发明名称 |
Secure computer system update |
摘要 |
In one embodiment a computer system, comprises a processor, a trusted platform module comprising at least one platform configuration register, a basic input/output system, and logic to unseal at least one current key in the trusted platform module, initiate an update to the basic input/output system, obtain, with the update, at least a component of one expected value for a platform configuration register in the trusted platform module, seal at least one key using the at least one expected value for a platform configuration register, and install the basic input/output system update. |
申请公布号 |
US9026771(B2) |
申请公布日期 |
2015.05.05 |
申请号 |
US200711796165 |
申请日期 |
2007.04.27 |
申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
Ibrahim Wael;Novoa Manuel |
分类号 |
G06F9/24;G06F15/177;G06F21/57;G06F21/10;H04L29/06;H04L9/08;G06F21/00 |
主分类号 |
G06F9/24 |
代理机构 |
Caven & Aghevli LLC |
代理人 |
Caven & Aghevli LLC |
主权项 |
1. A method to update a basic input/output system of a computer system, comprising:
unsealing at least one current key in a trusted platform module of the computer system; initiating an update to the basic input/output system, including communicating an identifier of the basic input/output system to an update module; receiving the update from the update module, including obtaining, with the update, an expected value for a platform configuration register in the trusted platform module following the update, wherein the expected value is determined using the identifier; sealing at least one key using the expected value for the platform configuration register; and installing the basic input/output system update, wherein the update module resides on a server, and the computer system comprises a client communicatively coupled to the server via a communication network. |
地址 |
Houston TX US |