A computer installation generally includes at least one internal hard disk device and a motherboard fitted with a microprocessor and memory typically of the RAM (“Random Access Memory”) type for the purpose of executing computer programs stored notably on the internal hard disk device. The microprocessor is adapted to executing a start-up program which “boots” or starts up the computer installation, most typically the boot instructions to start and run an operating system. A hard disk device of the computer installation typically stores such a start-up program which is associated with a predetermined operating system. A start-up program may also be made available on an external data medium unit, such as a CD-ROM (Compact Disk Read Only Memory) provided with the computer installation when the computer installation includes a corresponding CD-ROM drive, or via another type of medium that can be connected to the computer installation, via a USB (Universal Serial Bus) type port for example.
A first level of start-up strategy applied by the microprocessor can also be defined in a Basic Input/Output System, commonly called BIOS, which is contained in a read-only memory (“ROM”) located on the motherboard. The BIOS can thus establish or provide for a hierarchy for the start-up operation. One such hierarchy as an example would give priority to the CD-ROM start-up program, if it is properly positioned in the computer installation's CD-ROM drive and if its start-up program is ready to be executed, and then if the start-up program on the CD-ROM drive is not ready to be executed give second priority to the start-up program on another medium for example on a USB port of the computer installation and if its start-up program is ready to be executed, and then in third priority or by default to a start-up program stored on the internal hard disk. It may also be an option for the user to choose a desired operating system, or the location of a desired operating system from a menu presented to the user early in the boot or start-up.
It is an advantage to make the start-up of the computer installation secure. A method for a secured start-up of a computer installation is described in the patent application published under the number US 20060236122. This method consists, in its general principle, of verifying the integrity of a program before executing it using a cryptographic or encryption/decryption algorithm.
The microprocessor on the motherboard executes the cryptographic or encryption/decryption algorithm using a system of keys stored locally in a secured manner, such as on the internal hard disk device. Specifically, this method can be implemented to verify the integrity of the BIOS or part of the BIOS, a start-up program or part of such a program, such as, for example, the kernel of the operating system executed at start-up.
One advantage of this method is to enable the microprocessor of the motherboard of the computer installation to secure the execution of programs that might not be certified beforehand by a recognized certification authority. However, this imposes a constraint on the computer installation, which must locally and securely store a system of cryptographic keys, or possibly even several systems of keys, if necessary, that are particular if different programs require different security mechanisms.
This is an issue especially when a single or the same computer installation may be used by several people or users. Each user may want to define his or her own working environment as might be associated with specific applications. Another known solution, and that which may be added to the aforementioned solution, is to define authentication data specific for each user, to store it locally in a secured manner, and to proceed with a verification performed by the microprocessor to utilizing the stored authentication data during a step in the start-up procedure, for example immediately after the operating system starts. Again, there is a constraint in that the computer installation manages the authentication and furthermore, for the sake of simplicity, the users therefore would typically be required to use the same operating system although they can subsequently customize their work environment.
It may therefore be desirable to provide a device and/or a method of secured start-up of a computer installation that can overcome these types of constraints.