| CPC G06F 21/575 (2013.01) [G06F 21/33 (2013.01); G06F 21/602 (2013.01); G06F 21/604 (2013.01); G06F 21/72 (2013.01); G06F 21/107 (2023.08); G06F 21/1014 (2023.08)] | 16 Claims |
|
1. A system for facilitating boot-specific key access in a virtual device platform, the system comprising:
the virtual device platform including circuitry configured to:
generate a first boot marker including a first boot identifier in response to a request to boot a virtual device;
generate a second boot marker including a second boot identifier in response to the request to boot the virtual device, where the second boot marker is associated with a trusted virtual device;
generate, by a first subsystem of the virtual device platform, a first boot record including the first boot identifier and a first boot process identifier, the first boot process identifier being associated with a booting of the virtual device;
generate, by a second subsystem of the virtual device platform, a second boot record including the second boot identifier and a second process identifier, the second process identifier being associated with a booting of the trusted virtual device;
obtain a dynamic credential in response to a match between the first boot record and the second boot record, where the match comprises:
a match between the first boot identifier and the second boot identifier, and
a match between the first process identifier and the second process identifier;
obtain an identity certificate, the identity certificate including an identifier of the virtual device and the identity certificate being generated in response to a verification of the dynamic credential; and
obtain, from a cryptographic processor, authorization to access a key in response to a verification of the identity certificate by the cryptographic processor.
|