Monitoring Bootable Busses

US 20080222407A1
Filed: 03/09/2007
Published: 09/11/2008
Est. Priority Date: 03/09/2007
Status: Active Grant

First Claim

Patent Images

1. A boot module for use in enforcing booting from a designated memory, the boot module comprising:

a processor;

a memory storing instructions executable by the processor and data corresponding to an authorized boot sequence;

at least one port coupled to the processor for monitoring a corresponding communication bus for signals related to a boot operation from an unauthorized location; and

an output operable to disrupt the computer when a boot operation from an unauthorized location is detected.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program.

39 Citations

View as Search Results

20 Claims

1. A boot module for use in enforcing booting from a designated memory, the boot module comprising:
- a processor;
  
  a memory storing instructions executable by the processor and data corresponding to an authorized boot sequence;
  
  at least one port coupled to the processor for monitoring a corresponding communication bus for signals related to a boot operation from an unauthorized location; and
  
  an output operable to disrupt the computer when a boot operation from an unauthorized location is detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14)
- - 2. The boot module of claim 1, wherein the data corresponding to an authorized boot sequence is basic input/output system software.
  - 3. The boot module of claim 1, further comprising a serial peripheral interface (SPI) bus interface coupled to the memory.
  - 4. The boot module of claim 3, further comprising a coupling allowing the processor to monitor the SPI bus interface.
  - 5. The boot module of claim 1, wherein the at least one port is coupled to a serial peripheral interface (SPI) bus.
  - 6. The boot module of claim 1, wherein the at least one port is coupled to a low pin count (LPC) bus.
  - 7. The boot module of claim 1, wherein the at least one port is coupled to a peripheral component interconnect (PCI/PCIe/PCI-X) bus.
  - 8. The boot module of claim 1, wherein the at least one port is coupled to a general purpose input/output (GPIO) bus.
  - 10. The method of claim 8, wherein monitoring the data bus comprises monitoring a low pin count (LPC) bus.
  - 11. The method of claim 8, wherein monitoring the data bus comprises monitoring a serial peripheral interface (SPI) bus.
  - 12. The method of claim 8, wherein monitoring the data bus comprises monitoring a peripheral component interconnect (PCI/PCIe/PCI-X) bus.
  - 13. The method of claim 8, wherein monitoring the data bus comprises monitoring a serial peripheral interface (SPI) bus.
  - 14. The method of claim 8, wherein interrupting the computer boot cycle comprises causing the computer to reset.

9. A method of preventing a boot cycle in a computer from other than a designated memory comprising:
- designating a first memory to support an authorized boot cycle;
  
  monitoring a data bus coupled to a second memory capable of supporting the boot cycle;
  
  determining when the boot cycle is being supported by the second memory; and
  
  interrupting the boot cycle when being supported by the second memory.

15. A computer arranged and adapted to support booting from a known memory containing an authorized basic input/output system (BIOS) code, the computer comprising:
- a first processor;
  
  a plurality memory devices, each coupled to a respective data bus; and
  
  a security circuit coupled to at least one of the respective data busses, the security circuit comprising;
  
  a second processor;
  
  a memory coupled to the processor;
  
  at least one port coupled to one of the respective data busses; and
  
  an output that causes a disruption in an operation of the computer responsive to a signal from the second processor when the computer boots from a non-authorized one of the plurality of memory devices.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer of claim 15, wherein the security circuit further comprises a plurality of ports, each coupled to one of the respective data busses.
  - 17. The computer of claim 15, wherein the security circuit further comprises one of the plurality of memory devices that stores an authorized basic input/output system (BIOS) program.
  - 18. The computer of claim 15, wherein the security circuit is coupled to a serial peripheral interface (SPI) bus.
  - 19. The computer of claim 15, wherein the respective data bus comprises a low pin count (LPC) bus, serial peripheral interface (SPI) bus, a peripheral component interconnect (PCI/PCIe/PCI-X) bus and a a general purpose input/output (GPIO) bus.
  - 20. The computer of claim 15, wherein the output of the security circuit forces the computer into a reset cycle to cause a disruption in the operation of the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carpenter, Todd L., Westerinen, William J.

Granted Patent

US 7,769,993 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

Monitoring Bootable Busses

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring Bootable Busses

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links