| 发明名称 | Methods and apparatuses for recovering usage of trusted platform module | ||
| 摘要 | Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic. | ||
| 申请公布号 | US8812828(B2) | 申请公布日期 | 2014.08.19 |
| 申请号 | US201012947218 | 申请日期 | 2010.11.16 |
| 申请人 | Intel Corporation | 发明人 | Datta Shamanna M.;Natu Mahesh S. |
| 分类号 | G06F9/24;G06F21/57;G06F21/00;G06F11/07 | 主分类号 | G06F9/24 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A method comprising: performing pre-initialization of a trusted platform module (TPM) in response to a hardware reset; and determining whether a hardware-based root of trust logic is enabled or disabled based on a configuration policy record stored in a non-volatile memory location, wherein if the hardware-based root of trust logic is enabled: initializing, via an authenticated code module, the TPM and performing binary measurement on basic input/output system (BIOS) code using the hardware-based root of trust logic, anddetermining whether a status returned from the authenticated code module is indicative of an error, wherein a firmware interface table (FIT) provides status bits relating to the error,wherein if the status is not indicative of an error: performing a trusted platform process on extended BIOS components using a BIOS root of trust logic,wherein if the status is indicative of an error: writing to the non-volatile memory location to disable the hardware-based root of trust logic in a next boot sequence, andcausing a hardware reset, and wherein if the hardware-based root of trust logic is disabled: initializing, via the BIOS, the TPM and performing the trusted platform process using the BIOS root of trust logic. | ||
| 地址 | Santa Clara CA US | ||