TRUSTED SUPPORT PROCESSOR AUTHENTICATION OF HOST BIOS/UEFI
First Claim
1. An information handling system (IHS) for preventing execution of corrupted boot up instructions in flash memory, the IHS comprising:
- a system interconnect;
a memory component containing basic input/output system (BIOS) instructions to execute during boot up of the IHS;
a host processor in communication with the memory component via the system interconnect and which executes the BIOS instructions to configure the IHS;
a support processor in communication via the system interconnection with the memory component and comprising an embedded memory containing a unique key that is assigned to the support processor and executing instructions to configure the IHS to;
calculate a current hash value for the BIOS instructions;
access a trusted encrypted hash value and the unique key from a secure storage;
decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value;
determine whether the current hash value is identical to the trusted hash value; and
allow execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value.
14 Assignments
0 Petitions
Accused Products
Abstract
An information handling system (IHS) prevents execution of corrupted bootup instructions in flash memory. A memory component contains basic input/output system (BIOS) instructions to execute during boot up of the IHS. A host processor is in communication with the memory component via the system interconnect to execute the BIOS instructions to configure the IHS. A support processor executes instructions to configure the IHS to: (a) calculate a current hash value for the BIOS instructions; (b) access a trusted encrypted hash value and the unique key from a secure storage; (c) decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value; (d) determine whether the current hash value is identical to the trusted hash value; and (e) allow execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value.
-
Citations
20 Claims
-
1. An information handling system (IHS) for preventing execution of corrupted boot up instructions in flash memory, the IHS comprising:
-
a system interconnect; a memory component containing basic input/output system (BIOS) instructions to execute during boot up of the IHS; a host processor in communication with the memory component via the system interconnect and which executes the BIOS instructions to configure the IHS; a support processor in communication via the system interconnection with the memory component and comprising an embedded memory containing a unique key that is assigned to the support processor and executing instructions to configure the IHS to; calculate a current hash value for the BIOS instructions; access a trusted encrypted hash value and the unique key from a secure storage; decrypt the trusted encrypted hash value using the unique key to obtain a trusted hash value; determine whether the current hash value is identical to the trusted hash value; and allow execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of authenticating Basic Input/Output System (BIOS) of an information handling system (IHS) for preventing execution of corrupted boot up instructions, the method comprising:
-
a support processor; calculating, by a support processor, a current hash value for the BIOS instructions; accessing, by the support processor, a trusted encrypted hash value and the unique key from a secure storage; decrypting, by the support processor, the trusted encrypted hash value using the unique key to obtain a trusted hash value; determining, by the support processor, whether the current hash value is identical to the trusted hash value; and allowing, by the support processor, execution of the BIOS instructions by the host processor in response to determining that the encrypted current hash value is identical to the trusted hash value. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method of authenticating a memory device of an information handling system (IHS), the method comprising:
-
accessing, by a processor, current memory contents of a memory device; calculating, by the processor, a current hash value for the current memory content memory device; accessing, by the processor, a trusted encrypted hash value and the unique key from a secure storage; decrypting, by the processor, the trusted encrypted hash value using the unique key to obtain a trusted hash value; determining, by the processor, whether the current hash value is identical to the trusted hash value; and allowing, by the processor, access to the current memory contents of the memory device by another processor in response to determining that the encrypted current hash value is identical to the trusted hash value. - View Dependent Claims (18, 19, 20)
-
Specification