System and Method for Intercept of UEFI Block I/O Protocol Services for BIOS Based Hard Drive Encryption Support
First Claim
1. A method for performing Unified Extensible Firmware Interface (UEFI) block input/output (I/O) access to storage devices that can be encrypted, the method comprising:
- intercepting, by a UEFI interceptor block I/O driver, a caller-initiated block I/O command for I/O access to one or more target block addresses on a storage device;
identifying whether any of the one or more target block addresses is for an encrypted storage block;
in response to identifying an encrypted storage block among the one or more target block addresses, forwarding data associated with the encrypted target storage block to an encryption-decryption module to perform one of an encryption and a decryption of corresponding data; and
performing final handling of the block I/O command and associated data using the block I/O driver;
wherein I/O data stored within the encrypted storage block targeted by the block I/O command is first identified by the UEFI interceptor block I/O driver and processed by the encryption-decryption module before final handling of the block I/O command is performed by the block I/O driver.
14 Assignments
0 Petitions
Accused Products
Abstract
An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver.
-
Citations
20 Claims
-
1. A method for performing Unified Extensible Firmware Interface (UEFI) block input/output (I/O) access to storage devices that can be encrypted, the method comprising:
-
intercepting, by a UEFI interceptor block I/O driver, a caller-initiated block I/O command for I/O access to one or more target block addresses on a storage device; identifying whether any of the one or more target block addresses is for an encrypted storage block; in response to identifying an encrypted storage block among the one or more target block addresses, forwarding data associated with the encrypted target storage block to an encryption-decryption module to perform one of an encryption and a decryption of corresponding data; and performing final handling of the block I/O command and associated data using the block I/O driver; wherein I/O data stored within the encrypted storage block targeted by the block I/O command is first identified by the UEFI interceptor block I/O driver and processed by the encryption-decryption module before final handling of the block I/O command is performed by the block I/O driver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An information handling system comprising:
-
a storage device; a memory device a processor communicatively coupled to the storage device and the memory device; an encryption-decryption module accessible to the processor; and a block input/output (I/O) driver maintained on the memory device and which can execute on the processor; and a Unified Extensible Firmware Interface (UEFI) that executes on the processor and which includes a UEFI interceptor block I/O driver that; intercepts a caller-initiated block I/O command for I/O access to one or more target block addresses on a storage device; identifies whether any of the one or more target block addresses is for an encrypted storage block; in response to identifying an encrypted storage block among the storage accessed by the one or more target block addresses, forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data; and performs final handling of the block I/O command and associated data using the block I/O driver; wherein I/O data stored within the encrypted storage block targeted by the block I/O command is first identified by the UEFI interceptor block I/O driver and processed by the encryption-decryption module before final handling of the block I/O command is performed by the block I/O driver. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification