SECURE FIRMWARE UPDATES

US 20140068594A1
Filed: 08/29/2012
Published: 03/06/2014
Est. Priority Date: 08/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

one or more hardware resources having updateable firmware; and

memory storing a secure update module configured to;

establish a secure pre-boot environment for start-up of the computing device;

enable firmware updates via a firmware system for the one or more hardware resources within the secure pre-boot environment; and

disable firmware updates for the one or hardware resources outside of the secure pre-boot environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firmware update system is described that collectively handles secure firmware updates for hardware resources in a defined and consistent manner. The firmware update system may be configured to manage at least some firmware updates in a pre-boot environment (e.g., before an operating system is loaded). By doing so, the firmware update system exercises control over the updates and reduce entry points exposed to attackers. In one approach, update states are defined for hardware resources that are managed by the firmware update system. In a pre-boot environment, the update states for the managed hardware resources are set to enable firmware updates. The firmware update system may then detect and apply firmware updates available for the managed hardware resources. Update states may be set to disable before loading the operating so that firmware updates for managed resources are disabled outside of the secure pre-boot environment.

54 Citations

View as Search Results

20 Claims

1. A computing device comprising:
- one or more hardware resources having updateable firmware; and
  
  memory storing a secure update module configured to;
  
  establish a secure pre-boot environment for start-up of the computing device;
  
  enable firmware updates via a firmware system for the one or more hardware resources within the secure pre-boot environment; and
  
  disable firmware updates for the one or hardware resources outside of the secure pre-boot environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing device as recited in claim 1, wherein the secure update module is further configured to:
    - detect updates that are available for the one or more hardware resources; and
      
      initiate installation of the updates that are detected in the secure pre-boot environment.
  - 3. The computing device as recited in claim 2, wherein to initiate the installation of the updates comprises:
    - obtaining update packages for the updates that are available through the firmware system; and
      
      distributing the packages to the one or more hardware resources to cause application of the updates by the hardware resources.
  - 4. The computing device as recited in claim 1, wherein the secure update module is further configured to enumerate the one or more hardware resources designated for handling of firmware updates in the secure pre-boot environment by referencing a data structure populated with entries describing the one or more hardware resources.
  - 5. The computing device as recited in claim 1, wherein the secure update module is further configured to pass control to a boot loader to boot an operating system for the computing device after disabling the firmware updates for the one or hardware resources.
  - 6. The computing device as recited in claim 1, wherein at least some of the one or more hardware resources are provided as integrated components of a system-on-chip processor for the computing device.
  - 7. The computing device as recited in claim 1, wherein the one or more hardware resources include an accessory device connectable to the computing device via a corresponding interface.
  - 8. The computing device as recited in claim 1, wherein the one or more hardware resources include multiple microprocessors of the computing device.
  - 9. The computing device as recited in claim 1, wherein the firmware system is implemented as a Unified Extensible Firmware Interface (UEFI).
  - 10. The computing device as recited in claim 1, wherein one or more update states associated with the one or more hardware resources are set by default to enable firmware updates upon the start-up of the computing device.
  - 11. The computing device as recited in claim 1, wherein to enable the firmware updates comprises sending an enable command to the one or more hardware resources in response to establishment of the secure pre-boot environment, the enable command configured to set one or more update states associated with the one or more hardware resources to enable the firmware updates in the secure pre-boot environment.
  - 12. The computing device as recited in claim 1, wherein to disable the firmware updates comprises sending a disable command to the one or more hardware resources prior to booting an operating system for the computing device, the disable command configured to set one or more updates states associated with the one or more hardware resources to disable the firmware updates outside of the secure pre-boot environment.

13. A method implemented by a computing device comprising:
- determining whether a secure pre-boot environment is established by a boot program launched upon start-up of the computing device;
  
  when the secure pre-boot environment is established, performing firmware updates in the secure pre-boot environment for one or more hardware resources of the computing device; and
  
  sending at least one notification to cause the one or more hardware resources to disable firmware updates for the one or more hardware resources outside of the secure pre-boot environment.
- View Dependent Claims (14, 15, 16)
- - 14. The method as recited in claim 13, wherein performing the firmware updates in the secure pre-boot environment comprises:
    - identifying the one or more hardware resources designated for handing of firmware updates by a firmware system of the computing device in the secure pre-boot environment;
      
      determining whether updates are available for the identified hardware resources; and
      
      applying firmware updates that are available by obtaining update packages configured to implement the firmware updates and distributing the update packages for consumption by the one or more hardware resources
  - 15. The method as recited in claim 13, wherein the secure pre-boot environment is configured to enforce a security policy that prevents un-trusted code from executing in the secure pre-boot environment.
  - 16. The method as recited in claim 15, wherein:
    - the at least one notification is sent to one of said hardware resources acting as a gatekeeper device and includes a disable command to set the gatekeeper device to a disable state;
      
      the gatekeeper device is configured to manage firmware updates collectively for at least some of said hardware resources; and
      
      when in the disable state, the gatekeeper device is configured to not distribute firmware updates to hardware resources managed by the gatekeeper device.

17. One or more computer-readable storage media storing instructions that when executed by a computing device cause the computing device to implement a firmware system to perform acts comprising:
- setting update states for one or more managed hardware resources associated with the computing device to enable firmware updates in a secure pre-boot environment;
  
  detecting firmware updates that are available for the one or more managed hardware resources;
  
  applying the available firmware updates that are detected in the secure pre-boot environment; and
  
  communicating a disable command to the one or more managed hardware resources following application of the firmware updates to change the update states to disable firmware updates in a post-boot environment.
- View Dependent Claims (18, 19, 20)
- - 18. One or more computer-readable storage media of claim 17, wherein setting update states comprises communicating an enable command to the one or more managed hardware responsive to a determination that the secure pre-boot environment is established by boot code of the computing device.
  - 19. One or more computer-readable storage media of claim 17, further comprising:
    - prior to applying the available firmware updates, determining whether available firmware updates are trusted in accordance with a security policy implemented by the secure pre-boot environment by verifying digital signatures associated with the available firmware updates, wherein the applying comprises applying updates that are trusted based on the determination.
  - 20. One or more computer-readable storage media of claim 17, wherein the disable command is sent to a component configured as a gatekeeper for the one or more hardware devices to collectively manage firmware updates for the one or more hardware devices through associated system firmware, the disable command configured to prevent the associated system firmware from distributing firmware updates to the one or more managed hardware resources outside of the secure pre-boot environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Young, Robert D., Fudally, Scott A., Montgomery, Wallace Paul

Granted Patent

US 9,218,178 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/172
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 8/65 Updates security arrangemen...

SECURE FIRMWARE UPDATES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE FIRMWARE UPDATES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links