SYSTEM AND METHOD FOR PROCESSING REQUESTS TO ALTER SYSTEM SECURITY DATABASES AND FIRMWARE STORES IN A UNIFIED EXTENSIBLE FIRMWARE INTERFACE-COMPLIANT COMPUTING DEVICE

US 20120260082A1
Filed: 04/06/2012
Published: 10/11/2012
Est. Priority Date: 04/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:

receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU mode;

triggering a transition of the CPU from the normal CPU mode to a System Management Mode (SMM) using the request reception module;

verifying a legitimacy of the processed request for performing an alteration of a system security database with a firmware verification module that is only executable when the CPU is in SMM;

validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and

performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for allowing firmware in a UEFI-compliant device to implement the UEFI specification driver signing and Authenticated Variable elements while at the same time protecting the system security database holding the library of approved keys and lists of allowed and forbidden programs from unauthorized modifications is discussed.

Citations

18 Claims

1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
- receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU mode;
  
  triggering a transition of the CPU from the normal CPU mode to a System Management Mode (SMM) using the request reception module;
  
  verifying a legitimacy of the processed request for performing an alteration of a system security database with a firmware verification module that is only executable when the CPU is in SMM;
  
  validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and
  
  performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the firmware validation module validates the signature in the request for performing an alteration of a system security database using a key stored in the system security database.
  - 3. The method of claim 1, further comprising:
    - saving, with the firmware request reception module, memory location information related to the request for performing an alteration of a system security database for the use of the firmware verification module, the memory location information saved prior to triggering the transition to SMM.
  - 4. The method of claim 3 wherein the verifying is performed by the firmware verification module checking the saved location in memory against a previously noted request reception module load address.
  - 5. The method of claim 1 wherein the firmware request reception module, firmware verification module, firmware validation module, firmware update module and the system security database are stored in flash ROM.

6. A method for updating a firmware store region in a flash Read-Only Memory (ROM) in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
- receiving at the UEFI-compliant device a downloaded update package that includes an executable update program, a replacement image of the firmware store and a signed hash of the replacement image;
  
  triggering with the update program, while a central processing unit (CPU) in the UEFI-compliant computing device is operating in a normal CPU mode, a transition of the CPU from the normal CPU mode to a System Management Mode (SMM);
  
  validating the signature and replacement image with SMM-resident firmware that is only executable when the CPU is in SMM; and
  
  updating the firmware store with the replacement image, the updating occurring using SMM-resident firmware that is only executable when the CPU is in SMM.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6 wherein the UEFI-compliant device re-boots or shuts down following the validating and prior to the updating of the firmware store.
  - 8. The method of claim 6, further comprising:
    - saving, with the update program, memory location information related to the update package, the memory location information saved prior to triggering the transition to SMM.

9. A non-transitory computer-readable medium holding computer-executable instructions for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, the instructions when executed causing at least one computing device to:
- receive a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, code for the request reception module being accessible when a central processing unit (CPU) in the computing device is operating in a normal CPU mode;
  
  trigger a transition of the CPU from the normal CPU mode to a System Management Mode (SMM) using the request reception module;
  
  verify a legitimacy of the processed request for performing an alteration of a system security database with a firmware verification module that is only executable when the CPU is in SMM;
  
  validate a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and
  
  perform the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM.
- View Dependent Claims (10, 11, 12)
- - 10. The medium of claim 9 wherein the firmware validation module validates the signature in the request for performing an alteration of a system security database using a key stored in the system security database.
  - 11. The medium of claim 9, wherein the instructions when executed further cause the computing device to:
    - save, with the firmware request reception module, memory location information related to the request for performing an alteration of a system security database for the use of the firmware verification module, the memory location information saved prior to triggering the transition to SMM.
  - 12. The medium of claim 11 wherein the verifying is performed by the firmware verification module checking the saved location in memory against a previously noted request reception module load address.

13. A non-transitory computer-readable medium holding computer-executable instructions for updating a firmware store region in a flash Read-Only Memory (ROM) in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, the instructions when executed causing at least one computing device to:
- receive at the UEFI-compliant device a downloaded update package that includes an executable update program, a replacement image of the firmware store and a signed hash of the replacement image;
  
  trigger with the update program, while a central processing unit (CPU) in the UEFI-compliant computing device is operating in a normal CPU mode, a transition of the CPU from the normal CPU mode to a System Management Mode (SMM);
  
  validate the signature and replacement image with SMM-resident firmware that is only executable when the CPU is in SMM; and
  
  update the firmware store with the replacement image, the updating occurring using SMM-resident firmware that is only executable when the CPU is in SMM.
- View Dependent Claims (14, 15)
- - 14. The medium of claim 13 wherein the UEFI-compliant device re-boots or shuts down following the validating and prior to the updating of the firmware store.
  - 15. The medium of claim 13 wherein the instructions when executed further cause the computing device to:
    - save, with the update program, memory location information related to the update package, the memory location information saved prior to triggering the transition to SMM.

16. A Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising a central processing unit configured to execute:
- a firmware request reception module, the request reception module receiving and processing a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU mode and triggering a transition of the CPU from the normal CPU mode to a System Management Mode (SMM) following the processing;
  
  a firmware verification module, the firmware verification module verifying a legitimacy of the processed request for performing an alteration of a system security database, the firmware verification module executing only when the CPU is in SMM;
  
  a firmware validation module, the firmware validation module validating a signature contained in the processed request for performing an alteration of the system security database, the firmware validation module executing only when the CPU is in SMM; and
  
  a firmware update module, the firmware update module performing the requested alteration of the system security database following a successful validation of the signature, the firmware update module executing only when the CPU is in SMM.
- View Dependent Claims (17)
- - 17. The device of claim 16 wherein the firmware validation module validates the signature in the request for performing an alteration of a system security database using a key stored in the system security database.

18. A Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising a central processing unit (CPU) configured to execute:
- a downloaded update package including an executable update program for updating a firmware store region in a flash Read-Only Memory (ROM) in the UEFI-compliant computing device, the update package further including a replacement image of at least part of the firmware store and a signed hash of the replacement image, the update program triggering a transition of the CPU from normal CPU mode to a System Management Mode (SMM);
  
  SMM-resident firmware for validating the signature and replacement image, the SMM-resident firmware for validating the signature and replacement image only executing when the CPU is in SMM; and
  
  SMM-resident firmware for updating the firmware store with the replacement image, the SMM-resident firmware for updating the firmware store only executing when the CPU is in SMM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Insyde Software Corp
Original Assignee
Insyde Software Corp
Inventors
BOBZIN, Jeffery Jay

Granted Patent

US 9,372,699 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/100
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 9/4411 Configuring for operating w...

SYSTEM AND METHOD FOR PROCESSING REQUESTS TO ALTER SYSTEM SECURITY DATABASES AND FIRMWARE STORES IN A UNIFIED EXTENSIBLE FIRMWARE INTERFACE-COMPLIANT COMPUTING DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROCESSING REQUESTS TO ALTER SYSTEM SECURITY DATABASES AND FIRMWARE STORES IN A UNIFIED EXTENSIBLE FIRMWARE INTERFACE-COMPLIANT COMPUTING DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links