A computer system that failed to boot securely during a tampering incident.

By generating random bytes through the trusted platform module and storing them in the bootloader and operating system, and using a detector to delete these bytes during a tampering event, the problem of the computer system failing to boot securely during a tampering event is solved, thus achieving data security protection.

CN116415249BActive Publication Date: 2026-06-30MOXA INC

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
MOXA INC
Filing Date
2022-03-03
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

In existing technologies, computer systems cannot effectively prevent secure boot from failing in the event of tampering during opening of the cover, thus threatening data security.

Method used

The Trusted Platform Module (TPM) generates random bytes and stores these bytes in the bootloader and operating system. When a tampering event occurs, the detector deletes these bytes, causing secure boot to fail.

Benefits of technology

In the event of a tampering incident, ensure a secure boot failure, prevent the computer system from being tampered with, protect data security, and prevent internal developers and external users from obtaining random bytes.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116415249B_ABST
    Figure CN116415249B_ABST
Patent Text Reader

Abstract

A computer system includes a trusted platform module for generating a plurality of random bytes for a secure boot of the computer system; a boot loader for storing information in at least one piece of hardware of the computer system and executing the secure boot, wherein the information includes the plurality of random bytes; an operating system for executing the secure boot; and at least one detector for detecting a decryption tampering event in the computer system, and, if the decryption tampering event occurs in the computer system, transmitting a signal to trigger the deletion of the plurality of random bytes. The boot loader or the operating system deletes the plurality of random bytes stored in the at least one piece of hardware, causing the secure boot to fail in response to the signal.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a computer system, and more particularly to a computer system that causes a secure boot to fail in a case tampering event. Background Technology

[0002] When tampering is detected on the casing of a computer system, the system's anti-tampering mechanism is activated to protect the data from being altered. However, how to prevent a secure boot from occurring when tampering occurs remains unknown. Therefore, preventing secure boot from occurring in a tampering event is a pressing problem to be solved. Summary of the Invention

[0003] Therefore, the present invention provides a method for causing secure boot to fail in the event of tampering with a computer system by opening the lid, in order to solve the above-mentioned problem.

[0004] This invention discloses a computer system for failing a secure boot in the event of a lid-opening tampering incident. The system includes a trusted platform module (TPM) for generating a plurality of random bytes for a secure boot of the computer system; a bootloader for storing information in at least one piece of hardware in the computer system and executing the secure boot, wherein the information includes the plurality of random bytes, and the trusted platform module is included in the bootloader; an operating system (OS) for executing the secure boot; and at least one sensor for detecting a lid-opening tampering incident in the computer system, and, if the lid-opening tampering incident occurs in the computer system, transmitting a signal to trigger a deletion of the plurality of random bytes; the bootloader or the operating system deletes the plurality of random bytes stored in the at least one piece of hardware, causing the secure boot to fail in response to the signal.

[0005] The present invention also discloses a method for causing secure boot to fail in the event of a lid opening tampering event in a computer system, comprising: performing a secure boot of the computer system; generating a plurality of random bytes for the secure boot; storing information in at least one piece of hardware in the computer system, wherein the information includes the plurality of random bytes; detecting a lid opening tampering event in the computer system; if the lid opening tampering event occurs, transmitting a signal to trigger the deletion of the plurality of random bytes; and deleting the plurality of random bytes stored in the at least one piece of hardware to cause secure boot to fail in response to the signal. Attached Figure Description

[0006] Figure 1 This is a schematic diagram of the trust platform module according to Embodiment 1 of the present invention.

[0007] Figure 2 This is a schematic diagram of a computer system according to Embodiment 1 of the present invention.

[0008] Figure 3 This is a flowchart of a first embodiment of the present invention.

[0009] The annotations in the attached figures are explained as follows:

[0010] 10,202: Trust Platform Module

[0011] 100: Password Processor

[0012] 102: Random Byte Generator

[0013] 104: Key Generator

[0014] 106: Hash Generator

[0015] 108: Encryption-Decryption-Signature Engine

[0016] 110: Storage device

[0017] 112: Platform Configuration Cache

[0018] 20: Computer System

[0019] 200: Startup loader

[0020] 210: Operating System

[0021] 220: At least one detector

[0022] 30: Process

[0023] 300, 302, 304, 306, 308, 310, 312, 314: Steps Detailed Implementation

[0024] Figure 1 This is a schematic diagram of a trusted platform module (TPM) 10 according to an embodiment of the present invention. The trusted platform module 10 is a passive hardware element that enhances the security of a computer system and is used to maintain the smooth operation of the computer system. Figure 1 As shown, the trust platform module 10 includes a cryptographic processor 100 and a storage device 110. The cryptographic processor 100 includes a random byte generator 102, a key generator 104, a hash generator 106, and an encryption-decryption-signature engine 108. The random byte generator 102 generates random bytes for secure boot. These random bytes may contain numbers, letters, or punctuation marks. The key generator 104 generates a public key for encryption and a private key for decryption. The hash generator 106 generates a hash based on the random bytes generated by the random byte generator 102. The encryption-decryption-signature engine 108 manages the public and private keys used for signing and verification. Storage device 110 can be used to store an endorsement key (EK), a storage root key (SRK), attestation identity keys (AIK), and storage keys. Furthermore, storage device 110 includes platform configuration registers (PCR) 112. PCR 112 stores random bytes generated by random byte generator 102, and hashes generated based on a cryptographic hash function and the random bytes. Even if the random bytes (i.e., the inputs to platform configuration register 112) are similar, the hashes generated by the cryptographic hash function will be distinctly different.

[0025] Based on different hashes, the platform configuration cache 112 can initialize different functions of the trusted platform module 10, and can establish a platform configuration cache policy (PCR policy) for the trusted platform module 10. During a boot process, the trusted platform module 10 can store information (e.g., central processing unit identity (CPU ID), media access control address (MAC address), serial number, product ID, etc.) in the platform configuration cache 112. Based on the above information, the platform configuration cache 112 generates a hash. When the hash is correct (i.e., the hash generated by the platform configuration cache 112 is the same as the hash generated by the hash generator 106, and the trusted platform module 10 is operable according to the hash), random bytes stored in the platform configuration cache 112 can be retrieved.

[0026] Figure 2 This is a schematic diagram of a computer system 20 according to an embodiment of the present invention. The computer system 20 includes a bootloader 200, an operating system (OS) 210, and at least one sensor 220. The bootloader 200 may also be referred to as a basic input / output system (BIOS). During the power-on stage of the computer system 20, the bootloader 200 performs hardware initialization. The bootloader 200 includes a trusted platform module 202. The trusted platform module 202 may be the aforementioned trusted platform module 10, which will not be described in detail here. The operating system 210 manages the hardware and software resources of the computer system 20 and provides services for the computer system 20. The operating system 210 may be a Windows operating system (Windows OS) or a Linux operating system (Linux OS), but is not limited thereto. The bootloader 200 and the operating system 210 may apply asymmetric / symmetric keys to the computer system 20. The asymmetric / symmetric key can be used for encryption (e.g., using a public key) and decryption (e.g., using a private key). At least one detector 220 can be configured to detect events (e.g., a case tampering event) and notify the bootloader 200 and / or operating system 210 of the computer system 20.

[0027] Figure 3 This is a flowchart of process 30 according to an embodiment of the present invention, used in computer system 20 to detect a lid-opening tampering event. Process 30 can be compiled into program code, which includes the following steps:

[0028] Step 300: Begin.

[0029] Step 302: Start the loader 200 and operating system 210 to perform a secure boot of the computer system 20.

[0030] Step 304: Trust platform module 202 generates a plurality of random bytes for the secure boot.

[0031] Step 306: In at least one piece of hardware of the computer system, a startup loader 200 stores information, wherein the information contains the plurality of random bytes.

[0032] Step 308: In computer system 20, at least one detector 220 detects a cover-opening tampering event.

[0033] Step 310: If the tampering event occurs, at least one detector 220 transmits a signal to trigger a deletion of the plurality of random bytes.

[0034] Step 312: The bootloader 200 or operating system 210 deletes the plurality of random bytes stored in the at least one piece of hardware, causing the secure boot to fail in response to the signal.

[0035] Step 314: End.

[0036] According to process 30, when the secure boot of computer system 20 is executed, a plurality of random bytes for secure boot are generated and included in the information. A boot loader 200 stores the information in at least one piece of hardware in computer system 20. In computer system 20, at least one detector 220 detects a lid-opening tampering event. If a lid-opening tampering event occurs in computer system 20, at least one detector 220 transmits a signal that triggers boot loader 200 or operating system 210 to delete the plurality of random bytes stored in the at least one piece of hardware. When the signal is received from at least one detector 220, boot loader 200 or operating system 210 deletes the plurality of random bytes stored in the at least one piece of hardware, and correspondingly causes secure boot to fail (e.g., incomplete). In other words, when a lid-opening tampering event occurs, secure boot of computer system 20 is stopped for the security of computer system 20.

[0037] It should be noted that when Secure Boot is being executed by the bootloader 200, several random bytes are deleted by the bootloader 200. On the other hand, when Secure Boot is being executed by the operating system 210, several random bytes are deleted by the operating system 210.

[0038] It is important to note that the plurality of random bytes generated by the trusted platform module 202 are not known (e.g., obtained) by external users of the computer system 20. Furthermore, even the internal developers of the computer system 20 will not know (e.g., obtain) the plurality of random bytes. In other words, the plurality of random bytes are neither obtained by external users of the computer system 20 nor by the internal developers of the computer system 20. This mechanism prevents the computer system 20 from being tampered with. Moreover, in the event of a tampering incident, the bootloader 200 or the operating system 210 may delete only the plurality of random bytes stored in at least one piece of hardware. Information other than the plurality of random bytes is not involved and may be retained.

[0039] In one embodiment, a secure boot is performed by a bootloader 200 and an operating system 210 based on information stored in at least one piece of hardware. That is, if no tampering event occurs during the secure boot process, the computer system 20 completes the secure boot as a normal secure boot.

[0040] In one embodiment, if a lid-opening tampering event occurs in operating system 210, operating system 210 deletes a plurality of random bytes stored in at least one piece of hardware. Then, operating system 210 reboots computer system 20 and performs (e.g., forces entry) a secure boot of computer system 20. That is, if a lid-opening tampering event occurs while secure boot is being performed by operating system 210, the plurality of random bytes are deleted by operating system 210. Furthermore, a lid-opening tampering event may still occur even after secure boot has been completed. In this case, operating system 210 may also delete the plurality of random bytes upon receiving a signal indicating a lid-opening tampering event.

[0041] In one embodiment, at least one piece of hardware in the computer system 20 includes a platform configuration cache. The platform configuration cache is included in the trusted platform module 202. The platform configuration cache generates a plurality of hashes based on a plurality of random bytes. In one embodiment, if the plurality of hashes are correct, secure boot of the computer system 20 is completed. That is, if the plurality of random bytes are not deleted (i.e., no tampering event occurs), it indicates that the plurality of hashes are correct (i.e., the trusted platform module 202 can operate based on the plurality of hashes). Therefore, the trusted platform module 202 can operate, allowing secure boot to be completed. It should be noted that after secure boot is completed, the operating system 210 can provide services to a user of the computer system 20. In one embodiment, if the plurality of hashes are incorrect, secure boot of the computer system 20 fails. That is, if the plurality of random bytes are deleted (e.g., tampered with), it indicates that the plurality of hashes are incorrect (i.e., the trusted platform module 202 cannot operate based on the plurality of hashes). Therefore, the Trust Platform Module 202 cannot function, and the Computer System 20 cannot operate the Operating System 210, resulting in a secure boot failure.

[0042] In one embodiment, after a secure boot fails, the boot loader 200 obtains the plurality of random bytes for the secure boot based on a password and a plurality of hashes from the computer system 20. In at least one piece of hardware, the boot loader 200 stores the plurality of random bytes and, based on the plurality of random bytes, restores the secure boot. That is, to restore a secure boot that failed due to a tampering event, the plurality of random bytes can be obtained from the trusted platform module 202 if the plurality of hashes generated by the platform configuration cache are correct. The computer system 20 recognizes that the password (e.g., a BIOS password) is transmitted from the boot loader 200 to the platform configuration cache contained in the trusted platform module 202, and allows the boot loader 200 to obtain the plurality of bytes for secure boot from the trusted platform module 202. If computer system 20 determines that the password was not transmitted from bootloader 200 (e.g., from operating system 210), or if the password is not configured correctly for the platform cache, then computer system 20 will not allow multiple random bytes to be obtained, and secure boot will not be restored.

[0043] In one embodiment, when a lid-opening tampering event is detected, the loader 200 is initiated to record the lid-opening tampering event. That is, the lid-opening tampering event can be recorded to inform a user of the computer system 20.

[0044] Those skilled in the art can combine, modify, or change the embodiments described above in accordance with the spirit of the present invention, but are not limited thereto. The foregoing statements, steps, and / or processes (including suggested steps) can be implemented by modules, which can be hardware, software, firmware (a combination of hardware devices and computer instructions and data, where the computer instructions and data are read-only software on the hardware device), electronic systems, or combinations of the above devices. An example of such a device may be a computer system 20.

[0045] The hardware can be analog circuitry, digital circuitry, and / or mixed-signal circuitry. For example, the hardware can be an application-specific integrated circuit, a field-programmable gate array (FPGA), a programmable logic device, coupled hardware elements, or a combination of the above. In other embodiments, the hardware can be a general-purpose processor, a microprocessor, a controller, a digital signal processor (DSP), or a combination of the above.

[0046] Software can be a combination of program code, instructions, and / or functions (functionalities) stored in a storage unit, such as a computer-readable medium. For example, a computer-readable medium can be a user identification module, read-only memory, flash memory, random access memory, optical disc read-only memory (CD-ROM / DVD-ROM / BD-ROM), magnetic tape, hard disk, optical data storage device, non-volatile storage unit, or a combination of the above. The computer-readable medium (such as a storage unit) can be coupled to at least one processor (such as a processor integrated with the computer-readable medium) in a built-in manner or externally coupled to at least one processor (such as a processor independent of the computer-readable medium). The at least one processor may include one or more modules for executing the software stored in the computer-readable medium. The combination of program code, instructions, and / or functions (functionalities) can cause at least one processor, one or more modules, hardware, and / or electronic systems to perform relevant steps.

[0047] Electronic systems can be system-on-chip (SoC), system-in-package (SiP), computer-on-module (CoM), computer programmable products, devices, mobile phones, laptops, tablets, e-books, portable computer systems, and computer systems 20.

[0048] In summary, the present invention provides a computer system for causing a secure boot to fail in the event of a tampering incident. When a tampering incident is detected, the computer system deletes random bytes stored in the hardware, causing the secure boot to fail. Therefore, the problems in this field are solved.

[0049] The above description is only a preferred embodiment of the present invention. All equivalent changes and modifications made in accordance with the claims of the present invention should be included within the scope of the present invention.

Claims

1. A computer system, characterized by Used to cause a secure boot failure in a case of tampering upon opening the lid, comprising a boot loader, an operating system, and at least one detector: A trusted platform module is included in the bootloader. The trusted platform module includes a cryptographic processor and at least one piece of hardware. The cryptographic processor includes a random byte generator and a hash generator. The random byte generator is used to generate a plurality of random bytes for a secure boot of the computer system. The hash generator is used to generate a plurality of first hashes based on the plurality of random bytes generated by the random byte generator. The at least one piece of hardware is used to store the plurality of random bytes generated by the random byte generator and includes a platform configuration cache. The platform configuration cache is used to generate a plurality of second hashes based on a cryptographic hash function and the plurality of random bytes generated by the random byte generator. The operating system is used to perform the secure boot, wherein if the plurality of second hashes generated by the platform configuration cache are the same as the plurality of first hashes generated by the hash generator, the secure boot of the computer system is completed; and if the plurality of second hashes generated by the platform configuration cache are not the same as the plurality of first hashes generated by the hash generator, the secure boot of the computer system fails. The at least one detector is used to detect a tampering event in the computer system, and if the tampering event occurs in the computer system, to transmit a signal to trigger a deletion of the plurality of random bytes; The startup loader described therein performs the following operations: Deleting the plurality of random bytes stored in the at least one piece of hardware to cause the secure boot to fail in response to the signal; and The startup loader also performs the following operations: After the secure boot fails, the plurality of random bytes used for the secure boot are obtained based on a password of the computer system and the plurality of first hashes; After the secure boot fails, the plurality of random bytes are stored in at least one piece of hardware. as well as The secure boot is restored based on the plurality of random bytes obtained after the secure boot has failed.

2. The computer system of claim 1, wherein, Based on information stored in the at least one piece of hardware, the bootloader and the operating system perform the secure boot.

3. The computer system as described in claim 1, characterized in that, The operating system also performs the following operations: Delete the plurality of random bytes stored in the at least one piece of hardware; and Restart the computer system and perform the secure boot of the computer system.

4. A method for causing a secure boot to fail in the event of a tampering incident during the opening of a computer system, characterized in that, Includes: Perform a secure boot of the computer system; Generate a plurality of random bytes for the secure boot; Information is stored in at least one piece of hardware in the computer system, wherein the information comprises the plurality of random bytes, and the at least one piece of hardware includes a platform configuration cache; Based on the plurality of random bytes, a plurality of first hashes are generated by a hash generator in the computer system; Based on the information stored in the at least one piece of hardware, the platform configuration cache generates a plurality of second hashes; The computer system detects a case of tampering by opening the lid; If the opening and tampering event occurs, a signal is transmitted to trigger the deletion of the plurality of random bytes; The secure boot of the computer system is completed if the plurality of second hashes generated by the platform configuration cache are the same as the plurality of first hashes generated by the hash generator, and if the plurality of second hashes generated by the platform configuration cache are different from the plurality of first hashes generated by the hash generator, the secure boot of the computer system fails. After the secure boot fails, the plurality of random bytes used for the secure boot are obtained based on a password of the computer system and the plurality of first hashes; After the secure boot fails, the plurality of random bytes are stored in at least one piece of hardware. as well as The secure boot is restored based on the plurality of random bytes obtained after the secure boot has failed.

5. The method as described in claim 4, characterized in that, The secure boot is performed based on the information stored in the at least one piece of hardware.

6. The method as described in claim 4, characterized in that, The method further includes: Delete the plurality of random bytes stored in the at least one piece of hardware; and Restart the computer system and perform the secure boot of the computer system.