Abstract: A computing system is described for securely verifying system firmware and recovery firmware to ensure system integrity without relying on a manufacturer's proprietary verification process, hardware-specific keys, or inherent write-protection features of system memory. In aspects, the computing system utilizes a security processor that maintains firmware management parameters that define a process for verifying firmware and recovery firmware independent of an integrated circuit manufacturer's Mask ROM (read-only-memory) verification process. The security processor ensures that the firmware or recovery firmware is signed appropriately and consistent with previously executed versions, or if different, produces verification results (e.g., generated hash values) that are consistent with expected results embedded in the firmware, at compile time.

Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.

Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.

Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.

Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. In an example method, a computing device is configured to receive a first indication, the first indication indicating that instructions for implementing a recovery mode are to be executed. The instructions to implement the recovery mode are executed in response to receiving the first indication. Implementing the recovery mode includes receiving a second indication and, based on the second indication, performing one of a first process that includes replacing current operating system software of the computing device and removing user data from the computing device with a trusted version of operating system software of the computing device or a second process that includes replacing current operating system software of the computing device with the trusted version of operating system software of the computing device and retaining user data on the computing device.

Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.