Firmware security key upgrade algorithm
First Claim
Patent Images
1. A method comprising:
- identifying a firmware upgrade request by a firmware program;
retrieving a file signed with a private key;
validating the file with a public key;
upgrading a portion of the firmware program by the firmware program; and
locking a device storing the firmware program such that a second portion of the firmware program is not readable.
1 Assignment
0 Petitions
Accused Products
Abstract
A portion of a firmware program may be automatically upgraded during power on of a processor-based system. A firmware upgrade file signed by a private key is authenticated using a public key accessible to the firmware program. The authentication and upgrade is performed automatically. Interrupted upgrades are anticipated and resolved by the firmware program. The public key is duplicated and is itself upgradable, in case the private key changes. The firmware program may be locked to prevent both viewing and unauthorized upgrades of the public keys or other parts of the firmware program.
90 Citations
30 Claims
-
1. A method comprising:
-
identifying a firmware upgrade request by a firmware program;
retrieving a file signed with a private key;
validating the file with a public key;
upgrading a portion of the firmware program by the firmware program; and
locking a device storing the firmware program such that a second portion of the firmware program is not readable. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
identifying an upgrade request for a firmware program of a system;
upgrading a first public key of the firmware program;
receiving an interruption of power to the system; and
using a second public key to subsequently upgrade the firmware program. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A system comprising:
-
a file signed by a private key;
a device for storing a program, wherein the device may lock access to the program; and
a firmware program stored in the device, which, upon execution;
determines that an upgrade flag is set;
retrieves the file;
validates the file using a public key;
upgrades a portion of the firmware program; and
locks the device such that the a portion of the firmware program is not readable. - View Dependent Claims (14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25)
-
-
19. The system of claim 13, wherein the portion of the firmware program further comprises:
-
a hardware initialization portion;
an operating system loader portion; and
a device lock-out portion.
-
-
19-1. A system comprising:
-
a file signed by a private key; and
a firmware program comprising a permanent portion and an upgradable portion, wherein the upgradable portion includes a first public key and a second public key, the firmware program further;
identifies a request to upgrade the firmware program;
experiences an interruption in execution during an upgrade of the first public key; and
upgrades the firmware program using the second public key once the interruption in execution is complete.
-
-
26. An article comprising a medium storing instructions for enabling a processor-based system to:
-
identify a firmware upgrade request by a firmware program;
retrieve a file signed with a private key;
validate the file with a public key;
upgrade a portion of the firmware program by the firmware program; and
lock a device storing the firmware program such that the public key is not readable. - View Dependent Claims (27, 28)
-
-
29. An article comprising a medium storing instructions for enabling a processor-based system to:
-
identify an upgrade request for a firmware program of a system;
upgrade a first public key of the firmware program;
receive an interruption of power to the system;
use a second public key to subsequently upgrade the firmware program. - View Dependent Claims (30)
-
Specification