Information Handling System Boot Pre-Validation

US 20160232356A1
Filed: 10/07/2015
Published: 08/11/2016
Est. Priority Date: 02/09/2015
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a processor operable to execute instructions that process information;

memory interfaced with the processor, the memory operable to store the instructions and information;

a display interfaced with the processor and operable to present the information as visual images;

plural components interfaced with the processor and operable to perform functions with firmware instructions loaded at boot of an operating system on the processor;

initiation firmware stored in the memory and operable to initiate boot of the operating system at power on of the processor;

a secure boot module associated with the initiation firmware and operable to compare bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further operable to prevent execution of firmware that lacks a valid certificate; and

a pre-validation module associated with the initiation firmware and operable to perform a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module and to present the pre-validation at the display during a setup routine of the initiation firmware.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Pre-validation of bootloader certificates for firmware bootloaders of an operating system boot list during a setup mode of BIOS boot initiation provides the end user with a tool to address boot certification problems associated with the firmware bootloaders before the operating system boot precludes execution of bootloaders that lack a valid certificate. For example, re-configuration of a boot list to address certification problems before exit of boot setup prevents boot to an inoperative state caused by lack of firmware execution during boot due to a failed certificate, such as a failure to load an unsigned option ROM.

Citations

20 Claims

1. An information handling system comprising:
- a processor operable to execute instructions that process information;
  
  memory interfaced with the processor, the memory operable to store the instructions and information;
  
  a display interfaced with the processor and operable to present the information as visual images;
  
  plural components interfaced with the processor and operable to perform functions with firmware instructions loaded at boot of an operating system on the processor;
  
  initiation firmware stored in the memory and operable to initiate boot of the operating system at power on of the processor;
  
  a secure boot module associated with the initiation firmware and operable to compare bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further operable to prevent execution of firmware that lacks a valid certificate; and
  
  a pre-validation module associated with the initiation firmware and operable to perform a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module and to present the pre-validation at the display during a setup routine of the initiation firmware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The information handling system of claim 1 wherein the plural components comprise a graphics subsystem and the firmware instructions comprise an option ROM to execute on the graphics subsystem.
  - 3. The information handling system of claim 2 wherein the pre-validation module presents an alternative graphics subsystem to use at boot instead of a graphics subsystem having an invalid certificate, the alternative graphics subsystem selectable by an end user for use in boot through the display.
  - 4. The information handling system of claim 3 wherein the graphics system is a graphics card and the alternative graphics system is a chipset-based graphics system.
  - 5. The information handling system of claim 1 wherein the pre-validation module performs pre-validation during an initiation firmware set-up state to accept end user setting inputs to the initiation firmware based upon the pre-validation.
  - 6. The information handling system of claim 5 wherein the secure boot module validates firmware instructions for the plural components after completion of boot services performed by the initiation firmware.
  - 7. The information handling system of claim 1 wherein the pre-validation module is further operable to:
    - initiate transition to a boot mode of the initiation firmware if the bootloader certificates are valid; and
      
      to establish a network interface to update the bootloader certificates if the bootloader certificates are not valid.
  - 8. The information handling system of claim 1 wherein the pre-validation module is further operable to:
    - initiate transition to a boot mode of the initiation firmware if the bootloader certificates are valid; and
      
      initiate transition to a modified boot mode of the initiation firmware if the bootloader certificates are not valid, the modified boot mode launching a firmware update function of the operating system to update the invalid firmware.
  - 9. The system of claim 1 wherein the firmware loaded on the components at boot of the information handling system comprises option ROMs.

10. A method for booting an information handling system, the method comprising:
- initiating firmware instructions operable to bring an operating system from persistent memory to an operational state;
  
  executing a set-up state of the firmware instructions, the set-up state operable to accept end user inputs;
  
  while in the set-up state, validating certificates of option ROM bootloaders in a boot list of the firmware; and
  
  applying corrective action for invalid certificates in the set-up state before transition to a boot state.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 further comprising:
    - transitioning to the boot state to prepare execution of the operating system;
      
      exiting the boot state to initiate execution of the operating system; and
      
      in response to exiting the boot state, validating the certificates of the option ROM bootloaders before executing the option ROM bootloaders.
  - 12. The method of claim 10 wherein applying corrective action further comprises:
    - presenting invalid certificates at a display while in the set-up state; and
      
      accepting end user inputs in response to the presenting invalid certificates.
  - 13. The method of claim 12 wherein accepting end user inputs in response to the presenting invalid certificates further comprises accepting an end user selection of an alternative option ROM to execute instead of an option ROM having an invalid certificate.
  - 14. The method of claim 12 wherein accepting end user inputs in response to the presenting invalid certificates further comprises accepting an end user selection of an alternative component to use on boot from a component having an invalid certificate.
  - 15. The method of claim 14 wherein the component having an invalid certificate is a graphics card and the alternative component to use on boot is a chipset-based graphics system.
  - 16. The method of claim 12 wherein accepting end user inputs in response to the presenting invalid certificates further comprises establishing a network interface to retrieve an option ROM having a valid certificate to replace the option ROM having the invalid certificate.
  - 17. The method of claim 16 wherein accepting end user inputs in response to the presenting invalid certificates further comprises accepting an end user override of the invalid certificate to permit operating system use of the bootloader associated with the invalid certificate.

18. A system for booting an information handling system, the system comprising:
- non-transitory memory storing;
  
  an operating system operable to execute on a processor to coordinate execution of applications on the information handling system, the operating system having a secure boot mode that validates bootloader certificates and precludes execution of bootloaders that lack a valid bootloader certificate;
  
  initiation firmware operable to coordinate boot of the operating system, the initiation firmware having a setup mode, a boot mode and an exit boot services that transitions control of the information handling system from the initiation firmware to the operating system; and
  
  a pre-validation module operable to determine the validity of the bootloader certificates during the initiation firmware setup mode.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18 wherein the pre-validation module is further operable to:
    - present invalid bootloader certificates at a display while in the set-up state; and
      
      accepting end user inputs in response to the presenting invalid certificates to alter the operating system boot based on the invalid bootloader certificates.
  - 20. The system of claim 19 wherein the end user input comprises a change to a boot list of bootloaders to replace the invalid bootloader with a valid bootloader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Barkelew, Jonathan B., Gillespie, Kurt D.

Granted Patent

US 9,916,451 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 2221/031   Protect user input by softw...

G06F 9/4401   Bootstrapping security arra...

H04L 9/3268   using certificate validatio...

Information Handling System Boot Pre-Validation

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Information Handling System Boot Pre-Validation

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links