This invention relates to a method and apparatus for updating software. In particular this invention relates to trusted boot and remote attestation processes. Trusted computing, trusted boot, and remote attestation, as described in this specification, generally relate to technology standards developed by a standards group called the Trusted Computing Group.
Trusted boot is a procedure for booting and establishing a chain of trust in a trusted computing system. Components of the boot can be cryptographically measured and stored in a secure device, for example a Trusted Platform Module (TPM). Each boot component measures and stores in the secure device a characteristic measurement of the next boot component, this measurement is taken before control is transferred to the measured component. Once the system is running, the measurements can be extracted for inspection by a remote system using a remote attestation process, for example by Direct Anonymous Attestation (DAA). A sequence of measurements is described as a chain of trust.
Computer systems are frequently updated with new features and software fixes. An update may need to change a boot component which forms part of the chain of trust and after such an update remote attestation will show a change of measurement; the chain of trust will be broken. With many systems and many updates this scales into a larger difficult management problem. The change of measurement will only “show” after at a minimum a re-measure. The re-measure may only occur at reboot, or occur at run-time (depending on how the system is built).
Therefore, there is a need in the art to address the aforementioned problem.