Jun 23, 2008 - includes a master boot record 32, data 34, and a metadata storage 36 Which in ..... that focus on a particular class of authentication or recovery protocol. ... aware applications) in a PBA metadata region 454 of HDD. 450 that is ...
US008201239B2
(12) United States Patent Smith et al. (54)
EXTENSIBLE PRE-BOOT AUTHENTICATION .
-
.
(75) Inventors‘ sired sntll;h’Z].3eaVen°§’ 513R "we"
-
1mm“,
6
WA
era
US 8,201,239 B2
(10) Patent N0.: (45) Date of Patent:
ay,
(US)
Jun. 12, 2012
2005/0021968 A1 *
1/2005 Zimmer et a1. ............. .. 713/176
2005/0144609 A1*
6/2005 Rothman et a1.
2008/0120499
5/2008
A1
Zimmer et al.
717/168 ....
. . . . . ..
713/2
2009/0067685 A1 *
3/2009 Boshra et al. .... ..
2009/0172381
A1 *
7/2009
Zimmer et al.
2010/0023782 A1 *
1/2010
Prakash et al. .............. .. 713/193
(73) Assignee: Intel Corporation, Santa Clara, CA
....
382/124 . . . . . ..
713/2
OTHER PUBLICATIONS
US
(*)
( ) Subject to any disclaimer, the term of this
Notice:
U.S. Appl. No. 11/897,355, ?ledAug. 30, 2007, entitled “Method for Firmware Isolation,” by Jiewen Yao, et a1~ US. Appl. No. 12/ 156,223, ?led May 30, 2008, entitled “Enabling Byte-Code Based Image Is0lat10n,” by J1ewen Yao, et al.
patent iS extended or adjusted under 3 5 U_S_C~ 154(1)) by 944 days
* cited b examiner
(21) App1.No.: 12/214,830 (22)
Filed:
y
Jun- 23, 2008 _
(65)
Primary Examiner * Gilberto Barron, Jr. _
_
Assistant Examiner * David Le
Pm" Pubhcatm“ Data
US 2009/0319806 A1
74 Arm” 6)’, A genl, or Firm i Tro P , PIuner & Hu, P.C.
Dec. 24, 2009
(51) Int CL (52) (58)
(57)
G06F 21/00 (200601) U..S. Cl. ...... .... ...... ... ....................... .. 726/16; 713/189 Field of Classi?cation Search ................ .. 713/193, _ _ 713/1, 2, 187, 189;_ 726/17*21 See aPPhCaUOn ?le for Complete Search 11151013’_
(56)
In one embodiment, the present invention includes a method for Obtaining a pre_boot authentication (PBA) image from a full disk encryption disk in a pre-boot environment, executing the PBA using a chipset to obtain user credential information, authorizing the user based on the user credential information and stored credential information, and storing the user cre
References Clted
dential information in a PBA metadata region of the disk.
U S PATENT DOCUMENTS 7,103,529 B2
2003/0023812 A1*
9/2006
ABSTRACT
Other embodiments are described and claimed.
Zimmer ........................ .. 703/27
1/2003 Nalawadi et al. ........... .. 711/118
5\
20 Claims, 5 Drawing Sheets
100
y 10
\
/
CPUC
CPU
\
Memofynldit
UEFI Pl
/
3|
(9112513)
34
/ 'denmy
120
/
I
i
20
4
ACp|
ROMS HII/User
/
SMB
Option
PEHDXE
110
//
lNTxSvcs
f .
EF' 05 /150
Prep \
130
Loader
>40
i /
40
133
Display
UEFI f’ _ N / Extensions Iii-gill‘
\ Chipset
Keyboard
/'\ _I \
\'
34
Master Boot Record _
30\
HDD
' ' _ ' ' _
\
' ' T ' ' _
353312: K
' ' _ "_
Data
Fingerprint
Identi?er
Exception \ Hush
Metadata
134
46
\
Security Auihenticator
PBA Image
/ \\
/
NVRAM Flush
k/ \ 13s
38
44
46
Con?g
_ ............... .._
(
User Interface
42
3e
35
US. Patent
Jun. 12, 2012
Sheet 2 of5
US 8,201,239 B2
omu
mmm
P2385 8.2 ?‘ EmvwE $394
>
0mm
oww
E
![Extensible Effects - Indiana CS [PDF]](https://m.moam.info/img/260x300/extensible-effects-indiana-cs-pdf_647a3fbe098a9e23528b4568.jpg)
