公开(公告)号：EP3063621A4

公开(公告)日：2017-07-12

申请号：EP13896605

申请日：2013-10-29

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  ANVIN H P ,  ROTHMAN MICHAEL A ,  ESTRADA DAVID C ,  YOKE NICHOLAS J ,  SELVARAJE GOPINATTH

IPC: G06F9/24 ,  G06F9/44

CPC classification number: G06F9/4401 ,  G06F9/4403 ,  G06F9/441

Abstract: The present disclosure is directed to flexible bootstrap code architecture. A device may comprise equipment for operating the device and an operating system (OS) for operating the equipment. A boot module may also be included in the device to execute boot operations. At least one flexible boot (FB) module in the boot module may interact with the equipment and/or OS during the boot operations to cause the boot operations to become device-specific. An example boot module may comprise a plurality of FB modules. An example FB module may verify a device/chipset identification and may control the boot operations based on the identification. Other example FB modules may select resources to load based on an OS type, may provide a boot configuration table location for use in OS runtime boot configuration or may load variables from a preload variable directory for use in configuring boot operations.

Abstract translation: 本公开涉及灵活的引导代码体系结构。 设备可以包括用于操作设备的设备和用于操作设备的操作系统（OS）。 引导模块也可以包含在设备中以执行引导操作。 引导模块中的至少一个弹性引导（FB）模块可以在引导操作期间与设备和/或OS交互以使引导操作变为设备特定的。 示例引导模块可以包括多个FB模块。 示例性FB模块可以验证设备/芯片组标识并且可以基于标识来控制引导操作。 其他示例FB模块可以基于OS类型选择要加载的资源，可以提供用于OS运行时引导配置的引导配置表位置，或者可以从预加载变量目录加载变量以用于配置引导操作。

公开(公告)号：EP3138040A4

公开(公告)日：2017-12-13

申请号：EP14890700

申请日：2014-04-28

Applicant: INTEL CORP

Inventor： KOTARY KARUNAKARA ,  YOKE NICHOLAS J ,  WANG BRETT P ,  XING GENLIU

IPC: G06F21/57 ,  G06F3/06 ,  G06F9/44 ,  G06F12/14 ,  G06F21/72 ,  H04L9/32

CPC classification number: G06F9/4401 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/068 ,  G06F12/1408 ,  G06F21/575 ,  G06F21/72 ,  G06F2212/1052 ,  H04L9/3242

Abstract: Technologies for securely booting a computing device includes a security engine of the computing device that consecutively determines a hash value for each block of initial boot firmware and generates an aggregated hash value from the hash value determined for each of the blocks. A processor of the computing device determines whether the aggregated hash value matches a reference checksum value. Initialization of the processor is completed in response to a determination that the aggregated hash value matches the reference checksum value. In some embodiments, the security engine consecutively retrieves each block of the initial boot firmware from a memory of the computing device, stores each retrieved block in a secure memory of the security engine, and determines the hash value for each stored block. Each block stored in the secure memory is copied to a portion of a cache memory of the processor initialized as Cache as RAM.