公开(公告)号：US11062032B2

公开(公告)日：2021-07-13

申请号：US16182093

申请日：2018-11-06

Applicant: GOOGLE LLC

Inventor： Gaurav Shah ,  William A. Drewry ,  Randall Spangler ,  Ryan Tabone ,  Sumit Gwalani ,  Luigi Semenzato

IPC: G06F21/57 ,  H04L9/30 ,  G06F21/55 ,  G06F21/74 ,  H04L9/32 ,  G06F21/64

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.

公开(公告)号：US20190087583A1

公开(公告)日：2019-03-21

申请号：US16182093

申请日：2018-11-06

Applicant: GOOGLE LLC

Inventor： Gaurav Shah ,  William A. Drewry ,  Randall Spangler ,  Ryan Tabone ,  Sumit Gwalani ,  Luigi Semenzato

IPC: G06F21/57 ,  G06F21/55 ,  G06F21/74 ,  H04L9/30 ,  H04L9/32 ,  G06F21/64

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.

公开(公告)号：US10740494B2

公开(公告)日：2020-08-11

申请号：US15697059

申请日：2017-09-06

Applicant: Google LLC

Inventor： Osman Koyuncu ,  William A. Drewry ,  Xiaowen Xin

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/70 ,  G06F21/84 ,  G06F21/81 ,  G06F21/83 ,  H04W12/06 ,  G06F21/31 ,  G06F21/55 ,  H04L29/06 ,  G06F7/04 ,  H04W12/00

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.