PROTECTED MODE FOR SECURING COMPUTING DEVICES

摘要

Methods and systems are disclosed for testing and/or validating that an untrusted device is operating according to an expected state or configuration. The methods and systems may be designed such that the volatile memory of the untrusted device is brought to a known state for validation, for example upon ingress to or egress from a protected mode of operation. The device may execute a first operating system when operating outside of the protected mode. Upon determining to transition to protected mode, an operational image of a second operating system may be loaded into the device. The device may write a pattern to unused memory for validation. The device may receive a first challenge request from a trusted monitor (TM). In order to be successfully validated, the device may answer the challenge correctly within a given response window based on the current state of its volatile memory.

主权项

1. A method implemented in a device to be secured for operating the device in a protected mode of operation, the method comprising:
operating the device outside of the protected mode, wherein the device executes a first operating system when operating outside of the protected mode; determining to transition the device into the protected mode; terminating the first operating system based on determining to transition the device into the protected mode; loading an operational image of a second operating system into the device based on determining to transition the device into the protected mode, wherein the operational image of the second operating system is copied to volatile memory; determining to transition the device out of the protected mode; and loading an operational image of the second operating system based on determining to transition the device out of the protected mode.