Secure boot policy for platform security using neutral processors in an information handling system
US11615190B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 20, 2021 |
| Grant date | Mar 28, 2023 |
| Priority date | — |
| Expiry date | Nov 24, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/64
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A secure boot policy may be stored in the information handling system and used to create a trusted relationship with a CPU, including a neutral CPU that has not been fused with an OEM key. The secure boot policy may be a data blob including platform-specific identification information (e.g., one or more of flash memory unique ID, motherboard ePPID), a boot policy (e.g., specifying to enable or disable neutral CPU fusing), and a signature. The secure boot policy may be stored in a one-time-programmable (OTP) storage of the information handling system, such as an OTP region in the serial peripheral interface (SPI) flash memory part storing the basic input/output system (BIOS). The BIOS may verify the secure boot policy using a public key and check if the boot policy is bound to current BIOS flash part and/or system configuration, and then apply the boot policy if the verification is passed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.