Thresholds on scripts executable by unified extensible firmware interface systems

US 10,587,422 B2
Filed: 01/28/2016
Issued: 03/10/2020
Est. Priority Date: 01/28/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an authentication engine comprising circuitry to determine a source of a script and an integrity level of the script;

a primitives engine comprising circuitry to enable a plurality of primitives to use with the script, the plurality of primitives to define functionalities available via a unified extensible firmware interface (UEFI) system; and

an environment engine comprising circuitry to;

enable execution of the script during initialization of a target device in response to a determination that the script is authenticated based on the source and the integrity level; and

establish execution parameters of the script by the UEFI system based on thresholds defined by a plurality of control programs.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, an apparatus compatible with a unified extensible firmware interface (UEFI) system includes a processor resource and a computer-readable storage device with a set of instructions stored thereon. In that example, the instructions are executable to cause the UEFI system to verify an integrity status of a script file and an authenticity status of the script file, analyze contents of the script file in response to a determination that the script is authentic, establish a threshold on execution of the script file based on the analysis of the contents, and execute a control program concurrent with execution of the script to implement the threshold.

Citations

15 Claims

1. A system comprising:
- an authentication engine comprising circuitry to determine a source of a script and an integrity level of the script;
  
  a primitives engine comprising circuitry to enable a plurality of primitives to use with the script, the plurality of primitives to define functionalities available via a unified extensible firmware interface (UEFI) system; and
  
  an environment engine comprising circuitry to;
  
  enable execution of the script during initialization of a target device in response to a determination that the script is authenticated based on the source and the integrity level; and
  
  establish execution parameters of the script by the UEFI system based on thresholds defined by a plurality of control programs.
- View Dependent Claims (2, 3, 4, 5, 15)
- - 2. The system of claim 1, wherein:
    - the authentication engine is to download the script from a server repository; and
      
      the environment engine is to restrict execution of the script to the functionalities of the plurality of primitives.
  - 3. The system of claim 2, wherein the authentication engine is to:
    - provide a first interface to designate a uniform resource identifier of the server repository; and
      
      provide a second interface to designate a non-volatile memory resource to store the script.
  - 4. The system of claim 1, wherein the environment engine further comprises:
    - an interpreter engine comprising circuitry to analyze script content; and
      
      an execution engine comprising circuitry to execute the script in a runtime environment with the plurality of control programs executing to check operation of the script during runtime to be within resource usage parameters represented by the thresholds.
  - 5. The system of claim 4, wherein:
    - the interpreter engine is to identify a function call that is not a functionality of the plurality of primitives; and
      
      the execution engine is to forbid execution of the script in response to a determination that the script contains the function call.
  - 15. The apparatus of claim 1, wherein the set of instructions is executable by the processor resource to cause the UEFI system to:
    - enable the language interpreter to access a UEFI application programming interface; and
      
      execute the language interpreter to identify whether a set of actions of the script file match a device profile of the apparatus.

6. A non-transitory computer-readable storage medium comprising a set of instructions executable by a processor resource to:
- authenticate a script source against a digital certificate;
  
  interpret a script to run on a set of primitives, the set of primitives to represent functionalities available via a unified extensible firmware interface (UEFI) system;
  
  execute the script via the UEFI system according to a plurality of thresholds associated with the set of primitives in response to a determination that the script achieves an integrity level; and
  
  check, via the UEFI system, events produced by execution of the script to identify that the script is executing within limits defined by the plurality of thresholds.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The medium of claim 6, wherein the set of instructions is executable by the processor resource to:
    - determine a uniform resource locator (URL) from a statically-defined identifier or a user-provided identifier; and
      
      download the script from a server repository via the URL.
  - 8. The medium of claim 7, wherein the set of instructions is executable by the processor resource to:
    - select the script to download from the server repository based on a target device profile, the target device profile containing a configuration identifier of a target device;
      
      check the script source by using a public encryption key against the digital certificate; and
      
      cancel a download operation of the script in response to a determination that the script source is not authenticated.
  - 9. The medium of claim 6, wherein the set of instructions is executable by the processor resource to:
    - terminate, via the UEFI system, execution of the script in response to a determination that an event occurred that indicates a functionality is requested to perform beyond the thresholds.
  - 10. The medium of claim 6, wherein the set of instructions is executable by the processor resource to:
    - identify a function call of the script to be performed in response to a particular UEFI event; and
      
      execute the function call in response to the particular UEFI event.

11. An apparatus compatible with a unified extensible firmware interface (UEFI) system comprising:
- a processor resource;
  
  a non-transitory computer readable storage device comprising a set of instructions executable by the processor resource to cause the UEFI system to;
  
  verify an integrity status of a script file and authenticity status of the script file using a public encryption key, the script file representing a script executable on the UEFI system;
  
  analyze, via a language interpreter, contents of the script file in response to a determination that the script file is authentic;
  
  establish a threshold on execution of the script file based on the analysis of the contents; and
  
  execute a control program concurrent with execution of the script, the control program to implement the threshold.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, wherein the set of instructions is executable by the processor resource to cause the UEFI system to:
    - check whether a uniform resource locator (URL) to a remotely located repository exists on the apparatus; and
      
      retrieve a script file from the repository at the URL using a transfer protocol.
  - 13. The apparatus of claim 11, wherein the set of instructions is executable by the processor resource to cause the UEFI system to:
    - determine whether a file hash of the script is authentic; and
      
      prevent the apparatus from executing the script in response to a determination that the file hash is not authentic.
  - 14. The apparatus of claim 11, wherein the set of instructions is executable by the processor resource to cause the UEFI system to:
    - deny execution of an operation of the script file in response to a determination that the operation is to perform outside a parameter of execution; and
      
      deny execution of the operation of the script file in response to a comparison of the operation to a list of primitives allowable by the UEFI system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Dias Correa, Rodrigo, Cagnini Ciocari, Juliano Francisco, Cardoso Novaes, Reynaldo, Santos, Anellena, Mayer, Karyne
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US15/763,020
Publication Number

US 20190089545A1
Time in Patent Office

1,503 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/034   Test or assess a computer o...

G06F 9/4401   Bootstrapping security arra...

G06F 9/45512   Command shells

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3268   using certificate validatio...

Thresholds on scripts executable by unified extensible firmware interface systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Thresholds on scripts executable by unified extensible firmware interface systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links