Techniques are presented herein that extend an ownership voucher (OV) to carry software artifact hashes. The presence of such hashes supports a number of functionalities, including enforcing the loading of a specific qualified image to given hardware along with rollback prevention; preventing the installation of other released images through a Universal Serial Bus (USB), an installation workflow, or a network; avoiding pre-staging errors as well as administrative errors on loading images; conveying the known good values of software artifacts for a given release to a customer for a specified release; and aiding operational simplicity and automation using Manufacturer Authorized Signing Authority (MASA) workflows to facilitate easy deployments without manual intervention.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Mohammed, Jabir; Haddad, Reda; Ali, Bazil Mohammed; and Raghavan, Srihari, "ENFORCING QUALIFIED IMAGE AND ANTI-ROLLBACK PROTECTION ON A DEVICE THROUGH OWNERSHIP VOUCHER", Technical Disclosure Commons, (July 12, 2022)