Secure boot up of a computer based on a hardware based root of trust

摘要

A method includes performing a boot up of a computer having a system on-chip having multiple processors and a nonvolatile read-only machine-readable medium. The boot up includes enabling a first processor of the multiple processors, while maintaining others of the multiple processors in a disabled state. The boot up includes retrieving initial stage instructions from the nonvolatile read-only machine-readable medium. The boot up also includes executing the initial stage instructions and validating multiple stages of firmware separately. The boot up includes, in response to validating the multiple stages of firmware, executing the multiple stages of firmware in consecutive stages of the boot up, wherein executing of each stage of the multiple stages of firmware enables a different set of disabled hardware components of the computer. The boot up also includes validating an operating system and, in response to validation, transferring control of the computer to the operating system.

主权项

1. A method comprising:
performing a boot up of a computer having a system on-chip having multiple processors, a nonvolatile read-only machine-readable medium, and a programmable nonvolatile machine-readable medium, wherein the computer comprises a battery backed volatile machine-readable medium that is separate from the system on-chip and is communicatively coupled to the system on-chip, wherein the performing of the boot up comprises,
enabling a first processor of the multiple processors, while maintaining others of the multiple processors in a disabled state;retrieving, by the first processor, initial stage instructions from the nonvolatile read-only machine-readable medium;executing, in the first processor, the initial stage instructions;retrieving a cryptographic key from at least one of the battery backed volatile machine-readable medium and the programmable nonvolatile machine-readable medium, wherein the programmable nonvolatile machine-readable medium that is part of the system on-chip is configured to store logic that identifies a type of cryptographic operation that is executed as part of validating each of the multiple stages of firmware and identifies a location of the cryptographic key;retrieving the logic from the programmable nonvolatile machine-readable medium;validating, at least in part by executing the initial stage instructions by the first processor, multiple stages of firmware separately, wherein the validating of the multiple stages of firmware includes performing at least one cryptographic operation based on the cryptographic key, wherein the validating of the multiple stages of firmware based on the cryptographic operation is performed as defined by the logic and using the cryptographic key whose location is defined by the logic;in response to validating the multiple stages of firmware, executing the multiple stages of firmware in consecutive stages of the boot up, wherein executing of each stage of the multiple stages of firmware enables a different set of disabled hardware components of the computer;validating, as part of execution of at least one of the multiple stages of firmware, an operating system, wherein the validating of the operating system includes performing at least one different cryptographic operation; andin response to validation of the operating system, transferring control of the computer to the operating system.