| CPC G06F 21/572 (2013.01) [G06F 8/61 (2013.01); G06F 8/63 (2013.01); G06F 9/441 (2013.01); G06F 9/4416 (2013.01); G06F 9/445 (2013.01); G06F 21/53 (2013.01); G06F 21/57 (2013.01); H04L 9/3263 (2013.01); H04L 63/0272 (2013.01); H04L 63/08 (2013.01); H04L 63/0823 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2101 (2013.01)] | 18 Claims |
|
1. A method of provisioning a self-provisioning computer system, the method comprising:
executing code in a secure base activation image to perform the following:
executing an identification process, using a cryptographically created identifier included in the base activation image, with an activation service to confirm an identity of the computer system with the activation service;
confirming system integrity of the computer system with the activation service;
based on confirming the identity of the computer system and confirming system integrity of the computer system, unlocking the computer system for load installation;
performing load installation by performing the following:
providing capabilities for the computer system to the activation service; and
receiving the load based on the provided capabilities;
removing the secure base activation image;
establishing new device trust by deploying a computer system TPM key; and
deploying a secured operating system image with signed certificates from the computer system by deploying two identical operating system images to allow for multiple boot functionality and a third operating system image implementing a factory default operating system on an attested, secure, monitored boot partition.
|