-
公开(公告)号:US10127384B2
公开(公告)日:2018-11-13
申请号:US15335101
申请日:2016-10-26
Applicant: GOOGLE INC.
Inventor: Gaurav Shah , William A. Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
-
公开(公告)号:US20150012738A1
公开(公告)日:2015-01-08
申请号:US14330902
申请日:2014-07-14
Applicant: GOOGLE INC.
Inventor: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
CPC classification number: G06F21/575 , G06F21/554 , G06F21/64 , G06F21/74 , H04L9/30 , H04L9/3236 , H04L9/3247
Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
Abstract translation: 公开了用于验证计算系统的引导过程的方法和装置。 计算机实现的示例的示例包括在引导过程期间由计算系统读取计算系统的固件的读写部分的头部。 该示例方法还包括使用第一加密散列算法生成与该报头对应的消息摘要。 示例性方法还包括使用第一公开密钥来解密与该标题相对应的加密签名。 该示例方法还包括比较与该标题相对应的消息摘要和与标题对应的解密签名。 在与标题对应的消息摘要和与标题相对应的解密签名匹配的情况下,示例方法包括继续引导过程。 在与标题对应的消息摘要和与标题相对应的解密签名不匹配的情况下,示例方法包括暂停引导过程。
-
公开(公告)号:US09251336B1
公开(公告)日:2016-02-02
申请号:US14252373
申请日:2014-04-14
Applicant: GOOGLE INC.
Inventor: Luigi Semenzato , William Alexander Drewry , Gaurav Shah , Randall Spangler , Sumit Gwalani
CPC classification number: G06F21/51 , G06F8/65 , G06F21/572
Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.
Abstract translation: 为了提供安全的安装和执行软件环境,维护锁定的版本号。 可以存储与软件程序相关联的锁定版本号。 当接收到使用更新包更新软件程序的请求时,可将更新包的包编号与锁定的版本号进行比较。 如果软件包号码至少与锁定版本号码一样,则可以使用更新软件包更新软件程序,并且如果软件包编号早于锁定的版本号,则可以限制具有更新软件包的软件程序的更新 。
-
公开(公告)号:US09483647B2
公开(公告)日:2016-11-01
申请号:US14330902
申请日:2014-07-14
Applicant: GOOGLE INC.
Inventor: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
CPC classification number: G06F21/575 , G06F21/554 , G06F21/64 , G06F21/74 , H04L9/30 , H04L9/3236 , H04L9/3247
Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
Abstract translation: 公开了用于验证计算系统的引导过程的方法和装置。 计算机实现的示例的示例包括在引导过程期间由计算系统读取计算系统的固件的读写部分的头部。 该示例方法还包括使用第一加密散列算法生成与该报头对应的消息摘要。 示例性方法还包括使用第一公开密钥来解密与该标题相对应的加密签名。 该示例方法还包括比较与该标题相对应的消息摘要和与标题对应的解密签名。 在与标题对应的消息摘要和与标题相对应的解密签名匹配的情况下,示例方法包括继续引导过程。 在与标题对应的消息摘要和与标题相对应的解密签名不匹配的情况下,示例方法包括暂停引导过程。
-
-
-
Search Results
4
records
(took 0.017 seconds)
