| 发明名称 |
Mediated secure boot for single or multicore processors |
| 摘要 |
A system and methods are disclosed for securely booting a processing system using a three step secure booting process. Several embodiments are presented, wherein upon power-on-reset, the first boot step uses a secure boot device comprising of a programmable device or an FPGA which boots up first, validates its configuration file and then validates the processor(s) configuration data before presenting the configuration data to the processor(s). This enables validation of ‘pre-boot’ information, such as the Reset Control Word and pre-boot processor configuration data. The second and third boot steps validate the internal secure boot code and external boot code respectively using one or more of secure validation techniques, such as encryption/decryption, Key mechanisms, privilege checking, pointer hashing or signature correlation schemes. This results in an end-to-end secure boot process for a variety of architectures, such as single processor systems, synchronous and asynchronous multiprocessing systems, single core systems and multi-core processing systems. |
| 申请公布号 |
US9536094(B2) |
申请公布日期 |
2017.01.03 |
| 申请号 |
US201414154015 |
申请日期 |
2014.01.13 |
| 申请人 |
RAYTHEON COMPANY |
发明人 |
Woolley Brandon;Cramer Norman;Mcfarland Brian;Hammond Matthew |
| 分类号 |
G06F9/24;G06F15/177;G06F1/24;G06F11/00;G06F12/14;G06F21/57;G06F9/445;G06F9/44 |
主分类号 |
G06F9/24 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A processing system comprising:
one or more secure boot devices, each of the one or more secure boot devices comprising a programmable logic device or a Field Programmable Gate Array (FPGA); and one or more processors or processing cores configured via programming to read processor configuration data upon power-on-reset from the one or more secure boot devices as part of a boot sequence, wherein at power-on-reset, the one or more secure boot devices are configured via programming to fetch and validate for conformance to one or more security rules some or all of the processor configuration data before the processor configuration data are presented to the one or more processors or processing cores, and wherein the one or more processors or processing cores are further configured via a to validate a first pointer to an internal command sequence file and commands for an Internal Secure Boot Code (ISBC) phase using one or more first security checks before executing the ISBC phase. |
| 地址 |
Waltham MA US |
