| CPC G06F 21/572 (2013.01) [G06F 2221/033 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
one or more processors to:
receive a request to perform a firmware update at a device;
prepare a second trusted compute base (TCB) layer for the firmware update;
generate a first compound device identifier (CDI) associated with a first TCB layer, wherein a CDI is a cryptographic identifier and generating a CDI includes measuring an execution environment's runtime code and generating a cryptographically unique value;
attest an operational state of the first TCB layer prior to applying the firmware update, wherein the attesting the operational state of the first TCB layer is performed by the second TCB layer using the first CDI;
generate a second CDI associated with the first TCB layer;
apply the firmware update of the second TCB layer; and
attest the operational state of the first TCB layer after applying the firmware update, wherein the attesting the operational state of the first TCB layer after applying the firmware update is performed by the second TCB layer using the second CDI.
|