SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE
First Claim
Patent Images
1. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:
- receiving, via a an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form;
identifying the extended variable parameter;
triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter;
decrypting at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed;
processing the firmware service call after the redirection and decryption; and
returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device equipped with UEFI-compliant firmware is provided with added functionality via an extended firmware interface. The variable interface is called with special parameters, which redirect handling of firmware service calls. Embodiments use authenticated variables to provide security properties to the special interface, use the firmware interface to provide access to diagnostics, and use the firmware interface to provide access to system management.
-
Citations
23 Claims
-
1. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:
-
receiving, via a an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form; identifying the extended variable parameter; triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter; decrypting at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed; processing the firmware service call after the redirection and decryption; and returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium holding instructions for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware that when executed cause the computing device to:
-
receive, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form; identify the extended variable parameter; trigger a redirection of the handling of the firmware service call based on the identification of the extended variable parameter; decrypt at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed; process the firmware service call after the redirection and decryption; and return a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, comprising:
-
read only memory (ROM) holding the firmware; memory holding an operating system; and a processor configured to execute instructions causing the computing device to; receive, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form, identify the extended variable parameter, redirect the firmware service call based on the identification of the extended variable parameter, decrypt at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed, process the firmware service call after the redirection and encryption; and return a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:
-
receiving, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter at least one of the firmware service call; identifying the extended variable parameter; triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter; processing the firmware service call after the redirection; and returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.
-
Specification