1. Field
The present invention relates to the field of data security. More particularly, this invention relates to a system and method for securing a communication channel during a pre-boot operational state.
2. General Background
Computers have become an important product for both commercial and personal use, in part due to their versatility. Over the last few years, computers are being used as a vehicle to transfer information over private networks as well as publicly accessible networks such as, for example, the Internet. In many situations, it may be desirable to "secure" communications between computers.
Currently, after booting the operating system (OS), a computer exists in a "post-boot" operational state. In its post-boot operational state, the computer is able to establish one or more secure communication channels with another computer. A communication channel is considered to be "secure" when (i) the modification of data transmitted through the communication channel can be detected, and (ii) the source of the transmitted data can be authenticated, and/or the confidentiality of the transmitted data is protected. Cryptographic techniques such as digital certificates, digital signatures, and the encryption/decryption of data are used to secure a communication channel.
While these cryptographic techniques can protect the integrity and authenticity of data being communicated in its post-boot operational state, it appears that these have not been successful attempts to secure communications in a "pre-boot" operational state (e.g., before booting of the OS) due to the complexity of the secure communication protocols and the constraints in the flash memory in the pre-boot operational state. Providing a secure communication channel during the pre-boot operational state, when there is limited support from the OS or system resources, will become increasingly important in those situations where data effecting the functionality of the computer (e.g., the OS image, diagnostic software, etc.) is downloaded or when the results of certain computations in the pre-boot operational state are communicated to a management system.