The present invention relates to boot services in a computer system, and more particularly to authenticating boot operations in a computer system of a networked computer environment.
Personal computer systems are well known in the art. They have attained widespread use for providing computer power to many segments of today""s modern society. Personal computers (PCs) may be defined as a desktop, floor standing, or portable microcomputer that includes a system unit having a central processing unit (CPU) and associated volatile and non-volatile memory, including random access memory (RAM) and basic input/output system read only memory (BIOS ROM), a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM drive, a fixed disk storage drive (also known as a xe2x80x9chard drivexe2x80x9d), a pointing device such as a mouse, and an optional network interface adapter. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together. Examples of such personal computer systems are IBM""s PC 300 series, Aptiva series, and Intellistation series.
Today""s PCs may contain several operating systems on their storage system. The user is typically presented with a choice of the several operating systems with which to boot following a power up or after a soft boot (i.e., alt-ctrl-del key selection), through an appropriate program, such as boot manager. However, there is no way that boot manager can control which operating system a user boots. Further, there is no authorization or authentication involved in the process, which could result in the booting of an incorrect image of an operating system, particularly in a networked computing environment.
Accordingly, a need exists for authentication/authorization during a boot procedure on a computer system, particularly in a computer network environment. The present invention addresses such a need.
Method and system aspects for performing an authenticated boot of a computer system in a networked computing environment are provided. The aspects include integration of boot manager services into a power on self test (POST) routine of a client system. The client system provides a digital signature for a selected operating system when the POST routine transfers control to a basic input/output system (BIOS) routine. Booting is authorized with the operating system through authentication by a server system of the digital signature.