Attesting a component of a system during a boot process

摘要

A method, apparatus and program product for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.

主权项

1. An apparatus for attesting a component of a system during a boot process, comprising a processor coupled to a memory that contains instructions that are executable by the processor to perform steps of:
verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system, wherein the requesting step further comprises retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; if the current input data matches the enrollment data in response to the comparing step, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.