Restricting the use of a firmware tool to a specific platform

US 10,614,251 B1
Filed: 02/18/2019
Issued: 04/07/2020
Est. Priority Date: 07/27/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, at a computing system, a request to execute a firmware tool;

responsive to the request, reading at least a first firmware globally unique identifier (GUID) from a first Advanced Configuration and Power Interface (ACPI) table;

verifying a digital signature associated with the first firmware GUID;

responsive to verifying the digital signature, determining if the first firmware GUID is the same as a second firmware GUID from a second ACPI table;

responsive to determining that the first firmware GUID is the same as the second firmware GUID, determining if a second firmware tool GUID is the same as one or more first firmware tool GUIDs; and

enabling execution of the firmware tool responsive to determining that the second firmware tool GUID is the same as at least one of the one or more first firmware tool GUIDs, wherein the at least one of the one or more first firmware tool GUIDs is associated with the firmware tool.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firmware includes a firmware module for copying a digitally signed binary file that includes a firmware globally unique identifier (GUID), tool GUIDs, and feature GUIDs to an Advanced Configuration and Power Management interface (ACPI) table (the Firmware Enabled Tool Registry (FETR) table). If the FETR table is stored in memory, a firmware tool determines whether a digital signature of the signed binary file can be verified. If the digital signature can be verified, the firmware tool determines if the firmware GUID stored in the FETR table matches a firmware GUID stored in another ACPI table. If the firmware GUIDs match, the firmware tool determines whether its tool GUID matches a tool GUID stored in the FETR table. The firmware tool can continue to execute if the tool GUIDs match. Firmware tool features are enabled if feature GUIDs in the FETR table match feature GUIDs of the firmware tool.

17 Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving, at a computing system, a request to execute a firmware tool;
  
  responsive to the request, reading at least a first firmware globally unique identifier (GUID) from a first Advanced Configuration and Power Interface (ACPI) table;
  
  verifying a digital signature associated with the first firmware GUID;
  
  responsive to verifying the digital signature, determining if the first firmware GUID is the same as a second firmware GUID from a second ACPI table;
  
  responsive to determining that the first firmware GUID is the same as the second firmware GUID, determining if a second firmware tool GUID is the same as one or more first firmware tool GUIDs; and
  
  enabling execution of the firmware tool responsive to determining that the second firmware tool GUID is the same as at least one of the one or more first firmware tool GUIDs, wherein the at least one of the one or more first firmware tool GUIDs is associated with the firmware tool.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - responsive to the request, reading one or more first feature GUIDs from the first ACPI table; and
      
      responsive to determining that a second feature GUID is the same as at least one of the one or more first feature GUIDs, enable a feature of the firmware tool associated with the second feature GUID.
  - 3. The computer-implemented method of claim 1, further comprising:
    - responsive to the request, reading one or more first feature GUIDs from the first ACPI table; and
      
      responsive to determining that a second feature GUID is not the same as at least one of the one or more first feature GUIDs, disable a feature of the firmware tool associated with the second feature GUID.
  - 4. The computer-implemented method of claim 1, wherein the computing system is configured to block execution of the firmware tool responsive to determining that the digital signature is not verified.
  - 5. The computer-implemented method of claim 1, wherein the computing system is configured to block execution of the firmware tool responsive to determining that the first firmware GUID is not the same as the second firmware GUID.
  - 6. The computer-implemented method of claim 1, wherein the first ACPI table is stored in a memory of the computing system.
  - 7. The computer-implemented method of claim 6, wherein the second ACPI table is stored in the memory of the computing system.

8. A non-transitory computer-readable storage medium storing computer-executable instructions which, when executed by a computing system, cause the computing system to:
- receive, at the computing system, a request to execute a firmware tool;
  
  responsive to the request, read a first firmware globally unique identifier (GUID) from a first Advanced Configuration and Power Interface (ACPI) table;
  
  verify a digital signature associated with the first firmware GUID;
  
  determine if the first firmware GUID is the same as a second firmware GUID from a second ACPI table;
  
  responsive to determining that the first firmware GUID is the same as the second firmware GUID, determine if a second firmware tool GUID is the same as one or more first firmware tool GUIDs; and
  
  enable execution of the firmware tool responsive to determining that the second firmware tool GUID is the same as at least one of the one or more first firmware tool GUIDs, wherein the at least one of the one or more first firmware tool GUIDs is associated with the firmware tool.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable storage medium of claim 8, wherein each of the first ACPI table and the second ACPI table are stored in a memory of the computing system.
  - 10. The non-transitory computer-readable storage medium of claim 9, further storing computer-executable instructions to cause the computing system to:
    - responsive to the request, read one or more first feature GUIDs from the first ACPI table;
      
      determine whether a second feature GUID is the same as at least one of the one or more first feature GUIDs; and
      
      responsive to determining that the second feature GUID is the same as at least one of the one or more first feature GUIDs, enable a feature of the firmware tool associated with the second feature GUID.
  - 11. The non-transitory computer-readable storage medium of claim 8, further storing computer-executable instructions to prevent the computing system from executing the firmware tool responsive to determining that the first ACPI table is not stored in a memory of the computing system.
  - 12. The non-transitory computer-readable storage medium of claim 8, further storing computer-executable instructions to prevent the computing system from executing the firmware tool responsive to determining that the digital signature is not verified.
  - 13. The non-transitory computer-readable storage medium of claim 8, further storing computer-executable instructions to prevent the computing system from executing the firmware tool responsive to determining that the first firmware GUID is not the same as the second firmware GUID.
  - 14. The non-transitory computer-readable storage medium of claim 8, further storing computer-executable instructions to prevent the computing system from executing the firmware tool responsive to determining that the second firmware tool GUID is not the same as at least one of the one or more first firmware tool GUIDs.

15. A computing system, comprising:
- one or more processors; and
  
  at least one memory storing computer-executable instructions which, when executed by the one or more processors, cause the computing system to;
  
  receive a request to execute a firmware tool at the computing system;
  
  responsive to the request, read a first firmware globally unique identifier (GUID) from a first Advanced Configuration and Power Interface (ACPI) table that is stored in the at least one memory of the computing system;
  
  verify a digital signature associated with the first firmware GUID;
  
  responsive to verifying the digital signature, determine if the first firmware GUID is the same as a second firmware GUID from a second ACPI table;
  
  responsive to determining that the first firmware GUID is the same as the second firmware GUID, determine if a second firmware tool GUID is the same as one or more first firmware tool GUIDs; and
  
  enable execution of the firmware tool responsive to determining that the second firmware tool GUID is the same as at least one of the one or more first firmware tool GUIDs, wherein the at least one of the one or more first firmware tool GUIDs is associated with the firmware tool.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the at least one memory further stores computer-executable instructions which, when executed by the one or more processors, cause the computing system to:
    - responsive to the request, read one or more first feature GUIDs from the first ACPI table;
      
      determine whether a second feature GUID is the same as at least one of the one or more first feature GUIDs; and
      
      responsive to determining that the second feature GUID is the same as at least one of the one or more first feature GUIDs, enable a feature of the firmware tool associated with the second feature GUID.
  - 17. The system of claim 16, wherein the at least one memory further stores computer-executable instructions to prevent execution of the firmware tool responsive to determining that the first ACPI table is not stored in a memory of the computing system.
  - 18. The system of claim 15, wherein the at least one memory further stores computer-executable instructions to prevent execution of the firmware tool responsive to determining that the first firmware GUID is not the same as the second firmware GUID.
  - 19. The system of claim 15, wherein the at least one memory further stores computer-executable instructions to prevent execution of the firmware tool responsive to determining that the second firmware tool GUID is not the same as at least one of the one or more first firmware tool GUIDs.
  - 20. The system of claim 15, wherein the second ACPI table is stored in the at least one memory of the computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Megatrends International, LLC
Original Assignee
American Megatrends International, LLC
Inventors
Righi, Stefano, Rhea, Paul Anthony
Primary Examiner(s)
Lwin, Maung T

Application Number

US16/278,677
Time in Patent Office

414 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/629 to features or functions of...

H04L 9/3247 involving digital signatures

Restricting the use of a firmware tool to a specific platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting the use of a firmware tool to a specific platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links