Verified boot

摘要

A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.

主权项

1. A computer-implemented method, comprising:
determining that a device is in at least one of a locked or verified state upon initiation of a boot process, wherein the boot process corresponds to a time from when the device is activated until a runtime environment is operating on the device; determining that a selected keystore comprising a plurality of keys for a boot image does not verify against a first key during the boot process, wherein the first key comprises an alphanumeric code known only to the computing device; responsive to determining that the selected keystore does not verify against the first key, providing a prompt that asks whether the device may continue to boot process or not; receiving a response to the prompt instructing the device to continue the boot process; determining that the boot image verifies against the selected keystore during the boot process; and finishing the boot process of the device using the boot image.