Unlock instant, AI-driven research and patent intelligence for your innovation.

Upgrading Secure Boot Policy on Virtual Machines

A technology for secure booting and virtual machines, which is applied in the field of upgrading secure booting policies on virtual machines, and can solve problems such as inability to retrieve keys from TPM

Active Publication Date: 2021-03-09
MICROSOFT TECH LICENSING LLC
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the encryption system learns from the Trusted Platform Module that such a condition exists, the keys required by the encryption system to decrypt the disk cannot be retrieved from the TPM

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Upgrading Secure Boot Policy on Virtual Machines
  • Upgrading Secure Boot Policy on Virtual Machines
  • Upgrading Secure Boot Policy on Virtual Machines

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The inventors have realized that performing an upgrade on a virtual machine with a virtual Trusted Platform Module ("vTPM") and a full-disk encryption solution (such as MICROSOFT BITLOCKER) that is protected by recovery mode and relies on the TPM can cause the virtual machine to trip to recovery state. The transition into recovery mode occurs because the upgrade operation is in many ways similar to an attack on Secure Boot, where Secure Boot protects against loading drives or OS loaders that are not signed with an acceptable digital signature. boot process. When Secure Boot is enabled, the inconsistency of the PCR 7 measurements between the calculated and measured values ​​causes the virtual machine to proceed to recovery. A secure boot policy change deployed as an operating system update may affect PCR 7 measurements and potentially bring the vm into recovery. Such going into recovery mode represents a serious problem in cloud infrastructures due to the high costs as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Describes facilities for booting virtual machines hosted on hosts. In one example facility, the facility directs a virtual machine according to a policy instance associated with the virtual machine. As part of booting, the facility extracts from a virtual trusted platform module associated with the virtual machine information required to complete booting, the extraction being based on a policy instance associated with the virtual machine. Upon boot completion, the facility copies the contents of the policy instance associated with the host to the policy instance associated with the virtual machine.

Description

Background technique [0001] Trusted Platform Module (TPM) technology is designed to provide hardware-based security-related functions. TPM can be used to implement system integrity measurements. Specifically, during a computer system's boot process, a TPM can measure and record the boot code (including firmware and operating system components) that is loaded. These integrity measurements can be used as evidence of how the system was booted, and to ensure that TPM-based keys are only used when the correct software is used to boot the system. [0002] Some full-disk encryption solutions (such as the BITLOCKER encryption system included in MICROSOFT WINDOWS) utilize the TPM and the secure boot process to determine whether the system has been compromised to a degree that would imply that the system has been compromised. When the encryption system learns from the Trusted Platform Module that such a condition exists, then the keys required by the encryption system to decrypt the d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/575G06F9/4406G06F21/60
Inventor L.R.克利顿Y.A.桑索诺夫K.金舒曼吴京波K.M.布罗亚斯S.钱拉舍卡
Owner MICROSOFT TECH LICENSING LLC