Protected memory area

US 10,102,154 B2
Filed: 05/05/2016
Issued: 10/16/2018
Est. Priority Date: 07/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method of a computing device, comprising:

in response to the computing device powering on, creating a protected memory area inaccessible to an operating system, wherein the protected memory area includes information relating to instructions and an indication settable to a first value to indicate that the instructions are allowed to access a memory external of the protected memory area, and a second value to indicate that the instructions are not allowed to access the memory external of the protected memory area;

in response to creating the protected memory area, modifying the indication from the first value to the second value to restrict the instructions when executed from accessing the memory external of the protected memory area; and

in response to modifying the indication, launching code in the computing device, the launched code comprising the operating system or firmware.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some examples, in response to a computing device powering on, a protected memory area inaccessible to an operating system is created, where the protected memory area includes information relating to instructions and an indication settable to a first value to indicate that the instructions are allowed to access a memory external of the protected memory area, and a second value to indicate that the instructions are not allowed to access the memory external of the protected memory area. In response to creating the protected memory area, the indication is modified from the first value to the second value to restrict the instructions when executed from accessing the memory external of the protected memory area. In response to modifying the indication, code in the computing device is launched, the launched code comprising the operating system or firmware.

Citations

20 Claims

1. A method of a computing device, comprising:
- in response to the computing device powering on, creating a protected memory area inaccessible to an operating system, wherein the protected memory area includes information relating to instructions and an indication settable to a first value to indicate that the instructions are allowed to access a memory external of the protected memory area, and a second value to indicate that the instructions are not allowed to access the memory external of the protected memory area;
  
  in response to creating the protected memory area, modifying the indication from the first value to the second value to restrict the instructions when executed from accessing the memory external of the protected memory area; and
  
  in response to modifying the indication, launching code in the computing device, the launched code comprising the operating system or firmware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein modifying the indication comprises modifying a flag or a register.
  - 3. The method of claim 1, wherein by modifying the indication from the first value to the second value, the instructions when executed are restricted from calling the launched code.
  - 4. The method of claim 3, wherein restricting the instructions when executed from calling the launched code protects the protected memory area from malicious code in the computing device.
  - 5. The method of claim 1, wherein the information relating to the instructions includes:
    - the instructions in the protected memory area, oran address in the protected memory area, the address referring to a memory location storing the instructions.
  - 6. The method of claim 1, further comprising:
    - after launching of the code, detecting that code residing outside the protected memory area is attempting to execute the instructions; and
      
      generating a fault in response to the detecting.
  - 7. The method of claim 1, wherein prior to the launching of the operating system or the firmware, the indication is set to the first value to allow the instructions when executed to access the memory external of the protected memory area.
  - 8. The method of claim 1, wherein the protected memory area is part of a system management memory.
  - 9. The method of claim 1, where the protected memory area is created by a Basic Input/Output System (BIOS) code.

10. A computing device comprising:
- a memory; and
  
  a controller to;
  
  in response to the computing device powering on, create, in the memory, a protected memory area inaccessible to an operating system, wherein the protected memory area includes information relating to instructions and an indication settable to a first value to indicate that the instructions are allowed to access a memory external of the protected memory area, and a second value to indicate that the instructions are not allowed to access the memory external of the protected memory area;
  
  in response to creating the protected memory area, modify the indication from the first value to the second value to restrict the instructions when executed from accessing the memory external of the protected memory area; and
  
  in response to modifying the indication, launch code in the computing device, the code comprising the operating system or firmware.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computing device of claim 10, wherein the controller comprises a processor and a Basic Input/Output System (BIOS) code executable on the processor.
  - 12. The computing device of claim 10, wherein the controller is to create the protected memory area in response to the computing device powering on from a mechanical off state.
  - 13. The computing device of claim 10, wherein the protected memory area is a system management memory area.
  - 14. The computing device of claim 10, wherein the firmware comprises video firmware for a video device in the computing device.
  - 15. The computing device of claim 10, wherein by modifying the indication from the first value to the second value, the instructions when executed are restricted from calling the launched code.
  - 16. The computing device of claim 15, wherein restricting the instructions when executed from calling the launched code protects the protected memory area from malicious code in the computing device.
  - 17. The computing device of claim 10, wherein the information relating to the instructions includes:
    - the instructions in the protected memory area, oran address in the protected memory area, the address referring to a memory location storing the instructions.

18. A non-volatile computer readable medium comprising instructions that upon execution cause a computing device to:
- in response to the computing device powering on, create a system management memory area inaccessible to an operating system of the computing device, wherein the system management memory area includes information relating to instructions and an indication settable to a first value to indicate that the instructions are allowed to access a memory external of the system management memory area, and a second value to indicate that the instructions are not allowed to access the memory external of the system management memory area;
  
  in response to creating the system management memory area, modify the indication from the first value to the second value to restrict the instructions when executed from accessing the memory external of the system management memory area; and
  
  in response to modifying the indication, launch code in the computing device, the launched code comprising the operating system or firmware.
- View Dependent Claims (19, 20)
- - 19. The non-volatile computer readable medium of claim 18, wherein the system management memory area is a secure partition in the computing device.
  - 20. The non-volatile computer readable medium of claim 18, wherein by modifying the indication from the first value to the second value, the instructions when executed are restricted from calling the launched code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Piwonka, Mark A.
Primary Examiner(s)
Tsui, Daniel D

Application Number

US15/147,761
Publication Number

US 20160253270A1
Time in Patent Office

894 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 12/0238   Memory management in non-vo...

G06F 12/0246   in block erasable memory, e...

G06F 12/14   Protection against unauthor...

G06F 12/1425   the protection being physic...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 2212/1052   Security improvement

G06F 2212/7201   Logical to physical mapping...

G06F 2212/7207   management of metadata or c...

G06F 9/4401   Bootstrapping security arra...

Protected memory area

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protected memory area

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links