公开(公告)号：US20090172381A1

公开(公告)日：2009-07-02

申请号：US11968032

申请日：2007-12-31

Applicant: Vincent J. Zimmer ,  Palsamy Sakthikumar ,  Mallik Bulusu

Inventor： Vincent J. Zimmer ,  Palsamy Sakthikumar ,  Mallik Bulusu

IPC: G06F9/00

CPC classification number: G06F9/4401

Abstract: Techniques and architectures to provide high assurance image invocation in a pre-boot environment. These techniques may augment implementations of the Unified Extensible Firmware Interface (UEFI) to invoke UEFI images using Trusted Execution Technology (TXT). This can operate to combine pre-boot secure flows, such as UEFI image invocation, with the secure launch instruction set extensions of TXT. This may entail combination of the UEFI StartImage instruction with the SMX leaf SENTER instruction. This may operate to allow original equipment manufacturer (OEM) firmware as a guard and that uses UEFI and TXT access control logic at the same instance to pass control to the operating system (OS).

Abstract translation: 技术和架构，可在预引导环境中提供高度保证的图像调用。 这些技术可以增加统一可扩展固件接口（UEFI）的实现，以使用可信执行技术（TXT）来调用UEFI图像。 这可以将预引导安全流（例如UEFI映像调用）与TXT的安全启动指令集扩展相结合。 这可能需要UEFI StartImage指令与SMX叶SENTER指令的组合。 这可能会使原始设备制造商（OEM）固件成为防护装置，并且在同一实例中使用UEFI和TXT访问控制逻辑将控制权传给操作系统（OS）。