| US 7,484,099 B2 | ||
| Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment | ||
| Steven A. Bade, Georgetown, Tex. (US); Ryan Charles Catherman, Raleigh, N.C. (US); James Patrick Hoff, Raleigh, N.C. (US); Nia Letise Kelley, Austin, Tex. (US); and Emily Jane Ratliff, Austin, Tex. (US) | ||
| Assigned to International Business Machines Corporation, Armonk, N.Y. (US) | ||
| Filed on Jul. 29, 2004, as Appl. No. 10/902,712. | ||
| Prior Publication US 2006/0026693 A1, Feb. 02, 2006 | ||
| Int. Cl. H04L 9/00 (2006.01) | ||
| U.S. Cl. 713—176 [713/2] | 11 Claims |
| 1. A method for asserting physical presence in a trusted computing environment included within a data processing system, the
data processing system coupled to a hardware management console, the method comprising:
providing a first trusted platform module in a first platform in the data processing system;
determining, by the first platform using the first trusted platform module whether the hardware management console is a trusted
entity, wherein the step of determining whether the hardware management console is a trusted entity further comprises:
during booting of the data processing system: retrieving from the hardware management console, by the first platform that
includes the first trusted platform module, the first digital signature; hashing, by the first trusted platform module, the
first digital signature to generate a second hashed signature value; and storing, in the first trusted platform module, the
second hashed signature value;
receiving, within the first trusted platform module, a request from the hardware management console for the first trusted
platform module to execute a command;
determining whether the command requires that physical presence be verified by the first trusted platform module prior to
the first trusted platform module executing the command;
responsive to determining during runtime of the data processing system that the command does require that physical presence
be verified:
retrieving from the hardware management console, by the first platform, said the digital signature;
hashing, by the first trusted platform module, the first digital signature to produce a second hashed signature value;
comparing, by the first platform, the second hashed signature value to the first hashed signature value;
responsive to determining that the second hashed signature value is the same as the first hashed signature value, determining,
by the first platform, that the hardware management console is a trusted entity; and
responsive to determining that the second hashed signature value is different from the first hashed signature value, determining,
by the first platform, that the hardware management console is not a trusted entity;
determining, by the first platform using the first trusted platform module, whether the hardware management console has knowledge
of a first secret key possessed by the first trusted platform module, wherein determining whether the hardware management
console has knowledge of the first secret key further comprises:
requesting, by the hardware management console during booting of the data processing system, a key from the first trusted
platform module;
receiving, by the hardware management console from the first trusted platform module during booting of the data processing
system, the key;
associating the key, within the hardware management console during booting of the data processing system, with the first trusted
platform module;
storing, in the hardware management console during booting of the data processing system, the key;
receiving, within the first trusted platform module, a request from the hardware management console for the first trusted
platform module to execute a command;
determining whether the command requires that physical presence be verified by the first trusted platform module prior to
the first trusted platform module executing the command;
responsive to determining that the command does require that physical presence be verified:
receiving from the hardware management console, by the first trusted platform module, the key that the hardware management
console has associated with the first trusted platform module;
comparing, by the first platform using the first trusted platform module, the key received from the hardware management console
with a key stored in the first trusted platform module;
responsive to determining, by the first platform using the first trusted platform module, that the key received from the hardware
management console is the same as the key stored in the first trusted platform module, determining that the hardware management
console has knowledge of the first secret key; and
responsive to determining, by the first platform using the first trusted platform module, that the key received from the hardware
management console is different from the key stored in the first trusted platform module, determining that the hardware management
console does not have knowledge of the first secret key;
responsive to determining that the hardware management console is a trusted entity and has knowledge of the first secret key,
determining that physical presence has been successfully asserted to the first trusted platform module, wherein physical presence
has been proven to the first trusted platform module;
storing, during a manufacturing of the hardware management console, a first digital signature in the hardware management console
that identifies the hardware management console;
hashing the first digital signature, by the first trusted platform module, during booting of the hardware management console,
to generate a first hashed signature value; and
storing, during the booting, the first hashed signature value in the first trusted platform module.
|