Securely loading UEFI images at runtime
First Claim
1. A method for securely loading Unified Extensible Firmware Interface (UEFI) images at runtime, the method comprising:
- installing platform firmware on a computing device, the platform firmware including a Secure Boot database, a verification module and a file list that defines mappings between file globally unique identifiers (GUIDs) and public keys, the mappings including a first mapping between a first file GUID and a first public key;
after the platform firmware has been installed on the computing device, creating a first UEFI image by assigning the first file GUID to the first UEFI image and including a first signature of the first UEFI image that is generated using a first private key that corresponds to the first public key;
storing the first UEFI image with the first signature on the computing device;
during a subsequent boot process, identifying, by the verification module, that the first UEFI image has been stored on the computing device;
employing, by the verification module, the first public key to verify the first signature; and
in response to the verification module verifying the first signature, adding the first signature to the Secure Boot database to thereby cause the first UEFI module to be verified during Secure Boot verification.
7 Assignments
0 Petitions
Accused Products
Abstract
UEFI images can be securely loaded at runtime so that it is unnecessary to flash the entire platform firmware whenever a UEFI image is added or updated. The platform firmware can include an OEM file list that maps file GUIDs to public keys. When it is desired to add a UEFI image, the OEM can employ one of the file GUIDs in the OEM file list and a private key corresponding to the mapped public key to create the UEFI image. During the PEI phase of the boot process, a verification module in the platform firmware can verify any added UEFI image using the OEM file list. Additionally, to ensure that the added UEFI images will pass the subsequent Secure Boot verification, a sync module can add custom Secure Boot keys for the added UEFI images to the Secure Boot databases during the DXE phase of the boot process.
18 Citations
20 Claims
-
1. A method for securely loading Unified Extensible Firmware Interface (UEFI) images at runtime, the method comprising:
-
installing platform firmware on a computing device, the platform firmware including a Secure Boot database, a verification module and a file list that defines mappings between file globally unique identifiers (GUIDs) and public keys, the mappings including a first mapping between a first file GUID and a first public key; after the platform firmware has been installed on the computing device, creating a first UEFI image by assigning the first file GUID to the first UEFI image and including a first signature of the first UEFI image that is generated using a first private key that corresponds to the first public key; storing the first UEFI image with the first signature on the computing device; during a subsequent boot process, identifying, by the verification module, that the first UEFI image has been stored on the computing device; employing, by the verification module, the first public key to verify the first signature; and in response to the verification module verifying the first signature, adding the first signature to the Secure Boot database to thereby cause the first UEFI module to be verified during Secure Boot verification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for securely loading Unified Extensible Firmware Interface (UEFI) images at runtime, the method comprising:
-
during a boot process, accessing, by a verification module that is part of platform firmware on a computing device, a file list that is also part of the platform firmware, the file list defining mappings between file globally unique identifiers (GUIDs) and public keys; accessing, by the verification module, one or more firmware volumes stored on the computing device to determine whether any UEFI images in the one or more firmware volumes have a file GUID matching a file GUID defined in the file list; upon determining that a first UEFI image stored in one of the one or more firmware volumes has a first file GUID that is defined in the file list, employing, by the verification module, a first public key to which the first file GUID is mapped to verify a first signature that is stored with the first UEFI image; and in response to the verification module verifying the first signature, adding, by a driver execution environment (DXE) module, the first signature to a Secure Boot database that is part of the platform firmware. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computing device comprising:
-
a central processing unit (CPU) that stores an original equipment manufacturer (OEM) public key; flash memory on which platform firmware is stored, the platform firmware being signed with an OEM private key corresponding to the OEM public key, the platform firmware including Secure Boot databases, a verification module and a file list that defines mappings between file globally unique identifiers (GUIDs) and public keys; and storage on which one or more firmware volumes are stored, the one or more firmware volumes including a first set of UEFI images each of which has a signature that is stored in the Secure Boot databases of the signed platform firmware and a second set of UEFI images each of which has a signature that is not stored in the Secure Boot databases of the signed platform firmware; wherein the verification module is configured to verify the UEFI images in the second set by determining, for each UEFI image in the second set, whether the UEFI image has a file GUID that is defined in the file list and if so whether the UEFI image was signed using a private key that corresponds to the public key to which the file GUID is mapped. - View Dependent Claims (18, 19, 20)
-
Specification