| 摘要 |
The invention is concerned with ensuring the security of a particular configuration of hardware and software for an information handling system 120 that is assembled using a "build-to-order" system. When the information system is manufactured a manifest file 216 is constructed comprising a predetermined set of data files 222 selected from files stored 206 on the information system. The manifest file is stored on the system along with an electronic seal or signature 224 generated using at least one key. During the initial boot-up of the system at the customer's facility, the electronic seal is verified and a comparison is performed between the files of the manifest and the corresponding files stored on the system. If any of the files have been altered, the initial boot is designated as invalid and the user is notified of the potential breach of security. The manifest file may contain operating system and boot files, checksums of the BIOS 218 and CMOS 220, and encrypted customer configuration files. If the system is delivered to the customer via one or more intermediaries that modify the system, e.g. by adding hardware and/or software enhancements, a modified manifest and seal is generated for the system. |
