCR: The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret. |
申请公布号 |
EP3125149(A1) |
申请公布日期 |
2017.02.01 |
申请号 |
EP20160187390 |
申请日期 |
2005.12.19 |
申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Schwartz Jr., James Anthony;Hunter, Jamie;Schwartz, Jonathan D.;Ray, Kenneth D.;England, Paul;Humphries, Russell;Thom, Stefan |
分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|