Computer System and Method for Performing Integrity Detection on the Same
First Claim
1. A computer system capable of performing an integrity detection, comprising an EFI storage unit, which is characterized in it further comprises:
- a running mode unit including an integrity detection initiating control parameter, wherein in the PEI stage, after the basic initialization of the CPU, chipsets, and main board is finished, it is determined that whether or not to initialize an integrity detection initiating mode by judging the running mode unit;
said EFI storage unit comprises;
an EFI integrity detection unit, for performing the integrity detection on the EFI image codes in the integrity detection initiating mode;
said EFI integrity detection unit comprises an integrity metric value, for after the EFI integrity detection unit performs the integrity detection on the EFI image codes to generate an EFI integrity calculated value, comparing the metric value and the calculated value to determine the integrity of the EFI image codes.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention proposes a computer system and a method capable of performing integrity detection, comprising: a running mode unit which comprises an integrity detection boot variable to determine whether or not to initiate an integrity detection boot mode by judging said running mode unit; an EFI integrity detection unit (5), which is used for performing an integrity detection on EFI image codes in the integrity detection boot mode, and comprises an integrity metric value for being compared with an EFI integrity calculated value generated after the EFI integrity detection unit performs the integrity detection on the EFI image codes, to determine the integrity of the EFI image codes; an operating system integrity detection unit (6); and an integrity management unit. The present invention is based on the EFI BIOS to perform the integrity detection on the operating system during the pre-boot stage, having better reliability and security.
231 Citations
30 Claims
-
1. A computer system capable of performing an integrity detection, comprising an EFI storage unit, which is characterized in it further comprises:
-
a running mode unit including an integrity detection initiating control parameter, wherein in the PEI stage, after the basic initialization of the CPU, chipsets, and main board is finished, it is determined that whether or not to initialize an integrity detection initiating mode by judging the running mode unit; said EFI storage unit comprises; an EFI integrity detection unit, for performing the integrity detection on the EFI image codes in the integrity detection initiating mode; said EFI integrity detection unit comprises an integrity metric value, for after the EFI integrity detection unit performs the integrity detection on the EFI image codes to generate an EFI integrity calculated value, comparing the metric value and the calculated value to determine the integrity of the EFI image codes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for performing computer system integrity detection, which is characterized in comprising an EFI integrity detection, comprising steps of:
-
STEP A;
the system is powered on to run a PEI stage, after basic initializations of CPU, chipset and the main board are finished, it is determined whether to initiate an integrity detection boot mode or not;
if yes, STEP B is performed;
otherwise the computer system is booted in a conventional boot mode;STEP B;
an EFI integrity detection unit is invoked to calculate an EFI integrity calculated value when an EFI BIOS is booted in the integrity detection boot mode;STEP C;
a current EFI integrity metric value and the calculated value are compared with each other and it is judged whether they are equal or not;
if they are equal, which means that an EFI image code is integral, the subsequent process of the EFI BIOS boot is performed. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification