发明名称 |
Methods and apparatuses for recovering usage of trusted platform module |
摘要 |
Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic. |
申请公布号 |
US8812828(B2) |
申请公布日期 |
2014.08.19 |
申请号 |
US201012947218 |
申请日期 |
2010.11.16 |
申请人 |
Intel Corporation |
发明人 |
Datta Shamanna M.;Natu Mahesh S. |
分类号 |
G06F9/24;G06F21/57;G06F21/00;G06F11/07 |
主分类号 |
G06F9/24 |
代理机构 |
Blakely, Sokoloff, Taylor & Zafman LLP |
代理人 |
Blakely, Sokoloff, Taylor & Zafman LLP |
主权项 |
1. A method comprising:
performing pre-initialization of a trusted platform module (TPM) in response to a hardware reset; and determining whether a hardware-based root of trust logic is enabled or disabled based on a configuration policy record stored in a non-volatile memory location, wherein if the hardware-based root of trust logic is enabled:
initializing, via an authenticated code module, the TPM and performing binary measurement on basic input/output system (BIOS) code using the hardware-based root of trust logic, anddetermining whether a status returned from the authenticated code module is indicative of an error, wherein a firmware interface table (FIT) provides status bits relating to the error,wherein if the status is not indicative of an error:
performing a trusted platform process on extended BIOS components using a BIOS root of trust logic,wherein if the status is indicative of an error:
writing to the non-volatile memory location to disable the hardware-based root of trust logic in a next boot sequence, andcausing a hardware reset, and wherein if the hardware-based root of trust logic is disabled:
initializing, via the BIOS, the TPM and performing the trusted platform process using the BIOS root of trust logic. |
地址 |
Santa Clara CA US |