US 11,853,428 B2
Firmware policy enforcement via a security processor
Md. Nazmus Sakib, Seattle, WA (US); Bryan David Kelly, Carnation, WA (US); Ling Tony Chen, Bellevue, WA (US); and Peter David Waxman, Seattle, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jun. 2, 2021, as Appl. No. 17/337,251.
Prior Publication US 2022/0391510 A1, Dec. 8, 2022
Int. Cl. G06F 21/57 (2013.01); G06F 9/54 (2006.01); G06F 21/55 (2013.01)
CPC G06F 21/572 (2013.01) [G06F 9/541 (2013.01); G06F 21/554 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
at least one processor circuit;
at least one memory that stores first firmware that, when executed, causes the at least one processor circuit to:
during a boot session of the system:
determine whether second firmware loaded during the boot session is in compliance with at least one policy rule specified by the first firmware, the first firmware comprising an application programming interface configured to receive policy parameters for the at least one policy rule;
based at least on a determination that the second firmware is in compliance with the at least one policy rule, execute the second firmware; and
based at least on a determination that the second firmware is not in compliance with the at least one policy rule, perform a mitigation with respect to the second firmware.