Enhanced secure boot

Assignee

• McAfee, LLC · US

Inventors

• Jiewen Yao · Shanghai, CN
• Rangasai V. Chaganty · Hillsboro, US
• Xiang Ma · Nanhu, CN
• Ravi Poovalur Rangarajan · Portland, US
• Rajesh Poornachandran · Portland, US
• Nivedita Aggarwal · Bengaluru, IN
• Giri P. Mudusuru · Portland, US
• Vincent J. Zimmer · Federal Way, US
• Satya P. Yarlagadda · Bengaluru, IN
• Amy Chan · Taipei, TW
• Sudeep Das · Cupertino, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.