Abstract
Resetting a computing device can transition it to an insecure boot mode, thereby exposing the device to potential security breaches. This disclosure describes techniques that leverage a secure device ecosystem to achieve secure device reset or boot. Per the techniques, a device reset or boot can proceed only with an attestation by the true device owner, made secure by a cross-verification from another device within the device ecosystem. Specifically, when one device from the ecosystem receives a reset request, the device owner is required to approve the reset via another device from the ecosystem. Shared capabilities and login credentials across devices of the ecosystem are leveraged to effectively replicate, via two-factor authentication, the consent of the device owner, ensuring that the reset originates from the true owner. Security is further enhanced and made convenient by having the reset approval generated by a device with an onboard security chip.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Banik, Subrata and Pronin, Andrey, "Secure Attestation During Device Reset", Technical Disclosure Commons, (January 07, 2025)
https://www.tdcommons.org/dpubs_series/7704