SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

US 20140281577A1
Filed: 03/11/2014
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:

receiving, via a an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form;

identifying the extended variable parameter;

triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter;

decrypting at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed;

processing the firmware service call after the redirection and decryption; and

returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device equipped with UEFI-compliant firmware is provided with added functionality via an extended firmware interface. The variable interface is called with special parameters, which redirect handling of firmware service calls. Embodiments use authenticated variables to provide security properties to the special interface, use the firmware interface to provide access to diagnostics, and use the firmware interface to provide access to system management.

Citations

23 Claims

1. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:
- receiving, via a an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form;
  
  identifying the extended variable parameter;
  
  triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter;
  
  decrypting at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed;
  
  processing the firmware service call after the redirection and decryption; and
  
  returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the session ID is provided to the calling agent by the firmware in encrypted form before receiving the firmware service call and the at least one of the command, timestamp and a session ID received in encrypted form were signed by a key that was also used to decrypt the encrypted session ID received from the firmware.
  - 3. The method of claim 2 wherein the key used to decrypt the encrypted session ID is protected by an operating system for the computing device.
  - 4. The method of claim 2 wherein a key used to encrypt the session ID is stored in an authenticated variable created during platform deployment.
  - 5. The method of claim 1 wherein the extended parameter includes a pre-specified GUID value.
  - 6. The method of claim 1, further comprising:
    - receiving the firmware service call with a UEFI variable service module provided by the firmware of the computing device and redirecting the service call for handling by another firmware module based on the identification of the extended variable parameter.
  - 7. The method of claim 1, further comprising:
    - receiving the firmware service call with a runtime UEFI driver that hooks a call to a UEFI variable service and redirects the service call for handling based on the identified extended variable parameter.
  - 8. The method of claim 1 wherein the UEFI-defined variable firmware interface is one of GetVariable and SetVariable.

9. A non-transitory computer-readable medium holding instructions for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware that when executed cause the computing device to:
- receive, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form;
  
  identify the extended variable parameter;
  
  trigger a redirection of the handling of the firmware service call based on the identification of the extended variable parameter;
  
  decrypt at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed;
  
  process the firmware service call after the redirection and decryption; and
  
  return a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The medium of claim 9 wherein the session ID is provided to the calling agent by the firmware in encrypted form before receiving the firmware service call and the at least one of the command, timestamp and a session ID received in encrypted form were signed by a key that was also used to decrypt the encrypted session ID received from the firmware.
  - 11. The medium of claim 10 wherein the key used to decrypt the encrypted session ID is protected by an operating system for the computing device.
  - 12. The medium of claim 9 wherein a key used to encrypt the session ID is stored in an authenticated variable created during platform deployment.
  - 13. The medium of claim 9 wherein the extended parameter includes a pre-specified GUID value.
  - 14. The medium of claim 9 wherein the instructions when executed further cause the computing device to:
    - receive the firmware service call with a UEFI variable service module provided by the firmware of the computing device and redirect the service call for handling by another firmware module based on the identification of the extended variable parameter.
  - 15. The medium of claim 9 wherein the instructions when executed further cause the computing device to:
    - receive the firmware service call with a runtime UEFI driver that hooks a call to a UEFI variable service and redirects the service call for handling based on the identified extended variable parameter.
  - 16. The medium of claim 9 wherein the UEFI-defined variable firmware interface is one of GetVariable and SetVariable.

17. A computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, comprising:
- read only memory (ROM) holding the firmware;
  
  memory holding an operating system; and
  
  a processor configured to execute instructions causing the computing device to;
  
  receive, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter, at least one of a command, a timestamp and a session ID in the firmware service call received in encrypted form,identify the extended variable parameter,redirect the firmware service call based on the identification of the extended variable parameter,decrypt at least one of the command, the timestamp and the session ID using a key stored by the firmware, the decrypting authenticating the calling agent before the firmware service call is processed,process the firmware service call after the redirection and encryption; and
  
  return a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The computing device of claim 17, further comprising:
    - a runtime UEFI driver that hooks a call to a UEFI variable service and redirects the service call for handling based on the extended variable parameter.
  - 19. The computing device of claim 17 wherein the UEFI-defined variable firmware interface is one of GetVariable and SetVariable.
  - 20. The computing device of claim 17 wherein the session ID is provided to the calling agent by the firmware in encrypted form before receiving the firmware service call and the at least one of the firmware service call, timestamp and a session ID received in encrypted form were signed by a key that was also used to decrypt the encrypted session ID received from the firmware.
  - 21. The computing device of claim 20 wherein the key used to decrypt the encrypted session ID is protected by an operating system for the computing device.
  - 22. The computing device of claim 20 wherein a key used to encrypt the session ID is stored in an authenticated variable created during platform deployment.

23. A computer-implemented method for managing and diagnosing a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware:
- receiving, via an extension to a standard UEFI-variable firmware interface, a firmware service call from a software agent executing in an operating system environment, the call made with an extended variable parameter at least one of the firmware service call;
  
  identifying the extended variable parameter;
  
  triggering a redirection of the handling of the firmware service call based on the identification of the extended variable parameter;
  
  processing the firmware service call after the redirection; and
  
  returning a result of the processing to the calling agent, the result used to perform at least one of a management or diagnostic function for the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Insyde Software Corp
Original Assignee
Insyde Software Corp
Inventors
NICHOLES, Martin O.

Granted Patent

US 9,477,848 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/71 to assure secure computing ...

G06F 21/85 interconnection devices, e....

SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links