US 12,008,109 B2
Cloud based boot integrity
Jean Pierre, Brockton, MA (US); Carol Sheridan, Littleton, MA (US); Shruti Shetty, Braintree, MA (US); Azzam Tannous, Framingham, MA (US); Massarrah Tannous, Bellingham, MA (US); and Huijun Xie, Hopkinton, MA (US)
Assigned to Dell Products L.P., Hopkinton, MA (US)
Filed by Dell Products L.P., Hopkinton, MA (US)
Filed on Jan. 18, 2022, as Appl. No. 17/577,420.
Prior Publication US 2023/0229777 A1, Jul. 20, 2023
Int. Cl. G06F 9/4401 (2018.01); G06F 21/57 (2013.01)
CPC G06F 21/575 (2013.01) [G06F 9/4416 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. An apparatus comprising: a storage platform comprising at least one compute node comprising at least one general purpose processor, memory, a secure cryptoprocessor, non-volatile storage, and a boot integrity service loaded during a boot sequence, the boot integrity service configured to: obtain, from the secure cryptoprocessor, observed boot data values comprising:
a first hash that uniquely represents programs running at load/run BIOS POST;
a second hash that uniquely represents programs running at load/run bootloader;
a third hash that uniquely represents programs running at load/run kernel; and
a fourth hash that uniquely represents the programs running at load/run runlevel programs;
provide the observed boot data values comprising the first, second, third and fourth hashes as part of platform configuration register content included within a trusted platform quote along with a nonce and an attestation integrity key (AIK) signature, to a remote verifier in a secure remote network that does not contain the storage platform for comparison with expected boot data values; and
responsive to a control command from the remote verifier generated in response to mismatch between the observed boot data values and the expected boot data values, limit functionality of the storage platform.