公开(公告)号：US20210232691A1

公开(公告)日：2021-07-29

申请号：US16774219

申请日：2020-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Travis D. Bishop ,  Kevin G. Depew

IPC: G06F21/57 ,  H04L9/08 ,  H04L9/32

Abstract: A technique includes, in a first phase of a secure boot of a computer system, executing boot code of the computer system to access a first version of a secure boot key database to authenticate driver code. The first version of the secure boot key database stores a key corresponding to a plurality of drivers. The technique includes executing the boot code to automatically prepare the secure boot key database for a second phase of the secure boot in which operating system bootloader code is executed. Preparing for the second phase includes executing the boot code to automatically replace the first version of the secure boot key database with a second version of the secure boot key database, and the second version of the secure boot key database stores a key, which corresponds to the operating system bootloader code. The technique includes in the second phase of the secure boot, executing the boot code to access the secure boot key database to authenticate the operating system bootloader code.

公开(公告)号：US11106798B2

公开(公告)日：2021-08-31

申请号：US16774219

申请日：2020-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Travis D. Bishop ,  Kevin G. Depew

IPC: G06F21/00 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32

Abstract: A technique includes, in a first phase of a secure boot of a computer system, executing boot code of the computer system to access a first version of a secure boot key database to authenticate driver code. The first version of the secure boot key database stores a key corresponding to a plurality of drivers. The technique includes executing the boot code to automatically prepare the secure boot key database for a second phase of the secure boot in which operating system bootloader code is executed. Preparing for the second phase includes executing the boot code to automatically replace the first version of the secure boot key database with a second version of the secure boot key database, and the second version of the secure boot key database stores a key, which corresponds to the operating system bootloader code. The technique includes in the second phase of the secure boot, executing the boot code to access the secure boot key database to authenticate the operating system bootloader code.