System and method for updating firmware in a secure manner
First Claim
1. A method for securely updating firmware in an electronic device, comprising:
- dividing a firmware image to create a plurality of virtual image modules, the plurality of virtual image modules stored in at least one location outside a ROM image located in the electronic device;
providing an update validation procedure for validating an updated virtual image module during pre-boot, the update validation procedure identified by a unique identifier and including a decryption process;
including a reference for each of the plurality of virtual image modules in a build of firmware placed in the ROM image, each reference including a version identifier, a message digest and a unique identifier for an associated virtual image module, the build of firmware in the ROM image also including a reference to the update validation procedure;
providing an updated virtual image module that includes a version identifier; and
using the update validation procedure identified by the reference in the ROM image to validate the updated virtual image module during pre-boot.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism that allows firmware to be updated in a secure manner is discussed. Two attributes are used in the actual ROM to refer to a Virtual ROM module. The two attributes are a version attribute and a reference to a separate module that is capable of validating updates. The update process updates the message digest associated with the first Virtual ROM module and the version attribute associated with the first Virtual ROM module. The update process also produces a new copy of the corresponding file (that may be located on the local disk) that when hashed will “match” the new message digest.
110 Citations
28 Claims
-
1. A method for securely updating firmware in an electronic device, comprising:
-
dividing a firmware image to create a plurality of virtual image modules, the plurality of virtual image modules stored in at least one location outside a ROM image located in the electronic device;
providing an update validation procedure for validating an updated virtual image module during pre-boot, the update validation procedure identified by a unique identifier and including a decryption process;
including a reference for each of the plurality of virtual image modules in a build of firmware placed in the ROM image, each reference including a version identifier, a message digest and a unique identifier for an associated virtual image module, the build of firmware in the ROM image also including a reference to the update validation procedure;
providing an updated virtual image module that includes a version identifier; and
using the update validation procedure identified by the reference in the ROM image to validate the updated virtual image module during pre-boot. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for securely updating firmware in an electronic device, comprising:
-
a plurality of virtual firmware image modules created during a build process, the plurality of virtual image modules stored in at least one location outside a ROM image located in an electronic device;
an update validation procedure including a decryption process used in validating an updated virtual module; and
a firmware ROM image that includes a reference to the update validation procedure and a reference for each of the plurality of virtual image modules, each reference including a version identifier, a message digest and a unique identifier for an associated virtual image module, the unique identifier used to retrieve the referenced virtual image module during pre-boot, the message digest used to verify the authenticity of the virtual image module prior to executing the retrieved image module. - View Dependent Claims (15, 16)
-
-
17. A medium holding computer-executable instructions for securely updating firmware in an electronic device, the instructions comprising:
-
instructions for dividing a firmware image to create a plurality of virtual image modules, the plurality of virtual image modules stored in at least one location outside a ROM image located in the electronic device;
instructions for providing an update validation procedure for validating an updated virtual image module during pre-boot, the update validation procedure identified by a unique identifier and including a decryption process;
instructions for including a reference for each of the plurality of virtual image modules in a build of firmware placed in the ROM image, each reference including a version identifier, a message digest and a unique identifier for an associated virtual image module, the build of firmware in the ROM image also including a reference to the update validation procedure;
instructions for providing an updated virtual image module that includes a version identifier; and
instructions for using the update validation procedure identified by the reference in the ROM image to validate the updated virtual image module during pre-boot. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for securely updating firmware in an electronic device, comprising:
-
dividing a firmware image to create a plurality of virtual image modules, the plurality of virtual image modules stored in at least one location outside a ROM image located in the electronic device;
providing an update validation procedure for validating an updated virtual image module during pre-boot, the update validation procedure identified by a unique identifier and including a decryption process;
including a reference for each of the plurality of virtual image modules in a build of firmware placed in the ROM image, the build of firmware in the ROM image also including a reference to the update validation procedure;
providing an updated virtual image module on a trusted server;
using the update validation procedure identified by the reference in the ROM image to generate a secure tunnel between the electronic device and the trusted server; and
downloading an identified updated virtual image module to the electronic device using the tunnel, the downloaded virtual image replacing one of the plurality of virtual image modules referenced in the ROM image.
-
-
28. A method for securely updating firmware in an electronic device, comprising:
-
dividing a firmware image to create a virtual image module that is stored in at least one location outside a ROM image located in the electronic device;
providing an update validation procedure for validating an updated virtual image module during pre-boot, the update validation procedure identified by a unique identifier and including a decryption process;
including a reference for the virtual image module in a build of firmware placed in the ROM image, the reference including a version identifier, a message digest and a unique identifier for the associated virtual image module, the build of firmware in the ROM image also including a reference to the update validation procedure;
providing an updated virtual image module that includes a version identifier; and
using the update validation procedure identified by the reference in the ROM image to validate the updated virtual image module during pre-boot.
-
Specification