×

Event-based apparatus and method for securing bios in a trusted computing system during execution

  • US 10,095,868 B2
  • Filed: 12/15/2016
  • Issued: 10/09/2018
  • Est. Priority Date: 11/13/2013
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus for protecting a basic input/output system (BIOS) in a computing system, the apparatus comprising:

  • a BIOS read only memory (ROM), comprising;

    BIOS contents, wherein said BIOS contents are stored as plaintext; and

    an encrypted message digest, wherein said encrypted message digest comprises an encrypted version of a first message digest that corresponds to said BIOS contents, and wherein said encrypted version is generated via a symmetric key algorithm and a key;

    an event detector, configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, wherein said event comprises one or more occurrences of an APIC access; and

    a tamper detector, operatively coupled to said BIOS ROM and said event detector, configured to access said BIOS contents and said encrypted message digest upon assertion of said BIOS check interrupt, and configured to direct a microprocessor to generate a second message digest corresponding to said BIOS contents and a decrypted message digest corresponding to said encrypted message digest using said symmetric key algorithm and said key, and configured to compare said second message digest with said decrypted message digest, and configured to preclude said operation of said microprocessor if said second message digest and said decrypted message digest are not equal;

    wherein said microprocessor comprises a dedicated crypto/hash unit disposed within execution logic, and wherein said crypto/hash unit generates said second message digest and said decrypted message digest, and wherein said key, programmed on a same die as the microprocessor during fabrication and cannot be accessed via program instruction, is exclusively accessed by said crypto/hash unit; and

    wherein said microprocessor further comprises a random number generator disposed within said execution logic, and wherein said random number generator generates a random number at completion of a current BIOS check, which is employed by said event detector to randomly set a number of occurrences of said event that are to occur before a following BIOS check.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×