SECURE FIRMWARE UPDATES
First Claim
1. A computing device comprising:
- one or more hardware resources having updateable firmware; and
memory storing a secure update module configured to;
establish a secure pre-boot environment for start-up of the computing device;
enable firmware updates via a firmware system for the one or more hardware resources within the secure pre-boot environment; and
disable firmware updates for the one or hardware resources outside of the secure pre-boot environment.
2 Assignments
0 Petitions
Accused Products
Abstract
A firmware update system is described that collectively handles secure firmware updates for hardware resources in a defined and consistent manner. The firmware update system may be configured to manage at least some firmware updates in a pre-boot environment (e.g., before an operating system is loaded). By doing so, the firmware update system exercises control over the updates and reduce entry points exposed to attackers. In one approach, update states are defined for hardware resources that are managed by the firmware update system. In a pre-boot environment, the update states for the managed hardware resources are set to enable firmware updates. The firmware update system may then detect and apply firmware updates available for the managed hardware resources. Update states may be set to disable before loading the operating so that firmware updates for managed resources are disabled outside of the secure pre-boot environment.
54 Citations
20 Claims
-
1. A computing device comprising:
-
one or more hardware resources having updateable firmware; and memory storing a secure update module configured to; establish a secure pre-boot environment for start-up of the computing device; enable firmware updates via a firmware system for the one or more hardware resources within the secure pre-boot environment; and disable firmware updates for the one or hardware resources outside of the secure pre-boot environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method implemented by a computing device comprising:
-
determining whether a secure pre-boot environment is established by a boot program launched upon start-up of the computing device; when the secure pre-boot environment is established, performing firmware updates in the secure pre-boot environment for one or more hardware resources of the computing device; and sending at least one notification to cause the one or more hardware resources to disable firmware updates for the one or more hardware resources outside of the secure pre-boot environment. - View Dependent Claims (14, 15, 16)
-
-
17. One or more computer-readable storage media storing instructions that when executed by a computing device cause the computing device to implement a firmware system to perform acts comprising:
-
setting update states for one or more managed hardware resources associated with the computing device to enable firmware updates in a secure pre-boot environment; detecting firmware updates that are available for the one or more managed hardware resources; applying the available firmware updates that are detected in the secure pre-boot environment; and communicating a disable command to the one or more managed hardware resources following application of the firmware updates to change the update states to disable firmware updates in a post-boot environment. - View Dependent Claims (18, 19, 20)
-
Specification