Browse Prior Art Database

Method to limit available boot devices to those that are Secure Boot capable

IP.com Disclosure Number: IPCOM000239004D
Publication Date: 2014-Sep-30
Document File: 1 page(s) / 28K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are methods to limit the devices presented to the user when secure boot is enabled. These methods enable a system to assess whether the boot device has an adequately signed option Read Only Memory (ROM), before showing it as a bootable device.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 88% of the total text.

Page 01 of 1

Method to limit available boot devices to those that are Secure Boot capable

Secure boot prevents unauthorized operating systems and software from loading during the startup process. Existing systems perform the Peripheral Component Interconnect (PCI) scan on all boot devices, irrespective of the secure boot enable value.

The novel system presented herein limits which devices are presented to the user when secure boot is enabled. The system assesses whether the boot device has an adequately signed option Read Only Memory (ROM), before showing it as a bootable device. This limitation only applies in secure boot enabled devices.

The novel system presents a method of limiting visible bootable devices with secure boot enabled and a method of validating a signed Option ROM for secure boot enable mode. Using this system, setup menus include a feature that shows:


 All bootable devices


 Bootable devices authenticated by a Unified Extensible Firmware Interface (UEFI) certificate


 Bootable devices not authenticated by a UEFI certificate (signed and unsigned)

Without these methods, a system can show all devices scanned in the bootable devices list, irrespective of whether the device can boot. The novel approach allows the user to limit the bootable device list when secure boot is enabled. If secure boot is disabled, then all bootable devices are shown. If secure boot is enabled, then a validation is done on each option ROM to validate proper signing. The validatio...