FIRMWARE AUTHENTICATION

US 20140365755A1
Filed: 06/07/2013
Published: 12/11/2014
Est. Priority Date: 06/07/2013
Status: Active Grant

First Claim

Patent Images

1. An Information Handling System (IHS), comprising:

a controller including a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files; and

a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Firmware authentication in Information Handling Systems (IHSs) are disclosed. In some embodiments, an IHS may include a controller having a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files. The IHS may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature. In another embodiment, a method may include creating a firmware volume, adding a plurality of firmware files to the firmware volume, and creating a digital signature based upon at least one of the plurality of firmware files, where the digital signature, upon being authenticated, allows a BIOS to load any of the plurality of firmware files.

73 Citations

View as Search Results

20 Claims

1. An Information Handling System (IHS), comprising:
- a controller including a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files; and
  
  a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The IHS of claim 1, wherein the BIOS is Unified Extensible Firmware Interface (UEFI) compliant.
  - 3. The IHS of claim 1, wherein the BIOS is operably coupled to the controller via a southbridge chipset.
  - 4. The IHS of claim 3, wherein the given one of the plurality of firmware volumes is exposed to the BIOS as a virtual mass storage device.
  - 5. The IHS of claim 1, wherein the firmware files include at least one of:
    - a firmware driver, an UEFI application, an Operating System (OS) loader, or an Option Read-Only-Memory (OPROM) file.
  - 6. The IHS of claim 1, wherein the digital signature is included in a separate file outside the given one of the plurality of firmware volumes.
  - 7. The IHS of claim 1, wherein the given one of the plurality of firmware volumes is encapsulated into a header file, the header file including the digital signature.
  - 8. The IHS of claim 1, wherein to authenticate the two or more firmware files, the program instructions, upon execution, further cause the BIOS to create a hash based upon one of the two or more firmware files, decode the digital signature using a public key stored in the BIOS, and compare the hash to the decoded digital signature.
  - 9. The IHS of claim 8, wherein the BIOS is configured to authenticate the two or more firmware files in response to the hash matching the decoded digital signature.

10. A method, comprising:
- creating a firmware volume;
  
  adding a plurality of firmware files to the firmware volume; and
  
  creating a digital signature based upon at least one of the plurality of firmware files, wherein the digital signature, upon being authenticated, allows a Basic Input/Output System (BIOS) to load any of the plurality of firmware files.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the firmware files include at least one of:
    - a firmware driver, a Unified Extensible Firmware Interface (UEFI) application, an Operating System (OS) loader, or an Option Read-Only-Memory (OPROM) file.
  - 12. The method of claim 10, wherein the digital signature is created based upon a hash of a single one of the plurality of firmware files, and wherein the hash is signed with an authorized private key.
  - 13. The method of claim 10, wherein the digital signature is created based upon a hash of two or more but fewer than all of the plurality of firmware files, and wherein the hash is signed with an authorized private key.
  - 14. The method of claim 10, further comprising:
    - adding the digital signature to the firmware volume;
      
      orstoring the digital signature as a distinct file separately from the firmware volume.
  - 15. The method of claim 10, further comprising encapsulating the firmware volume into a header file, wherein adding the digital signature to the firmware volume includes adding the digital signature to the header file.

16. A Basic Input/Output System (BIOS) having program instructions stored thereon that, upon execution, cause an Information Handling System (IHS) to:
- access a firmware volume external to the BIOS, the firmware volume including a plurality of binary firmware files;
  
  receive a digital signature associated with the firmware volume;
  
  authenticate two or more of the plurality of binary firmware files using the digital signature; and
  
  load the two or more binary firmware files during a booting process.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The BIOS of claim 16, wherein the firmware volume is stored in a memory device external to the BIOS and accessible to the BIOS via a southbridge chipset as a virtual mass storage device.
  - 18. The BIOS of claim 16, wherein the binary firmware files include at least one of:
    - a firmware driver, a Unified Extensible Firmware Interface (UEFI) application, an Operating System (OS) loader, or an Option Read-Only-Memory (OPROM) file.
  - 19. The BIOS of claim 16, wherein to authenticate the plurality of binary firmware files, the program instructions, upon execution, further cause the IHS to:
    - create a hash based upon a first one of the plurality of binary firmware files using a same algorithm used in the creation of the digital signature;
      
      decode the digital signature using a public key; and
      
      compare the hash to the decoded digital signature.
  - 20. The BIOS of claim 19, wherein the program instructions, upon execution, further cause the IHS to authenticate the plurality of binary firmware files in response to the hash matching the decoded digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Inc. (Dell Technologies Inc.)
Inventors
Liu, Wei G., Shutt, Mark W.

Granted Patent

US 9,189,631 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/572 Secure firmware programming...

FIRMWARE AUTHENTICATION

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FIRMWARE AUTHENTICATION

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links