Abstract: Computer unit includes ROM arrangement including port check code and boot ROM code, internal memory, fixed storage media including fixed media boot application FSMBA, removable media port and processor. The processor is adapted to use the boot ROM code to start the computer unit, use the port check code to determine that removable storage media is present on the removable media port, and use the boot ROM code to load any objects present on the removable storage media into the internal memory, use the boot ROM code to verify the integrity of the objects loaded into the internal memory, use the boot ROM code to verify that the objects loaded into the internal memory include removable media boot application RSMBA, boot the computer unit using the RSMBA, and continue the operation of the computer unit by loading payload from the fixed storage media into the internal memory.

Abstract: A computer unit includes a ROM arrangement including port check code and boot ROM code, an internal memory, a fixed storage media including a fixed media boot application FSMBA, a removable media port and at least one processor. The at least one processor is adapted to use the boot ROM code to start the computer unit, use the port check code to determine that a removable storage media is present on the removable media port, and use the boot ROM code to load any objects present on said removable storage media into the internal memory, use the boot ROM code to verify the integrity of said objects loaded into the internal memory, use the boot ROM code to verify that said objects loaded into the internal memory include a removable media boot application RSMBA, boot the computer unit using said RSMBA, and continue the operation of the computer unit by loading payload from the fixed storage media into the internal memory.

Abstract: A method including the steps of manufacturing a product at a product manufacturing entity; maintaining a product control database at product authenticity responsible entity; assigning a first identifier to the product for the purpose of establishing a boot integrity identity of the product; storing a copy of the public part of said first identifier in a memory of the product; assigning a second identifier to the product for the purpose of establishing a logistics identity of the product, the second identifier comprising manufacturing information; storing the second identifier indicating the logistics identity in the product control database; assigning a third identifier for the product for the purpose of establishing a production identity of the product; extracting and storing a copy of the public part of the third identifier indicating a production identity in the product control database; and maintaining the private part of the third identifier indicating a production identity.

Abstract: A method and system for the provisioning of software that enable large scale installation and management of software in computer units in a highly secure manner. The BIOS of the target computer unit is adapted such that upon power up the system attempts to boot from an external media. The BIOS features functions within the code for the implementing a system watchdog for assuring the system remains in a known state, a function for digital signature verification, and loads drivers for a file system. The external media includes the operating system (OS) image and other bootstrap files, each having been digitally signed with an asymmetric private key that corresponds to the public key. A programmable read-only parameter memory on the motherboard is configured to store the public keys and the (failure) state of the system independently of the primary and secondary media enabling reboot from an alternative boot path.

Abstract: Provisioning a computer related product, comprising manufacturing a product at a product manufacturing entity; maintaining a product control database at product authenticity responsible entity; assigning a first identifier to the product for the purpose of establishing a boot integrity identity of the product, said first identifier being an asymmetric private-public encryption key pair stored in the product control database; storing a copy of the public part of said first identifier (public boot integrity key) in a memory of the product; assigning a second identifier to the product for the purpose of establishing a logistics identity of the product, said second identifier comprising manufacturing information such as a serial number for the product; storing said second identifier indicating the logistics identity in the product control database; assigning a third identifier for the product for the purpose of establishing a production identity of the product, said third identifier being an asymmetric private-pu

Abstract: A method and system for the provisioning of software that enable large scale installation and management of software in computer units in a highly secure manner. The BIOS of the target computer unit is adapted such that upon power up the system attempts to boot from an external media. The BIOS features functions within the code for the implementing a system watchdog for assuring the system remains in a known state, a function for digital signature verification, and loads drivers for a file system. The external media includes the operating system (OS) image and other bootstrap files, each having been digitally signed with an asymmetric private key that corresponds to the public key. A programmable read-only parameter memory on the motherboard is configured to store the public keys and the (failure) state of the system independently of the primary and secondary media enabling reboot from an alternative boot path.