| CPC G06F 21/64 (2013.01) [G06F 21/575 (2013.01); G06F 21/602 (2013.01)] | 17 Claims |
|
1. A computer-implemented method, comprising:
executing a firmware on a processing system;
identifying, by way of the firmware, one or more memory devices present in the processing system;
retrieving, by way of the firmware, uniquely identifying information for each of the identified one or more memory devices present in the processing system;
upon a first boot of the processing system,
transmitting, by way of the firmware, the uniquely identifying information from the firmware to an endorsement service,
receiving a response from the endorsement service at the firmware, the response identifying any of the one or more memory devices that are not authorized for use with the processing system,
disabling, by way of the firmware, the one or more memory devices that are not authorized for use with the processing system,
generating cryptographic hashes, by way of the firmware, for the one or more memory devices that are authorized for use with the processing system,
storing, by way of the firmware, the cryptographic hashes at the processing system, and
permitting, by way of the firmware, the processing system to boot; and
upon a boot of the processing system subsequent to the first boot:
generating, by way of the firmware, cryptographic hashes for the one or more memory devices present in the processing system at a time of the boot of the processing system subsequent to the first boot,
determining, by way of the firmware, if the cryptographic hashes for the one or more memory devices present in the processing system match the stored cryptographic hashes for the one or more memory devices that are authorized for use with the processing system, and
responsive to determining that the cryptographic hashes for the one or more memory devices present in the processing system do not match the stored cryptographic hashes for the one or more memory devices that are authorized for use with the processing system,
transmitting, by way of the firmware, the uniquely identifying information for memory devices not having matching previously stored cryptographic hashes from the firmware to the endorsement service,
receiving a response from the endorsement service at the firmware, the response identifying any of the memory devices not having matching previously stored cryptographic hashes that are not authorized for use with the processing system, and
disabling, by way of the firmware, the one or more memory devices not having matching previously stored cryptographic hashes that are not authorized for use with the processing system.
|