-
1.发明授权System and method to secure boot both UEFI and legacy option ROM's with common policy engine 有权使用通用策略引擎来安全地启动UEFI和传统选项ROM的系统和方法公开(公告)号:US08694761B2
公开(公告)日:2014-04-08
申请号:US12347834
申请日:2008-12-31
申请人: Vincent Zimmer , Mohan Kumar , Mahesh Natu , Jiewen Yao , Qin Long , Liang Cui
发明人: Vincent Zimmer , Mohan Kumar , Mahesh Natu , Jiewen Yao , Qin Long , Liang Cui
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及在引导期间在驱动程序执行环境(DXE)阶段中使用策略引擎来认证要加载的驱动程序和可执行映像被认证。 要认证的图像包括操作系统(OS)加载程序。 根据平台策略,策略引擎使用证书数据库来保存第三方映像的有效证书。 未通过身份验证的图像在引导时未加载。 描述和要求保护其他实施例。
-
2.发明申请公开(公告)号:US20100169633A1
公开(公告)日:2010-07-01
申请号:US12347834
申请日:2008-12-31
申请人: Vincent Zimmer , Mohan Kumar , Mahesh Natu , Jiewen Yao , Qin Long , Liang Cui
发明人: Vincent Zimmer , Mohan Kumar , Mahesh Natu , Jiewen Yao , Qin Long , Liang Cui
CPC分类号: G06F21/575
摘要: In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及在引导期间在驱动程序执行环境(DXE)阶段中使用策略引擎来认证要加载的驱动程序和可执行映像被认证。 要认证的图像包括操作系统(OS)加载程序。 根据平台策略,策略引擎使用证书数据库来保存第三方映像的有效证书。 未通过身份验证的图像在引导时未加载。 描述和要求保护其他实施例。
-
公开(公告)号:US07984286B2
公开(公告)日:2011-07-19
申请号:US12215071
申请日:2008-06-25
申请人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
发明人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
IPC分类号: G06F15/177 , H04L9/32
CPC分类号: G06F21/575
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,存储在第一存储器位置的引导块,存储在第二存储器位置的封装更新,启动 认证代码模块,以确保在基于处理器的系统重新启动时引导块的完整性,该代码可由基于处理器的系统执行,以使基于处理器的系统使用启动认证代码模块来验证引导块 重新启动基于处理器的系统,并且如果启动块被成功验证,则使用启动认证代码模块验证基于处理器的系统的胶囊更新。 公开和要求保护其他实施例。
-
公开(公告)号:US20090327684A1
公开(公告)日:2009-12-31
申请号:US12215071
申请日:2008-06-25
申请人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
发明人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,存储在第一存储器位置的引导块,存储在第二存储器位置的封装更新,启动 认证代码模块,以确保在基于处理器的系统重新启动时引导块的完整性,该代码可由基于处理器的系统执行,以使基于处理器的系统使用启动认证代码模块来验证引导块 重新启动基于处理器的系统,并且如果启动块被成功验证,则使用启动认证代码模块验证基于处理器的系统的胶囊更新。 公开和要求保护其他实施例。
-
公开(公告)号:US08327415B2
公开(公告)日:2012-12-04
申请号:US12156223
申请日:2008-05-30
申请人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
发明人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
IPC分类号: G06F21/00
CPC分类号: G06F12/145
摘要: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于设置可扩展策略机制的方法,以保护包括页表的根数据结构,解释字节代码解释器中的预引导驱动程序的字节码,以及控制对基于存储器位置的访问 关于可扩展的政策机制。 描述和要求保护其他实施例。
-
公开(公告)号:US20090063835A1
公开(公告)日:2009-03-05
申请号:US11897355
申请日:2007-08-30
申请人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
发明人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
IPC分类号: G06F15/177
CPC分类号: G06F21/54 , G06F9/45558 , G06F12/1491 , G06F2009/45583 , G06F2221/2141 , G06F2221/2149
摘要: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于确定是否存在隔离驱动器并且处理器支持虚拟化的方法,以与系统特权级别和用户权限级别不同的第一特权级别启动隔离驱动程序,创建1:1虚拟 使用隔离驱动程序在虚拟地址和物理地址之间进行映射,并使用隔离驱动程序控制对内存页的访问。 描述和要求保护其他实施例。
-
公开(公告)号:US20090300370A1
公开(公告)日:2009-12-03
申请号:US12156223
申请日:2008-05-30
申请人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
发明人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
CPC分类号: G06F12/145
摘要: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于设置可扩展策略机制的方法,以保护包括页表的根数据结构,解释字节代码解释器中的预引导驱动程序的字节码,以及控制对基于存储器位置的访问 关于可扩展的政策机制。 描述和要求保护其他实施例。
-
8.发明授权Method for isolating third party pre-boot firmware from trusted pre-boot firmware 有权从信任的预引导固件中隔离第三方预引导固件的方法公开(公告)号:US07827371B2
公开(公告)日:2010-11-02
申请号:US11897355
申请日:2007-08-30
申请人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
发明人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
IPC分类号: G06F12/00
CPC分类号: G06F21/54 , G06F9/45558 , G06F12/1491 , G06F2009/45583 , G06F2221/2141 , G06F2221/2149
摘要: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于确定是否存在隔离驱动器并且处理器支持虚拟化的方法,以与系统特权级别和用户权限级别不同的第一特权级别启动隔离驱动程序,创建1:1虚拟 使用隔离驱动程序在虚拟地址和物理地址之间进行映射,并使用隔离驱动程序控制对内存页的访问。 描述和要求保护其他实施例。
-
9.发明申请Method and System for Secure Booting Unified Extensible Firmware Interface Executables 审中-公开用于安全引导统一可扩展固件接口可执行程序的方法和系统公开(公告)号:US20100083002A1
公开(公告)日:2010-04-01
申请号:US12242655
申请日:2008-09-30
申请人: Liang Cui , Qin LONG , Vincent J. Zimmer , Jiewen Yao
发明人: Liang Cui , Qin LONG , Vincent J. Zimmer , Jiewen Yao
IPC分类号: G06F21/22
CPC分类号: G06F21/575
摘要: A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module.
摘要翻译: 用于安全引导统一的可扩展固件接口可执行程序的方法和计算设备包括生成平台私钥,签名第三方凭证,将签名的第三方凭证存储在位于可信平台模块中的数据库中,以及执行统一的可扩展固件接口 只有在相关的签名的第三方凭据存储在可信平台模块中才可执行。
-
10.发明申请METHOD, APPARATUS, SYSTEM, AND MACHINE READABLE STORAGE MEDIUM FOR PROVIDING SOFTWARE SECURITY 有权方法,设备,系统和机器可读存储介质提供软件安全公开(公告)号:US20140250293A1
公开(公告)日:2014-09-04
申请号:US13976504
申请日:2013-02-25
申请人: Qin Long , Ting Ye , Vincent Zimmer , Jiewen Yao
发明人: Qin Long , Ting Ye , Vincent Zimmer , Jiewen Yao
IPC分类号: G06F9/44
CPC分类号: G06F9/4401 , G06F9/445 , G06F21/51 , G06F21/575
摘要: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.
摘要翻译: 在示例实施例中提供技术,用于确定要加载模块,模块与模块代码相关联,确定模块是冻结模块,冻结模块与冻结的模块代码相关联,确定模块的模块指纹 模块不能对应于冻结模块的冻结模块指纹,并导致加载冻结模块代码而不是模块代码。
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.045 秒)
