US 12,067,402 B2
Validation of iPXE scripts using owner certificates and ownership vouchers
Reda Haddad, San Jose, CA (US); Martin Edward Ramsdale, Harpenden (GB); Srihari Raghavan, Chennai (IN); Jabir Hamediya Mohammed, Bangalore (IN); and Sandesh K. Rao, Fremont, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Sep. 13, 2022, as Appl. No. 17/943,440.
Prior Publication US 2024/0086205 A1, Mar. 14, 2024
Int. Cl. G06F 9/4401 (2018.01); G06F 9/448 (2018.01); H04L 9/32 (2006.01)
CPC G06F 9/4401 (2013.01) [G06F 9/4482 (2018.02); H04L 9/3268 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method comprising:
accessing, at a network device, a pre-boot execution environment (iPXE) script, wherein the iPXE script is signed based on an owner certificate (OC) associated with the network device;
fetching, from a server using a trusted iPXE script, an ownership voucher (OV), wherein the OC is anchored on the ownership voucher, wherein the OV is anchored on the network device through a unique device identifier and trust anchor certificates that are anchored on the network device as read only, and wherein the unique device identifier and trust anchor certificates are burned onto the network device during manufacture of the network device by a manufacturer;
validating, by the network device using the OV, the OC;
based at least in part on the OC, validating, the iPXE script; and
executing, by the network device, the iPXE script.