Patent · US Active

Maintaining keys for trusted boot code

US10565382B1 · kind B1 · utility

12Cited by

0References

23Claims

0Family size

Assignee

AMAZON TECHNOLOGIES, INC. · US

Inventors

Ron Diamant · Santa Clara, US
Alex Levin · Cupertino, US
Ihab Bishara · Mountain View, US

Key dates

Filing date	Dec 22, 2016
Grant date	Feb 18, 2020
Priority date	—
Expiry date	Dec 23, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/3234
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.