公开(公告)号：GB2527569A

公开(公告)日：2015-12-30

申请号：GB201411373

申请日：2014-06-26

Applicant: IBM

Inventor： GSCHWIND THOMAS

IPC: G06F21/57 ,  G06F9/44

Abstract: A computer (fig.1) comprises a data storage device (fig.1, 11) and an OS (operating system) loader (fig. 1, 24). Preferably, the data storage device is encrypted. A UTD (user trusted device, fig. 2, 20) for example, a protected USB flash drive is connectable to the computer and stores a boot loader (fig. 2, 16) and an OS loader (fig. 2, 24a) which is for an OS of the computer and corresponds to the version/instance of the OS loader stored on the computer. The UTD is designed to prevent an unauthenticated user from modifying its boot loader and OS loader. Upon connection (S21) of the UTD to the computer, the boot loader is detectable (S22) and subsequently executable (S23) by firmware executing at the computer, e.g. the computers BIOS. Said execution causes transfer (S24) of the OS loader from the UTD to the computer. The transferred OS loader is executed (S28) causing execution (S29) of at least one crypto driver for the OS and a kernel of the OS, thereby to start OS services and complete booting of the computer.

公开(公告)号：GB2508894A

公开(公告)日：2014-06-18

申请号：GB201222583

申请日：2012-12-14

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  GSCHWIND THOMAS ,  SCHADE ANDREAS

IPC: G06F21/57 ,  G06F9/455

Abstract: A trusted boot device 10 is connected to a computer 101 to allow the computer to boot a trusted environment, such as an operating system. During the boot process, the computer processor 105 executes code which behaves differently in a virtual machine. If the code determines that it is being executed in a virtual machine, the boot is prevented. The code may detect execution in a virtual machine by detecting features supported by the processor. It may measure the computation time or number of processor cycles needed to execute a particular task. This task may involve communicating with a server via a network interface. The code may switch the processor between processor modes. It may read or write a machine specific register.

公开(公告)号：GB2508893A

公开(公告)日：2014-06-18

申请号：GB201222582

申请日：2012-12-14

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  GSCHWIND THOMAS ,  SCHADE ANDREAS

IPC: G06F21/57

Abstract: A boot device 10 may be connected to a users personal computer 100 to allow it to operate in a corporate bring your own device (BYOD) environment. When the computer attempts to boot from the device, software on the device is loaded into a memory 121 on the computer. The software checks the trustworthiness of the firmware 122 on the computer. If the firmware is not trustworthy, then the software prevents the boot of the computer. The firmware may be checked by generating one or more hash values of the firmware and comparing the value with a list of values corresponding to trusted firmware. The list may be stored on the boot device. The list may be stored on a server 30 connected to the computer via a network 165 using a network interface card 124.