System and Method for Securely Updating Firmware Devices by Using a Hypervisor

US 20080244553A1
Filed: 03/28/2007
Published: 10/02/2008
Est. Priority Date: 03/28/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a firmware update at a computer system, wherein the computer system is executing a hypervisor and one or more guest operating systems, and wherein the firmware update corresponds to a hardware device accessible by the computer system, the hardware device including an updateable firmware;

in response to receiving the firmware update, the hypervisor operates by;

inhibiting use of the device by each of the guest operating systems;

after the inhibiting, upgrading the firmware using the received firmware update; and

after the upgrading, allowing each of the guest operating systems use of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and program product is provided that receives and processes a firmware update at a computer system. The computer system is executing a hypervisor and one or more guest operating systems, and the firmware update corresponds to a hardware device accessible by the computer system. The hardware device is a type that is programmed using an updateable firmware. The hypervisor operating in the computer system processes the received firmware update by first inhibiting use of the device by each of the guest operating systems. After the guest operating systems have been inhibited from using the device, the firmware in the device is upgraded by the hypervisor using the received firmware update. After the firmware has been upgraded, each of the guest operating systems is allowed use of the device.

112 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving a firmware update at a computer system, wherein the computer system is executing a hypervisor and one or more guest operating systems, and wherein the firmware update corresponds to a hardware device accessible by the computer system, the hardware device including an updateable firmware;
  
  in response to receiving the firmware update, the hypervisor operates by;
  
  inhibiting use of the device by each of the guest operating systems;
  
  after the inhibiting, upgrading the firmware using the received firmware update; and
  
  after the upgrading, allowing each of the guest operating systems use of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update.
  - 3. The method of claim 2 wherein the validating further comprises:
    - receiving, from a user, a password that is used to control firmware updates to the computer system; and
      
      comparing the received password to an expected password, wherein the upgrading is performed in response to the received password matching the expected password.
  - 4. The method of claim 2 wherein the validating further comprises:
    - verifying that the received firmware update has been digitally signed by an authorized user.
  - 5. The method of claim 2 wherein the validating further comprises:
    - executing a hash algorithm against the received firmware update, the executing resulting in a hash value;
      
      comparing the hash value with an expected hash value;
      
      rejecting the firmware update in response to the hash value not matching the expected hash value; and
      
      accepting the firmware update in response to the hash value matching the expected hash value.
  - 6. The method of claim 1 wherein:
    - the inhibiting further comprises;
      
      unmounting the device from each of the guest operating systems; and
      
      suspending each of the guest operating systems;
      
      and the allowing further comprises;
      
      resuming each of the guest operating systems; and
      
      mounting the device to each of the guest operating systems.
  - 7. The method of claim 1 wherein:
    - the inhibiting further comprises;
      
      buffering one or more requests for the device in a buffer, the requests received from one or more of the guest operating systems;
      
      and the allowing further comprises;
      
      sending each of the buffered requests to the device.

8. A information handling system comprising:
- one or more processors;
  
  a memory accessible by at least one of the processors;
  
  a nonvolatile storage area accessible by at least one of the processors;
  
  a hardware device accessible by at least one of the processors, wherein the hardware device includes an updateable firmware that controls the device'"'"'s operation;
  
  a hypervisor and one or more guest operating systems stored in the memory and the nonvolatile storage area and executed by the processors;
  
  a set of instructions executed by the hypervisor, wherein one or more of the processors executes the set of instructions in order to perform actions of;
  
  receiving a firmware update, wherein the firmware update corresponds to the hardware device;
  
  in response to receiving the firmware update;
  
  inhibiting use of the device by each of the guest operating systems;
  
  after the inhibiting, upgrading the firmware using the received firmware update; and
  
  after the upgrading, allowing each of the guest operating systems use of the device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The information handling system of claim 8 wherein the set of instructions perform further actions comprising:
    - prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update, the validating including;
      
      receiving, from a user, a password that is used to control firmware updates to the computer system; and
      
      comparing the received password to an expected password, wherein the upgrading is performed in response to the received password matching the expected password.
  - 10. The information handling system of claim 8 wherein the set of instructions perform further actions comprising:
    - prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update, the validating including verifying that the received firmware update has been digitally signed by an authorized user.
  - 11. The information handling system of claim 8 wherein the set of instructions perform further actions comprising:
    - prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update, the validating including;
      
      executing a hash algorithm against the received firmware update, the executing resulting in a hash value;
      
      comparing the hash value with an expected hash value;
      
      rejecting the firmware update in response to the hash value not matching the expected hash value; and
      
      accepting the firmware update in response to the hash value matching the expected hash value.
  - 12. The information handling system of claim 8 wherein:
    - the instructions that perform the inhibiting include instructions to perform a first set of actions comprising;
      
      unmounting the device from each of the guest operating systems; and
      
      suspending each of the guest operating systems;
      
      and instructions that perform the allowing include instructions to perform a second set of actions comprising;
      
      resuming each of the guest operating systems; and
      
      mounting the device to each of the guest operating systems.
  - 13. The information handling system of claim 8 wherein:
    - the instructions that perform the inhibiting include instructions to perform a first set of actions comprising;
      
      buffering one or more requests for the device in a buffer stored in the memory, the requests received from one or more of the guest operating systems;
      
      and instructions that perform the allowing include instructions to perform a second action comprising;
      
      sending each of the buffered requests to the device.

14. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by a data processing system, causes the data processing system to perform actions that include:
- receiving a firmware update at a computer system, wherein the computer system is executing a hypervisor and one or more guest operating systems, and wherein the firmware update corresponds to a hardware device accessible by the computer system, the hardware device including an updateable firmware;
  
  in response to receiving the firmware update, the hypervisor operates by;
  
  inhibiting use of the device by each of the guest operating systems;
  
  after the inhibiting, upgrading the firmware using the received firmware update; and
  
  after the upgrading, allowing each of the guest operating systems use of the device.

15. The computer program product of claim 15 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
- prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15 wherein the functional descriptive material that performs the validating performs further actions comprising:
    - prior to upgrading the firmware, validating the firmware update, wherein the upgrading is performed in response to a successful validation of the firmware update, the validating further including;
      
      receiving, from a user, a password that is used to control firmware updates to the computer system; and
      
      comparing the received password to an expected password, wherein the upgrading is performed in response to the received password matching the expected password.
  - 17. The computer program product of claim 15 wherein the functional descriptive material that performs the validating performs further actions comprising:
    - verifying that the received firmware update has been digitally signed by an authorized user.
  - 18. The computer program product of claim 15 wherein the functional descriptive material that performs the validating performs further actions comprising:
    - executing a hash algorithm against the received firmware update, the executing resulting in a hash value;
      
      comparing the hash value with an expected hash value;
      
      rejecting the firmware update in response to the hash value not matching the expected hash value; and
      
      accepting the firmware update in response to the hash value matching the expected hash value.
  - 19. The computer program product of claim 15 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - the inhibiting further comprises;
      
      unmounting the device from each of the guest operating systems; and
      
      suspending each of the guest operating systems;
      
      and the allowing further comprises;
      
      resuming each of the guest operating systems; and
      
      mounting the device to each of the guest operating systems.
  - 20. The computer program product of claim 15 wherein the functional descriptive material causes the data processing system to perform further actions comprising:
    - the inhibiting further comprises;
      
      buffering one or more requests for the device in a buffer, the requests received from one or more of the guest operating systems;
      
      and the allowing further comprises;
      
      sending each of the buffered requests to the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Waltermann, Rod D., Cromer, Daryl Carvis, Locker, Howard Jeffrey, Springfield, Randall Scott

Application Number

US11/692,283
Publication Number

US 20080244553A1
Time in Patent Office

Days
Field of Search
US Class Current

717/168
CPC Class Codes

G06F 21/572 Secure firmware programming...

Y04S 40/20 Information technology spec...

System and Method for Securely Updating Firmware Devices by Using a Hypervisor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Securely Updating Firmware Devices by Using a Hypervisor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links