DETAILED ACTION
Response to Amendment
Applicant’s amendment, filed 09/22/21, for application number 15/721,365 has been received and entered into record.  Claims 1, 2, 5, 11, 17, and 18 have been amended.  Therefore, Claims 1-20 are presented for examination.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Paul T. Seegers (Reg. No. 66,621) on 10/12/21.
The application has been amended as follows: 
Listing of claims: 
1.	(Currently Amended) A method, comprising:
	booting a first operating system on a first processor of a computer system, wherein the booting includes loading a kernel and drivers of the first operating system;
	performing, using the first processor, a verification of boot code for a second processor of the computer system, by the first processor: 
accessing a file that includes a signature, a hash of the boot code, data corresponding to a unique identifier that is included in the first processor and that is unique to the computer system;
		determining whether the data the unique identifier that is included in the first processor 
		determining whether the boot code corresponds to the hash of the boot code; and
		verifying the signature;
	subsequent to the verification, releasing the second processor from a reset state;
	providing the boot code to the second processor; and
	the second processor executing the boot code to boot a second operating system, wherein the second operating system is distinct from the first operating system.

2.	(Previously Presented) The method of claim 1, wherein the data is a hash of the unique identifier and included with the boot code, and wherein the verification comprises:
	creating a hash of the unique identifier included in the first processor; and
	comparing the hash included with the boot code and the created hash.

3.	(Previously Presented) The method of claim 1, wherein the boot code is stored in a non-volatile memory implemented on the first processor, and wherein the boot code comprises code conforming to a unified extensible firmware interface (UEFI) specification.

4. 	(Previously Presented) The method of claim 1, further comprising:
	a system management circuit implemented in the first processor providing an indication that the boot code has been verified; and
	a platform controller hub circuit of the computer system, responsive to receiving the indication, retrieving the boot code and providing the boot code to the second processor.



6.	(Previously Presented) The method of claim 5, wherein the file is associated with a corresponding one of a plurality of operating systems each having a corresponding file, and wherein the method further comprises the second processor executing instructions to load an operating system corresponding to the file.

7.	(Previously Presented) The method of claim 1, further comprising:
	the first processor performing the verification of the boot code prior to the loading of the kernel and the drivers of the first operating system; and
	the second processor beginning execution of the boot code prior to completion of the booting of the first operating system on the first processor.

8.	(Previously Presented) The method of claim 1, further comprising:
	performing one or more verifications, including the verification of the boot code;
	responsive to failing one of the one or more verifications, loading a recovery operating system;
	obtaining a signed file via a network connection while operating in the recovery operating system;
	performing a re-verification using the signed file; and
	continuing a boot procedure for the computer system responsive to completing the re-verification.

9.	(Previously Presented) The method of claim 1, further comprising: 
	the first processor enforcing a security policy controlling access, by the second processor, to one or more variables associated with the boot code and stored in a non-volatile memory accessible to the first processor.



11.	(Currently Amended) A computer system, comprising:
	a main processor; 
	an auxiliary processor including a first identifier that is unique to the computer system; and
	non-volatile memory storing boot code and a , , and a signature;
	wherein, during a boot process, the auxiliary processor is configured to:
		boot a first operating system on the auxiliary processor including loading a kernel and drivers on the auxiliary processor, wherein the boot code is executable to boot a second operating system distinct from the first operating system;
		perform a verification of the boot code that includes verifying: 
			the boot code against the hash of the boot code;
			the first identifier against the second identifier; and
			the signature; 
		responsive to the verification, cause the main processor to be released from a reset state and the boot code to be provided to the main processor; and
	wherein the main processor is configured to execute the boot code to continue the boot process.

12.	(Previously Presented) The computer system of claim 11, wherein the auxiliary processor includes the non-volatile memory having the boot code for the main processor, and wherein the second identifier is a hash of the first identifier or is the first identifier.

13.	(Previously Presented) The computer system of claim 11, wherein the auxiliary processor includes a system management circuit, and wherein the computer system further comprises a platform controller hub coupled to each of the auxiliary processor and the main processor, wherein the system management circuit is configured to provide an indication that the boot code has been verified, and wherein the platform controller hub is configured to, responsive to receiving the indication, provide the boot code to the main processor.

14.	(Previously Presented) The computer system of claim 11, wherein the non-volatile memory is configured to store one or more files each including a hash used to verify the boot code, wherein each of the files includes a payload section comprising one or more objects and binary information, and a manifest section that includes information used by the auxiliary processor to verify the payload section.

15.	(Previously Presented) The computer system of claim 11, wherein the auxiliary processor is configured to enforce a security policy controlling access to one or more variables associated with the boot code and stored in the non-volatile memory, wherein controlling access to the one or more variables includes controlling authorization to change the one or more variables.

16.	(Previously Presented) The computer system of claim 11, wherein the main processor is configured to, during the boot process, execute code to perform one or more verifications subsequent to the auxiliary processor verifying the boot code, and, wherein responsive to failure of a particular verification in the computer system, obtain a signed file via a network connection to enable completion of the particular verification.



	storing, in a computer system, a file that includes a hash of boot code, data corresponding to a system identifier that is unique to the computer system, and a signature;
	beginning performance of a boot procedure in [[a]] the computer system responsive to an auxiliary processor receiving power, wherein the boot procedure includes the auxiliary processor booting a first operating system including loading a kernel and drivers of the first operating system;
	verifying, by the auxiliary processor, the boot code for a main processor of the computer system, wherein verifying the boot code comprises: 
		comparing a system identifier against the data corresponding to the system identifier;
		comparing the boot code against the hash of the boot code 
	subsequent to verifying the boot code, releasing the main processor from a reset state;
	providing an indication, from the auxiliary processor to a platform controller hub, that the boot code has been verified; 
	the platform controller hub transferring the boot code to the main processor; and
	the main processor executing the boot code to boot a second operating system, wherein the second operating system is distinct from the first operating system.

18.	(Previously Presented) The method of claim 17, wherein the boot code is stored in a non-volatile memory implemented on the auxiliary processor, and wherein the data is a hash of the system identifier or the system identifier. 

19.	(Previously Presented) The method of claim 17, further comprising:
	the auxiliary processor enforcing a security policy that controls access to one or more boot variables stored in a non-volatile memory accessible to the auxiliary processor, wherein 

20.	(Previously Presented) The method of claim 17, further comprising:
	loading a selected one of one or more operating systems in accordance with a selected one of one or more files stored in a non-volatile memory accessible to the auxiliary processor.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Liguori, US PGPub 2018/0165455, discloses a method comprising: booting a first operating system on a first processor of a computer system, verifying a boot code of a second processor; subsequent to the verification, releasing the second processor form a reset state; providing the verified boot code to the second processor; and the second processor executing the boot code to boot a second operating system, wherein the second operating system is distinct from the first operating system.
Bhatt, US Pat. No. 8,667,580, discloses performing a comparison using data corresponding to a unique identifier included with the boot code and a unique identifier that is included in the first processor and is unique to the computer system.
Nadarajah, US PGPub 2018/0144136, discloses booting the first processor, including loading a kernel and drivers of the first operating system.
However, none of the references, individually nor in combination, explicitly teach accessing a file that includes a signature, a hash of the boot code, data corresponding to a unique identifier that is included in the first processor and that is unique to the computer system; determining whether the boot code corresponds to the hash of the boot code; and verifying the signature, in combination with the remaining limitations as required by Claim 1.  
Claims 11 and 17 repeat the same limitations as recited in Claim 1, and are allowed accordingly.
Claims 2-10, 12-16, and 18-20 depend on Claims 1, 11, and 17, respectively, and are allowed accordingly. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL J YEN whose telephone number is (571)270-5047. The examiner can normally be reached M-F 8-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kim Huynh can be reached on (571) 272-4147. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Paul Yen/Primary Examiner, Art Unit 2186