摘要 |
<p>A method and system for the provisioning of software that enable large scale installation and management of software in computer units in a highly secure manner. The BIOS of the target computer unit is adapted such that upon power up the system attempts to boot from an external media. The BIOS features functions within the code for the implementing a system watchdog for assuring the system remains in a known state, a function for digital signature verification, and loads drivers for a file system. The external media includes the operating system (OS) image and other bootstrap files, each having been digitally signed with an asymmetric private key that corresponds to the public key. A programmable read-only parameter memory on the motherboard is configured to store the public keys and the (failure) state of the system independently of the primary and secondary media enabling reboot from an alternative boot path.</p> |