Patent · US Active

Maintaining keys for trusted boot code

US10943013B2 · kind B2 · utility

1Cited by

0References

20Claims

0Family size

Assignee

AMAZON TECHNOLOGIES, INC. · US

Inventors

Ron Diamant · Santa Clara, US
Alex Levin · Cupertino, US
Ihab Bishara · Mountain View, US

Key dates

Filing date	Feb 10, 2020
Grant date	Mar 9, 2021
Priority date	—
Expiry date	Feb 10, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/3234
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.