Maintaining operating system secrets across resets

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Robert D. Young · Snohomish, US
• Jonathan Bret Barkelew · Austin, US
• Ronald Aigner · Redmond, US
• Alain Michaud · Keyano, CA
• Jeremiah Cox · Redmond, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/78
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A device includes a reset resistant store and a trusted key service. The reset resistant store maintains data across various different device reset or data invalidation operations. The trusted key service maintains, for each of one or more operating systems that run on the device from a boot configuration, an encrypted key associated with the boot configuration. The device also has a master key that is specific to the device. Each of the keys associated with a boot configuration is encrypted using the master key. When booting the device, the boot configuration being run on the device is identified, and the key associated with that boot configuration is obtained (e.g., from the reset resistant store or the encrypted key vault). The master key is used to decrypt the obtained key, and the obtained key is used to decrypt secrets associated with the operating system run from the boot configuration.