Method to securely allow a customer to install and boot their own firmware, without compromising secure boot
US11151255B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 26, 2018 |
| Grant date | Oct 19, 2021 |
| Priority date | — |
| Expiry date | Jan 4, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/602
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In one or more embodiments, one or more systems, methods, and/or process may allow a customer to install and boot their own firmware securely, without compromising secure boot. A baseboard management controller (BMC) may include a BMC firmware stored via a BMC partition of a non-volatile storage, a customer firmware image including a customer firmware and a signed customer boot block (CBB) file including a CBB, a hidden root key (HRK) hash of the CBB based on a HRK, and a manufacturer signature. The BMC firmware may, when an alternate path to boot the CBB is detected, verify the manufacturer signature on the CBB and the HRK hash, verify the HRK hash based on the unique HRK, and when the manufacturer signature and the HRK hash have been verified, hardware lock the BMC partition, disable the HRK, and transfer control to the CBB.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.