Information Handling System Boot Pre-Validation
First Claim
Patent Images
1. An information handling system comprising:
- a processor operable to execute instructions that process information;
memory interfaced with the processor, the memory operable to store the instructions and information;
a display interfaced with the processor and operable to present the information as visual images;
plural components interfaced with the processor and operable to perform functions with firmware instructions loaded at boot of an operating system on the processor;
initiation firmware stored in the memory and operable to initiate boot of the operating system at power on of the processor;
a secure boot module associated with the initiation firmware and operable to compare bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further operable to prevent execution of firmware that lacks a valid certificate; and
a pre-validation module associated with the initiation firmware and operable to perform a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module and to present the pre-validation at the display during a setup routine of the initiation firmware.
14 Assignments
0 Petitions
Accused Products
Abstract
Pre-validation of bootloader certificates for firmware bootloaders of an operating system boot list during a setup mode of BIOS boot initiation provides the end user with a tool to address boot certification problems associated with the firmware bootloaders before the operating system boot precludes execution of bootloaders that lack a valid certificate. For example, re-configuration of a boot list to address certification problems before exit of boot setup prevents boot to an inoperative state caused by lack of firmware execution during boot due to a failed certificate, such as a failure to load an unsigned option ROM.
-
Citations
20 Claims
-
1. An information handling system comprising:
-
a processor operable to execute instructions that process information; memory interfaced with the processor, the memory operable to store the instructions and information; a display interfaced with the processor and operable to present the information as visual images; plural components interfaced with the processor and operable to perform functions with firmware instructions loaded at boot of an operating system on the processor; initiation firmware stored in the memory and operable to initiate boot of the operating system at power on of the processor; a secure boot module associated with the initiation firmware and operable to compare bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further operable to prevent execution of firmware that lacks a valid certificate; and a pre-validation module associated with the initiation firmware and operable to perform a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module and to present the pre-validation at the display during a setup routine of the initiation firmware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for booting an information handling system, the method comprising:
-
initiating firmware instructions operable to bring an operating system from persistent memory to an operational state; executing a set-up state of the firmware instructions, the set-up state operable to accept end user inputs; while in the set-up state, validating certificates of option ROM bootloaders in a boot list of the firmware; and applying corrective action for invalid certificates in the set-up state before transition to a boot state. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for booting an information handling system, the system comprising:
-
non-transitory memory storing; an operating system operable to execute on a processor to coordinate execution of applications on the information handling system, the operating system having a secure boot mode that validates bootloader certificates and precludes execution of bootloaders that lack a valid bootloader certificate; initiation firmware operable to coordinate boot of the operating system, the initiation firmware having a setup mode, a boot mode and an exit boot services that transitions control of the information handling system from the initiation firmware to the operating system; and a pre-validation module operable to determine the validity of the bootloader certificates during the initiation firmware setup mode. - View Dependent Claims (19, 20)
-
Specification