Managing data encryption during system upgrades

Abstract

A system can be provided for managing data encryption during system updates. For example, the system can detect an upgrade to a component of a computing device that includes encrypted data. In response to detecting the upgrade and prior to a boot process the system can deactivate a link between a set of platform configuration register (PCR) values and a decryption key usable to decrypt the encrypted data. The system can further authorize access to the decryption key during the boot process by provisioning an alternative link between a network server and the decryption key. Additionally, subsequent to the boot process, the system can update the set of PCR values and link the updated set of PCR values and the decryption key.

CPC Classifications