Patent · US Active

Protecting an entire system disk by encrypting data stored in a portion of the system disk

US11928216B2 · kind B2 · utility

1Cited by

0References

20Claims

0Family size

Assignee

VMware LLC · US

Inventors

Samyuktha Subramanian · Mountain View, US
Jesse Pool · Mountain View, US
Petr Vandrovec · Cupertino, US
Viswesh Narayanan · Palo Alto, US

Key dates

Filing date	Dec 18, 2020
Grant date	Mar 12, 2024
Priority date	—
Expiry date	Mar 23, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.