公开(公告)号：US20180198629A1

公开(公告)日：2018-07-12

申请号：US15841894

申请日：2017-12-14

Applicant: Google LLC

Inventor： Alejandro Martin Deymonnaz ,  Darren David Krahn ,  David Zeuthen

IPC: H04L9/32 ,  H04L9/30 ,  G06F21/57 ,  G06F9/4401

CPC classification number: H04L9/3263 ,  G06F9/4401 ,  G06F21/575 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/30 ,  H04L9/3265 ,  H04L63/0823

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.

公开(公告)号：US10992482B2

公开(公告)日：2021-04-27

申请号：US15841894

申请日：2017-12-14

Applicant: Google LLC

Inventor： Alejandro Martin Deymonnaz ,  Darren David Krahn ,  David Zeuthen

IPC: H04L9/32 ,  G06F9/4401 ,  G06F21/57 ,  H04L9/30 ,  H04L9/08 ,  H04L29/06

Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.