US 12,339,969 B2
System method for fractional secure boot by validating secure enclave using instructions of pre-drivers stored in memory by manufacturer
Chirag K Shroff, Cary, NC (US); William F. Sulzen, Apex, NC (US); Ofer Licht, Scotts Valley, CA (US); and Chandan Singh, Karnataka (IN)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jun. 21, 2023, as Appl. No. 18/339,017.
Prior Publication US 2024/0427896 A1, Dec. 26, 2024
Int. Cl. G06F 9/00 (2018.01); G06F 9/445 (2018.01); G06F 21/57 (2013.01)
CPC G06F 21/575 (2013.01) [G06F 9/44505 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for securely configuring a booting operation, comprising:
validating veracity of a secure enclave based on a secure identifier of the secure enclave using instructions of a secure enclave predriver stored in a memory integral to a processor;
establishing a secure connection with the secure enclave based on the veracity of the secure enclave using the instructions of the secure enclave predriver;
retrieving at least one authentication key from the secure enclave based on the instructions of the secure enclave predriver;
retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver;
validating a veracity of the bootstrapper based on the at least one authentication key;
initializing an external memory using the instructions of the bootstrapper, wherein the external memory is connected to the processor;
copying a bootloader from the secure storage into the external memory based on the instructions in the bootstrapper or the secure enclave predriver;
validating a veracity of the bootloader based on the at least one authentication key;
clearing the at least one authentication key from the memory of the processor; and
executing the bootloader to load a least a portion of an operating system into the external memory.