Microsoft Corporation
ATTESTING UPDATE OF A FIRMWARE LAYER

Abstract:

In various examples there is a method of enabling an attestable update of a firmware layer that provides a unique identity of a computing device. The method comprises using an immutable firmware layer to access a unique device secret. The immutable layer is used to derive a hardware device identity (HDI) from the unique device secret. The immutable layer is used to derive a compound device identity (CDI) from a measurement of the firmware layer and the unique device secret. The CDI and HDI are made available to the firmware layer. The firmware layer is used to issue a local certificate to endorse a device identity key, derived from the CDI, the local certificate signed by a key derived from the HDI.