Patent · US Active

Portable executable and non-portable executable boot file security

US10664599B2 · kind B2 · utility

0Cited by

1References

9Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Pu Liu · Vestal, US
Timothy V. Bolan · Endwell, US
Patrick J. Callaghan · Vestal, US

Key dates

Filing date	May 1, 2017
Grant date	May 26, 2020
Priority date	—
Expiry date	Nov 30, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/3263
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer-implemented method for protecting a kernel for secure boot of an operating system includes preparing a kernel component with a signature for a secure boot. A processing unit modifies a machine owner key (MOK) file to include a trusted certificate. The MOK is separate from the kernel file. The processing unit validates the kernel component using a modified Grub file, a modified Shim file, and the MOK, and executes a secure boot using the validated kernel component. The kernel is unchanged by the secure boot process. The kernel component that is protected may be either a program executable (PE) file or a non-PE file.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.