公开(公告)号：US09710652B1

公开(公告)日：2017-07-18

申请号：US14946863

申请日：2015-11-20

Applicant: Google Inc.

Inventor： Curtis Gerald Condra ,  Adrian Ludwig ,  Colin Cross ,  Kenneth Root

IPC: G06F15/177 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F11/1417 ,  G06F2221/034

Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.

公开(公告)号：US09195831B1

公开(公告)日：2015-11-24

申请号：US14268486

申请日：2014-05-02

Applicant: Google Inc.

Inventor： Curtis Gerald Condra ,  Adrian Ludwig ,  Colin Cross ,  Kenneth Root

IPC: H04L29/06 ,  G06F21/57 ,  G06F11/14

CPC classification number: G06F21/575 ,  G06F11/1417 ,  G06F2221/034

Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.

Abstract translation: 可以在引导过程中使用用户提供的密钥库来验证如本文所公开的引导映像。 可以确定设备处于锁定或验证状态。 可以确定所选择的密钥库不能针对诸如根密钥的第一密钥进行验证。 用户可以向设备提供密钥库。 如果系统确定密钥库不针对第一个密钥进行验证，系统可能会向用户显示一个提示，询问用户是否要继续启动。 用户可以通过指示继续引导的愿望来响应提示。 系统可以确定引导映像针对密钥库进行验证并完成启动设备。 因此，提示可以提醒用户对引导过程或设备的完整性的威胁。