Method and system for programming a non-volatile device in a data processing system
First Claim
1. A computer program product comprising processor executable instructions for programming a non-volatile storage element in a data processing system, the instructions being stored on a computer readable medium, comprising:
- computer code means for encrypting a digital signature using a first encryption key;
computer code means for passing the encrypted signature to a kernel routine;
computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and
real-mode computer code means for flash programming the non-volatile storage element.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for insure that code being loaded (flashed) into a flash memory card or other non-volatile storage device of a data processing system is authorized code. The system may include code comprising a kernel portion that transitions the system from a protected-mode to a real-mode and a user portion that includes the code to be loaded onto the flash card. In one embodiment, an asymmetric authentication scheme ensures that the code flashed into the flash card is verified as authorized while complying with the open-source requirements of the operating system. In this embodiment, the public key may become a part of the kernel portion, which is available for all to inspect, while the private key is known only to the user portion. The user portion may generate a signature that is encrypted using the private key. The signature may be generated algorithmically based upon characteristics of or information associated with the corresponding data processing system. The encrypted signature may then be passed as a parameter to the kernel portion, which decrypts the signature according to the public key. If the decrypted signature correctly identifies the system, the kernel potion of the code completes the transition to real-mode and then invokes real-mode flashing code to flash the card. In this manner, only a small portion of code is required to be compiled into the kernel while enabling the code to prevent unauthorized access to the kernel.
78 Citations
24 Claims
-
1. A computer program product comprising processor executable instructions for programming a non-volatile storage element in a data processing system, the instructions being stored on a computer readable medium, comprising:
-
computer code means for encrypting a digital signature using a first encryption key;
computer code means for passing the encrypted signature to a kernel routine;
computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and
real-mode computer code means for flash programming the non-volatile storage element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data processing system including at least one processor, memory, and input means connected to a common bus, wherein the system memory contains at least a portion of a sequence of computer executable instructions for programming a non-volatile storage element of the data processing system, the instructions comprising:
-
computer code means for encrypting a digital signature using a first encryption key;
computer code means for passing the encrypted signature to a kernel routine;
computer code means, responsive to successfully decrypting the encrypted signature using a second encryption key, for transitioning the data processing system from a protected-mode to a real-mode; and
real-mode computer code means for flash programming the non-volatile storage element. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of programming a non-volatile storage element in a data processing system, comprising:
-
encrypting a digital signature using a first encryption key;
passing the encrypted signature to a kernel code routine;
responsive to successfully decrypting the encrypted signature using a second encryption key, transitioning the data processing system from a protected-mode to a real-mode with the kernel code routine; and
flash programming the non-volatile storage element in real mode. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification