Secure boot up of a computer based on a hardware based root of trust

Assignee

• International Business Machines Corporation · US

Inventors

• Vincent V. Diluoffo · Sandy Hook, US
• Dan P. Dumarot · Patterson, US
• Eugene B. Risi · South Burlington, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F9/4401
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method includes performing a boot up of a computer having a system on-chip having multiple processors and a nonvolatile read-only machine-readable medium. The boot up includes enabling a first processor of the multiple processors, while maintaining others of the multiple processors in a disabled state. The boot up includes retrieving initial stage instructions from the nonvolatile read-only machine-readable medium. The boot up also includes executing the initial stage instructions and validating multiple stages of firmware separately. The boot up includes, in response to validating the multiple stages of firmware, executing the multiple stages of firmware in consecutive stages of the boot up, wherein executing of each stage of the multiple stages of firmware enables a different set of disabled hardware components of the computer. The boot up also includes validating an operating system and, in response to validation, transferring control of the computer to the operating system.