Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
    EXAMINER'S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given in a telephone interview with Larry Merkel (Reg. No. 41,191) on April 1, 2021.
1. The application has been amended as follows:
In the claims:	
Please replace the pending claims with the following amended claims:

1.  (Currently Amended) A computer system comprising:

a processor; 

a memory coupled to the processor;

a non-volatile memory coupled to the processor, wherein the non-volatile memory stores:
a kernel image, wherein the kernel image includes a plurality of instructions forming one or more code segments that, when executed on the processor, implement an operating system kernel on the computer system; and
a trust cache separate from the kernel image, wherein the trust cache includes a in a first mode and is configured to determine whether or not to execute the first trusted code segment as trusted code on the computer system in the first mode based on a comparison of the first hash and the plurality of hashes in the trust cache; and

a read-only memory (ROM) storing a boot code, wherein the boot code, when executed by the processor, causes the processor to:
load the kernel image into the memory; and
load the trust cache into the memory.

2.  (Original) The computer system as recited in claim 1 wherein the boot code, when executed on the processor, causes the processor to:

define a region of memory that encompasses the trust cache and the kernel image; and

program a processor register that restricts access to the region.

3.  (Previously Presented) The computer system as recited in claim 1 wherein the non-volatile memory further stores one or more secondary trust caches separate from the kernel image, wherein the secondary trust caches include a second plurality of hashes corresponding to a second plurality of trusted code segments that are executable on the processor and are trusted by the operating system kernel.

4.  (Currently Amended) The computer system as recited in claim 3 wherein the boot code, when executed on the processor, causes the processor to:

determine whether or not the computer system is booting in a second mode different from the first mode;

load at least one of the one or more secondary trust caches into the memory in response to determining that the computer system is booting in the [[first]] second mode; and

inhibit loading the at least one of the one or more secondary trust caches in response to determining that the computer system is [[not]] booting in the first mode.

5.  (Currently Amended) The computer system as recited in claim 4 wherein the [[first]] second mode is a debug mode.

6.  (Currently Amended) The computer system as recited in claim 4 wherein the [[first]] second mode is a diagnostic mode.

7.  (Original) The computer system as recited in claim 4 wherein the at least one of the one or more secondary trust caches are loaded into the memory adjacent to the trust cache.

8.  (Original) The computer system as recited in claim 1 wherein the plurality of trusted code segments are executed at user privilege level.

9.  (Currently Amended) A non-transitory computer accessible storage medium storing:

a kernel image, wherein the kernel image includes a plurality of instructions forming one or more code segments that, when executed on a computer, implement an operating system kernel on the computer; and

a trust cache separate from the kernel image, wherein the trust cache includes a plurality of hashes corresponding to a plurality of trusted code segments that are executable on the computer and are trusted by the operating system kernel, wherein the operating system kernel is configured to compute a first hash of a first trusted in a first mode and is configured to determine whether or not to execute the first trusted code segment as trusted code on the computer in the first mode based on a comparison of the first hash and the plurality of hashes in the trust cache.

10.  (Original) The non-transitory computer accessible storage medium as recited in claim 9 further storing the plurality of trusted code segments.

11.  (Original) The non-transitory computer accessible storage medium as recited in claim 10 further storing a boot code that, when executed on the computer, causes the computer to:

load the kernel image into a memory in the computer; and

load the trust cache into the memory.

12.  (Original) The non-transitory computer accessible storage medium as recited in claim 11 wherein the boot code, when executed on the computer, causes the computer to:

define a region of memory that encompasses the trust cache and the kernel image; and

program a processor register that restricts access to the region.

13.  (Previously Presented) The non-transitory computer accessible storage medium as recited in claim 9 wherein the operating system kernel, when executed on the computer, causes the computer to:

execute the first trusted code segment responsive to a match between the first hash and one of the plurality of hashes in the trust cache.

14.  (Previously Presented) The non-transitory computer accessible storage medium as recited in claim 9 wherein the operating system kernel, when executed on the computer, causes the 

prevent execution of the first trusted code segment responsive to a mismatch between the first hash and one of the plurality of hashes in the trust cache.

15.  (Previously Presented) The non-transitory computer accessible storage medium as recited in claim 9 wherein the operating system kernel, when executed on the computer, causes the computer to:

execute the first trusted code segment in an untrusted fashion responsive to a mismatch between the first hash and one of the plurality of hashes in the trust cache.

16.  (Previously Presented) The non-transitory computer accessible storage medium as recited in claim 9 wherein the operating system kernel, when executed on the computer, causes the computer to:

use an alternate mechanism to validate the first trusted code segment responsive to a mismatch between the first hash and one of the plurality of hashes in the trust cache.

17.  (Previously Presented) The non-transitory computer accessible storage medium as recited in claim 9 further storing one or more secondary trust caches, wherein the one or more secondary trust caches are separate from the kernel image, and wherein the one or more secondary trust caches include a second plurality of hashes corresponding to a second plurality of trusted code segments that are executable on the computer and are trusted by the operating system kernel, wherein the one or more secondary trust caches are selectively loaded into a memory during boot of the computer.

18.  (Currently Amended) A non-transitory computer accessible storage medium storing a plurality of instructions which, when executed on a computer, causes the computer to:



load a trust cache into the memory from the non-volatile memory, wherein the trust cache is separate from the kernel image on the non-volatile memory, and wherein the trust cache includes a plurality of hashes corresponding to a plurality of trusted code segments that are executable on the computer and are trusted by the operating system kernel, wherein the operating system kernel is configured to compute a first hash of a first trusted code segment of the plurality of trusted code segments in a first mode and is configured to determine whether or not to execute the first trusted code segment as trusted code on the computer in the first mode based on a comparison of the first hash and the plurality of hashes in the trust cache.

19.  (Original) The non-transitory computer accessible storage medium as recited in claim 18 wherein the plurality of instructions, when executed on the computer, causes the computer to:

define a region of memory that encompasses the trust cache and the kernel image; and

program a processor register that restricts access to the region.

20.  (Currently Amended) The non-transitory computer accessible storage medium as recited in claim 18 further storing one or more secondary trust caches separate from the kernel image, wherein the secondary trust caches include a second plurality of hashes corresponding to a second plurality of trusted code segments that are executable on the computer and are trusted by the operating system kernel, and the plurality of instructions, when executed, causes the computer to:

determine whether or not the computer is booting in a second mode different from the 

load at least one of the one or more secondary trust caches into the memory in response to determining that the computer is booting in the [[first]] second mode; and

inhibit loading the at least one of the one or more secondary trust caches in response to determining that the computer is [[not]] booting in the first mode.


Allowable Subject matter
2.	Claims 1-20 are allowed.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED H REHMAN whose telephone number is (571)272-1412.  The examiner can normally be reached on 8.00 - 5.00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached on 571-270-1640.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 


/MOHAMMED H REHMAN/Primary Examiner, Art Unit 2187