公开(公告)号：US20220198021A1

公开(公告)日：2022-06-23

申请号：US17127696

申请日：2020-12-18

Applicant: VMware, Inc.

Inventor： Samyuktha SUBRAMANIAN ,  Jesse POOL ,  Petr VANDROVEC ,  Viswesh NARAYANAN

IPC: G06F21/57 ,  G06F21/78 ,  H04L9/08 ,  G06F11/14

Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.