| CPC G06F 21/575 (2013.01) [H04L 9/30 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A method for securely booting a processing device of a computing system, the method comprising:
modifying a set of programmable fuses of the processing device to store a microcode patch that causes the processing device to access a firmware interface table stored in a non-volatile memory of the computing system;
loading, at a reset of the processing device and via the firmware interface table, an initialization patch from a non-volatile memory onto one or more cores of the processing device;
deriving, by the processing device, an encryption key through a one-way hash of the set of programmable fuses of the processing device and a one-way hash of the initialization patch, the encryption key comprising a plurality of public keys for a plurality of computing devices of the computing system and storing the encryption key in the non-volatile memory; and
authenticating, by the processing device, a basic input/output system (BIOS) initial boot block (IBB) stored in the non-volatile memory to perform a secure boot process of the processing device using a key derivation algorithm based on the derived encryption key.
|