Processor-based computing platforms are employed in a wide variety of applications, from personal computers (PCs), smartphones, and other information-oriented devices, to industrial controls, vehicles, appliances, consumer electronic articles, and wearable devices, just to name a few. In virtually every application, reliable operation and information security are paramount.
Processors generally execute foundational code, such as firmware that coordinates basic operations of the processor, launches programs, and the like. Examples of foundational code include microcode, basic input/output system (BIOS) code, Unified Extensible Firmware Interface (UEFI) code, and the like. In systems where the foundational code may be replaced or updated, changes to the foundational code have been recognized as presenting a potential attack vector for compromising the computer system.
To provide assurance of the authenticity of foundational code, as well as other system or application programs, a system for code authentication is used. Typically, a piece of code (e.g., microcode update, new BIOS version, etc.) is digitally signed using an private key belonging to the trusted creator or distributor of the code. A public-key-based verification algorithm is executed by the processor on system startup, or whenever each applicable piece of code is called to be executed. One drawback of this approach is that the use of asymmetric keys for code authentication is a computationally intensive operation, which tends to introduce some nontrivial delay during startup or execution of code to be authenticated. Another drawback is the risk that asymmetric key-based cryptographic techniques may someday be defeated using emerging technology such as quantum computing. Accordingly, there is a need for a practical solution that addresses one or more of these challenges.