公开(公告)号：US20210397709A1

公开(公告)日：2021-12-23

申请号：US17464832

申请日：2021-09-02

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey NDU ,  Ludovic Emmanuel Paul Noel JACQUIN ,  Nigel EDWARDS

IPC: G06F21/56 ,  G06F21/57 ,  G06F21/53

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

公开(公告)号：US20220405393A1

公开(公告)日：2022-12-22

申请号：US17821553

申请日：2022-08-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey NDU ,  Nigel EDWARDS

IPC: G06F21/57 ,  G06F13/24 ,  G06F12/0815 ,  G06F21/50 ,  G06F12/1009

Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.

公开(公告)号：US20220188462A1

公开(公告)日：2022-06-16

申请号：US17122406

申请日：2020-12-15

Applicant: Hewlett Packard Enterprise Development LP

Inventor： David A. MOORE ,  Nigel EDWARDS ,  Jonathon HUGHES

IPC: G06F21/73 ,  G06F21/44 ,  H04L9/32

Abstract: Examples described herein relate to a printed circuit assembly (PCA). The PCA includes a printed circuit board (PCB). The PCA further includes an identification device embedded within the PCB. The identification device stores identity information that uniquely identifies identification device and the PCB. Moreover, a PCB identifier defined using the identity information is also stored in a platform attestation file hosted locally within the PCA, on a remote server, or both locally within the PCA and on the remote server. Additionally, the PCA includes an authentication device disposed on the PCB, wherein the platform attestation file is cryptographically bound to the authentication device.

公开(公告)号：US20180054314A1

公开(公告)日：2018-02-22

申请号：US15238562

申请日：2016-08-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel EDWARDS

IPC: H04L9/32 ,  G06F11/07 ,  H04L29/06

CPC classification number: G06F11/079 ,  G06F11/0721 ,  G06F11/0751 ,  G06F11/0787 ,  G06F21/00 ,  G06F21/64 ,  H04L9/3239

Abstract: Example embodiments relate to instantiating containers. For example, in an embodiment, integrity of a container image may be verified by executing a verification program using verification information associated with the container image. Provenance of the container image may be verified by checking a log associated with the container image. A container may be instantiated from the container image by loading a file system associated with the container image. The file system associated with the container image may be isolated from the verification information and the log.

公开(公告)号：US20210342162A1

公开(公告)日：2021-11-04

申请号：US17372978

申请日：2021-07-12

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey NDU ,  Nigel EDWARDS

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.

公开(公告)号：US20180032258A1

公开(公告)日：2018-02-01

申请号：US15224236

申请日：2016-07-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel EDWARDS ,  Chris I. DALTON ,  Venkataraman KAMALAKSHA ,  Kishore Kumar M

IPC: G06F3/06 ,  G06F17/30

CPC classification number: G06F16/185 ,  G06F3/0604 ,  G06F3/0647 ,  G06F3/067 ,  G06F16/13 ,  G06F16/184

Abstract: Example embodiments relate to storage systems for containers. An example storage system may include a set of servers associated with a global namespace for containers, a plurality of storage domains connected under the global namespace, and a processor to identify a storage tree for a container image of a container, where the storage tree is mapped to a storage domain storing the container image, and to clone the container to a second container, where the second container image is stored in a second storage domain.

公开(公告)号：US20230185920A1

公开(公告)日：2023-06-15

申请号：US18168430

申请日：2023-02-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel JACQUIN ,  Hamza ATTAK ,  Nigel EDWARDS

IPC: G06F21/57 ,  H04L9/06

CPC classification number: G06F21/572 ,  H04L9/0643 ,  G06F2221/033

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US20210256118A1

公开(公告)日：2021-08-19

申请号：US17232264

申请日：2021-04-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey NDU ,  Theofrastos KOULOURIS ,  Nigel EDWARDS

IPC: G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US20210248239A1

公开(公告)日：2021-08-12

申请号：US17242904

申请日：2021-04-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel JACQUIN ,  Hamza ATTAK ,  Nigel EDWARDS

IPC: G06F21/57 ,  H04L9/06

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.