Techniques are presented herein that extend an ownership voucher (OV) to carry software artifact hashes. The presence of such hashes supports a number of functionalities, including enforcing the loading of a specific qualified image to given hardware along with rollback prevention; preventing the installation of other released images through a Universal Serial Bus (USB), an installation workflow, or a network; avoiding pre-staging errors as well as administrative errors on loading images; conveying the known good values of software artifacts for a given release to a customer for a specified release; and aiding operational simplicity and automation using Manufacturer Authorized Signing Authority (MASA) workflows to facilitate easy deployments without manual intervention.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.