Method and system for hierarchical platform boot measurements in a trusted computing environment

Assignee

• International Business Machines Corporation · US

Inventors

• Steven A. Bade · Georgetown, US
• Ryan Catherman · Apex, US
• James Hoff · Raleigh, US
• William Lee Terrell · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/57
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.