	US 12,292,977 B2
	Attesting update of a firmware layer
Kapil Vaswani, Cambridge (GB); Cédric Alain Marie Fournet, Cambridge (GB); and Stavros Volos, Cambridge (GB)
Assigned to Microsoft Technology Licensing, LLC., Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jan. 13, 2021, as Appl. No. 17/148,548.
Claims priority of application No. 2020059 (GB), filed on Dec. 17, 2020.
Prior Publication US 2022/0222348 A1, Jul. 14, 2022
Int. Cl. G06F 21/57 (2013.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)

CPC G06F 21/572 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0838 (2013.01); H04L 9/0866 (2013.01); H04L 9/3073 (2013.01); H04L 9/3268 (2013.01); G06F 2221/033 (2013.01)]

20 Claims

1. A method comprising:

accessing, using immutable firmware, a unique device secret of a computing device;

deriving, using the immutable firmware, a hardware device identity (HDI) from the unique device secret using a key derivation function taking as arguments a label string as a salt and the unique device secret;

deriving, using the immutable firmware, a compound device identity (CDI) from a measurement of mutable firmware and the unique device secret, the immutable firmware being deployed in hardware or read only memory (ROM) of the computing device, the mutable firmware being deployed in a layer of firmware (L0 firmware) immediately above the immutable firmware;

deriving, using the mutable firmware, a device identity key (DevID) from the CDI, the DevID being separate and distinct from the HDI;

deriving, using the mutable firmware, a device certificate authority key (DCK) from the HDI; and

issuing, using the mutable firmware, a local certificate to endorse the DevID, wherein the local certificate is signed by the DCK.