Trust chain preservation for remote attestation

Assignee

• Extreme Networks, Inc. · US

Inventors

• Steve W. Schroder · Portland, US
• Ramanuja Chaitanya Chakravarthula · Chennai, IN
• Kristopher F. Orjada · Ashburn, US
• Bagavath Singh Swamynatha Pillai · Kanchinakote, IN
• Michael Rash · Mount Airy, US
• Albert Tao · Sabre City, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/64
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed herein are system, method, and computer program product embodiments for verifying the integrity of a boot process without relying on a boot aggregate value. An embodiment operates by cryptographically validating, by a hardware root of trust, a first code module associated with a digital signature. The embodiment determines that the first code module was cryptographically validated and cryptographically measures the first code module thereby generating a first measurement. The embodiment stores a representation of the first measurement in a first platform configuration register (PCR) of a trusted platform module. The embodiment configures a remote attestation agent to instruct a remote attestation server to attest the value stored in the first PCR. The embodiment transmits a TPM attestation quote to the remote attestation server. The embodiment receives an acknowledgment from the remote attestation server indicating a match between the value stored in the first PCR and an allowed cryptographic measurement.