公开(公告)号：US11238160B2

公开(公告)日：2022-02-01

申请号：US16428757

申请日：2019-05-31

Applicant: Apple Inc.

Inventor： Corey T. Kallenberg ,  Rafal Wojtczuk ,  Xeno S. Kovah ,  Andrew J. Fish

IPC: G06F21/57 ,  G06F13/28 ,  G06F21/53

Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.