Method and apparatus for protecting ongoing system integrity of a software product using digital signatures

Abstract

A method, apparatus and computer program product are provided for protecting ongoing system integrity of a software product using digital signatures. A core product load manifest for protecting ongoing system integrity of a software product having a plurality of pieces includes a manifest header including header attributes of the software product. A list of a plurality of manifest items is stored with the manifest header. Each manifest item identifies a corresponding piece of the software product. Each manifest item includes at least one attribute. A manifest digital signature is stored with the manifest header. The manifest header, the header attributes, each of the plurality of items, and each item attribute are included in the manifest digital signature. A digital signature is computed for each signable piece of the software product and is stored with the piece of the software product. The digital signature of each signed software product piece is excluded from the core product load manifest. An amended manifest is created for identifying added and deleted pieces of the software product and is chained to the core product load manifest. Each signable, added item in the amended manifest has a digital signature that is excluded from the amended manifest.