CPC G06F 21/575 (2013.01) [G06F 9/45558 (2013.01); G06F 21/53 (2013.01); G06F 21/602 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/0751 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore;
loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory associated with a first virtual machine;
enforcing, by the hypervisor, a first-tier isolation policy that prohibits the kernel from accessing a second logical partition of the memory associated with a second virtual machine;
enforcing, by the hypervisor, a second-tier isolation policy that prohibits the kernel from accessing a bootloader encryption key written to the keystore by the bootloader;
receiving, by the bootloader, an encryption key from the keystore;
performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel;
executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory; and
halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.
|