-
公开(公告)号:US09953168B1
公开(公告)日:2018-04-24
申请号:US15633685
申请日:2017-06-26
发明人: Jason A. Lango , Adam Cain , Nitin Bahadur , John K. Edwards , Kevin George , William McGovern , Andrew G. Tucker
CPC分类号: G06F21/575 , G06F9/4401 , G06F9/45545 , G06F9/45558 , G06F21/53 , G06F2009/45562 , G06F2009/45587 , H04L9/0631 , H04L9/0822 , H04L9/3213 , H04L9/3268 , H04L63/0428 , H04L63/166
摘要: In an approach, a secure boot process includes two phases. In the first phase an on premises device generates a data encryption key (DEK) with which to encrypt an operating system image and a key encryption key (KEK) with which to wrap the DEK. The on-premises device then utilizes a key management service to wrap the KEK with an account root key and writes the wrapped DEK and wrapped KEK onto a label of the encrypted operating system image. The encrypted operating system image is then uploaded to a virtual data center and merged with an intermediary guest manager image. When the encrypted machine image is used to generate a virtual machine instance, the intermediary guest manager utilizes the key management service to unwrap the KEK. The unwrapped KEK is then used to unwrap the wrapped DEK which is then used to launch the encrypted guest operating system.
搜索结果
1 条记录 (耗时 0.01 秒)
筛选
AND
AND
过滤
NOT
NOT
扫码加群
