| CPC G06F 21/45 (2013.01) [G06F 21/6218 (2013.01); H04L 9/0897 (2013.01); H04L 9/3226 (2013.01); H04L 9/3234 (2013.01); G06F 2221/2131 (2013.01)] | 17 Claims |
|
1. A system, comprising:
a memory storing instructions for implementing an unlock module and a trusted platform module (TPM) comprising logic configured to implement an anti-hammering capability;
one or more processors communicatively coupled with the memory and configured to execute the instructions, while a computing device is in a recovery mode, to:
present, via a display associated with the system, a user interface configured to prompt for an input;
receive an input;
determine whether the input corresponds to a valid personal identification number (PIN); and
when the computing device is booted in a recovery mode separate from a normal boot-up sequence:
access, in an unencrypted volume of the system outside of the TPM, based on determining that the input corresponds to the valid PIN, at least one of a signed unlock token or an unlock key;
decrypt, using the signed unlock token or the unlock key, an encrypted volume of the system that is encrypted using a full volume encryption; and
recover, based on decrypting the encrypted volume, data from the encrypted volume; and
when the computing device is in the normal boot-up sequence:
access, in the unencrypted volume of the system, based on determining that the input corresponds to the valid PIN, the unlock key; and
decrypt, using the unlock key, at least a portion of information stored in the encrypted volume of the system; and
boot in the normal boot-up sequence and loading an operating system based on at least the portion of information.
|