| CPC G06F 21/572 (2013.01) [H04L 9/3263 (2013.01); G06F 9/4406 (2013.01); G06F 2221/033 (2013.01)] | 19 Claims |
|
1. A computing device comprising:
a hardware processor;
a secure storage device;
a memory, the memory storing instructions, which when executed, cause the hardware processor to perform operations comprising:
during a first boot process of the computing device after a firmware update and before a new firmware object is executed:
reading a stored measurement value stored in the secure storage device, the stored measurement value being a measurement of the new firmware object taken by the computing device and written to the secure storage device during the firmware update;
measuring the new firmware object to produce a current firmware measurement;
determining whether the current firmware measurement matches the stored measurement value;
responsive to determining that the current firmware measurement does not match the stored measurement value, keeping an alias certificate a same value as prior to the firmware update; and
responsive to determining that the current firmware measurement matches the stored measurement value, regenerating an alias key pair and the alias certificate and booting the firmware, the alias certificate regenerated based upon a protected device secret and the current firmware measurement, the alias key pair and the alias certificate used to authenticate the computing device.
|