Service processor and system with secure booting and monitoring of service processor integrity

Assignee

• International Business Machines Corporation · US

Inventors

• Patrick J. Callaghan · Vestal, US
• Kenneth A. Goldman · Norwalk, US
• Guerney D. H. Hunt · Yorktown Heights, US
• Elaine R. Palmer · Hanover, US
• Dimitrios Pendarakis · Westport, US
• David R. Safford · Brewster, US
• Brian D. Valentine · Endwell, US
• George C. Wilson · Austin, US
• Miriam Zohar · New Hempstead, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1408
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.