US 11,748,486 B2
Computing devices with secure boot operations
Yeluri Raghuram, Sunnyvale, CA (US); Susanne M. Balle, Hudson, NH (US); Nigel Thomas Cook, Boulder, CO (US); and Kapil Sood, Portland, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Oct. 7, 2021, as Appl. No. 17/496,146.
Application 16/433,709 is a division of application No. 15/060,844, filed on Mar. 4, 2016, granted, now 10,339,317, issued on Jul. 2, 2019.
Application 17/496,146 is a continuation of application No. 16/433,709, filed on Jun. 6, 2019, granted, now 11,604,882.
Claims priority of provisional application 62/269,666, filed on Dec. 18, 2015.
Prior Publication US 2022/0027476 A1, Jan. 27, 2022
Int. Cl. G06F 21/57 (2013.01); H04L 9/08 (2006.01); G06F 21/53 (2013.01); G06F 21/71 (2013.01); G06F 21/00 (2013.01)
CPC G06F 21/575 (2013.01) [G06F 21/53 (2013.01); G06F 21/71 (2013.01); H04L 9/0822 (2013.01); H04L 9/0894 (2013.01); G06F 21/00 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A server system configured to be used with at least one remote cloud-based computer system, management-related circuitry, at least one processing resource, and at least one network, the server system comprising:
non-volatile storage hardware associated with at least one encryption key (EK) that is encrypted with at least one key encryption key (KEK), the non-volatile storage hardware configured to store data encrypted based upon the at least one EK, the data comprising operating system code;
a hardware circuit configured to decrypt/encrypt, based upon the at least one EK, one or more respective portions of the data as the one or more respective portions of the data are read from and written to, respectively, the non-volatile storage hardware, the one or more respective portions of the data comprising at least one portion of the operating system code, the at least one KEK being used in generating the at least one EK, in response to at least one request;
computing hardware configured to execute at least one boot operation based upon the at least one portion of the operating system code read from the non-volatile storage hardware, the computing hardware also being configured to execute at least one workload associated with at least one operating system instantiation; and
network hardware configured to communicate, via secure data exchange, with the at least one remote cloud-based computer system and the management-related circuitry via the at least one network;
wherein:
the at least one request is provided to the at least one processing resource;
execution of the operating system code is hardware and/or software isolated, at least in part, from the at least one processing resource;
the server system and/or the at least one remote cloud-based computer system are configured to receive at least one software update from the management-related circuitry for at least one patching and installing operation at the server system and/or the at least one remote cloud-based computer system;
the server system and/or the at least one remote cloud-based computer system are configured to enable providing of diagnostic-related and/or log-related data to the management-related circuitry to enable, in association with application programming interfaces (API), monitoring and/or managing of the server system and/or the at least one remote cloud-based computer system via the management-related circuitry; and
the at least one remote cloud-based computer system is configured to execute at least one virtual machine-related and/or container-related workload.