发明授权
US07506380B2 Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
有权
在具有硬件安全模块的计算机上的安全引导过程中启动恢复的系统和方法
- 专利标题: Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
- 专利标题(中): 在具有硬件安全模块的计算机上的安全引导过程中启动恢复的系统和方法
-
申请号: US11035715申请日: 2005-01-14
-
公开(公告)号: US07506380B2公开(公告)日: 2009-03-17
- 发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
- 申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
- 申请人地址: US WA Redmond
- 专利权人: Microsoft Corporation
- 当前专利权人: Microsoft Corporation
- 当前专利权人地址: US WA Redmond
- 代理机构: Woodcock Washburn LLP
- 主分类号: G06F21/02
- IPC分类号: G06F21/02 ; G06F11/30 ; G06F9/00 ; H04L9/00 ; H04K1/00
摘要:
Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.