US 12,373,563 B2
Computer system for failing a secure boot in a case tampering event
Chia-Te Chou, New Taipei (TW); Tsung-Yi Lin, New Taipei (TW); Yoong Tak Tan, New Taipei (TW); Hsin-Ju Wu, New Taipei (TW); Jian-Yu Liao, New Taipei (TW); Che-Yu Huang, New Taipei (TW); Tsung-Li Fang, New Taipei (TW); Kuo-Chen Wu, New Taipei (TW); and Chih-Yu Chen, New Taipei (TW)
Assigned to Moxa Inc., New Taipei (TW)
Filed by Moxa Inc., New Taipei (TW)
Filed on Dec. 30, 2021, as Appl. No. 17/565,458.
Prior Publication US 2023/0214492 A1, Jul. 6, 2023
Int. Cl. G06F 21/57 (2013.01); H04L 9/32 (2006.01)
CPC G06F 21/575 (2013.01) [H04L 9/3239 (2013.01); G06F 2221/034 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A computer system for failing a secure boot in a case tampering event, comprising:
a microcontroller unit (MCU);
a bootloader, comprising a trusted platform module (TPM) which includes:
a cryptographic processor, comprising:
a random byte generator for generating a plurality of random bytes for a secure boot of the computer system; and
a hash generator for generating a plurality of hashes according to the plurality of random bytes; and
at least one hardware for storing the plurality of random bytes generated by the random byte generator and comprising:
a platform configuration register (PCR) for generating a plurality of hashes according to a cryptographic hash function and the plurality of random bytes generated by the random byte generator;
an operating system (OS), for performing the secure boot, wherein the secure boot of the computer system is completed if the plurality of hashes generated by the platform configuration register are the same as the plurality of hashes generated by the hash generator, and the secure boot of the computer system fails if the plurality of hashes generated by the platform configuration register are not the same as the plurality of hashes generated by the hash generator;
at least one sensor, coupled to the MCU, for detecting a case tampering event in the computer system, and transmitting a signal for triggering a deletion of the plurality of random bytes, if the case tampering event happens in the computer system; and
the TPM completing the secure boot of the computer system according to the plurality of random bytes when determining that the deletion of the plurality of random bytes is not triggered;
wherein the MCU performs the operation of:
deleting the plurality of random bytes stored in the MCU and the at least one hardware according to a power supply, to fail the secure boot, in response to the signal transmitted by the at least one sensor; and
wherein the bootloader further performs the operations of:
obtaining the plurality of random bytes for the secure boot according to a password of the computer system and the first plurality of hashes, after the case tampering event happens;
storing the plurality of random bytes in the MCU and the at least one hardware; and
resuming the secure boot according to the plurality of random bytes.