1. Field of the Invention
This invention relates to security in a computing environment and more particularly relates to authentication of a core root of trust measurement chain.
2. Description of the Related Art
Communication of information is often accomplished over computer networks using common computing devices such as servers, workstations, laptops, PDAs, and the like. Since much of the information communicated over such networks is sensitive or private, information security is a primary concern of Information Technology (IT) professionals and users. Information security threats may include data corruption and theft. The security of a computing device or network may be compromised if any component of the device or network is infected with a computer virus or other versions of malware.
A computer virus is typically a small executable application that is transmitted through a network by computer hacking or social engineering. For example, a hacker may intentionally infiltrate a particular device by scanning open networking ports on the device for vulnerabilities. If vulnerability is found, the hacker may upload a virus executable to the device which maintains a covert communication link with the hacker. Typical viruses include Trojans, Worms, and the like. Alternatively, through fraud, deceit, enticement, or other means, a user of the device or network may inadvertently infect the device by clicking on an attachment to an email message. This is typically referred to as social engineering.
A typical virus runs like an application within a particular operating system. For example, a Trojan may execute and run like a Windows® application or executable on a Windows® operating system. However, such viruses are generally not a significant threat, because common virus scan software can generally detect and remove such viruses. Other viruses or malware may run more covertly. For example, some viruses may embed code within other executable programs such as web browsers. When the application is run by the user, the virus may execute as a hidden function of the application. Common virus scan software may also detect this type of virus. Typically, if a virus is running in the application layer on top of an operating system, it is generally more easily detected and repaired.
However, some viruses may embed below the operating system level within the boot operations of the device. Typical computing devices include several layers of boot operations prior to loading and executing the operating system and applications. For example, common Intel® and AMD® bases systems load execute a virtualization code prior to loading the operating system. A virtualization code is typically referred to as a hypervisor or a Virtual Machine Monitor (VMM). The hypervisor may present virtual hardware configurations to multiple operating systems simultaneously. In such systems, multiple operating systems may be running on a single hardware platform simultaneously. If a virus infects the hypervisor and runs beneath any of the operating systems, the virus may be extremely difficult to detect and repair.
In order to secure these lower level boot processes, the code for the boot processes are often encrypted. Some common systems include a Trusted Platform Module (TPM) for decrypting such files in response to a determination that the files are from a trusted source. For example, the TPM may decrypt the hypervisor code in response to a determination that the hypervisor code as a valid digital signature from the manufacturer. However, such systems may not guarantee that the underlying code has not been modified, corrupted, or infected with a virus.
The verification process typically starts with verification of a boot block which is commonly stored in Read Only Memory (ROM). The boot block is generally immutable. The boot block is verified by the TPM, decrypted, and then executed by the CPU. Verification of the boot block by the TPM is commonly referred to as Root of Trust Measurement (RTM) and the boot block is commonly referred to as the Core Root of Trust (CRT), verification of the entire chain is referred to as Core Root of Trust Measurement (CRTM). The boot block program may then select the next process in a chain of process to be executed during system boot operations. Each process is verified by the TPM, and a value corresponding to the verification is stored in a Platform Configuration Register (PCR). The verification and storage of the value in the PCR is typically referred to as measurement. Thus, a CRTM chain is developed, where each link has been independently verified, measured, and determined to be trustworthy. Nonetheless, such methods do not always completely ensure that one of the processes has not been modified, corrupted, or infected.