RECOVERING AN INFORMATION HANDLING SYSTEM FROM A SECURE BOOT AUTHENTICATION FAILURE

US 20180349607A1
Filed: 06/02/2017
Published: 12/06/2018
Est. Priority Date: 06/02/2017
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for recovering an information handling system (IHS) from a secure boot authentication failure, the method comprising:

retrieving, via a processor from a first memory device, a first unified extensible firmware interface (UEFI) driver associated with a first component/device of the IHS;

determining, via a secure boot process, if the first UEFI driver is an authenticated UEFI driver; and

in response to determining that the first UEFI driver is not an authenticated UEFI driver, retrieving, from a second memory device, a previously validated UEFI driver corresponding to the first component/device and loading the previously validated UEFI driver.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, information handling system (IHS) and a recovery system for recovering an IHS from a secure boot authentication failure. The method includes retrieving, via a processor from a first memory device, a first unified extensible firmware interface (UEFI) driver associated with a first component/device of the IHS. The method further includes determining, via a secure boot process, if the first UEFI driver is an authenticated UEFI driver. In response to determining that the first UEFI driver is not an authenticated driver, a previously validated UEFI driver corresponding to the first component/device is retrieved from a second memory device. The method further includes loading the previously validated UEFI driver.

36 Citations

View as Search Results

20 Claims

1. A computer implemented method for recovering an information handling system (IHS) from a secure boot authentication failure, the method comprising:
- retrieving, via a processor from a first memory device, a first unified extensible firmware interface (UEFI) driver associated with a first component/device of the IHS;
  
  determining, via a secure boot process, if the first UEFI driver is an authenticated UEFI driver; and
  
  in response to determining that the first UEFI driver is not an authenticated UEFI driver, retrieving, from a second memory device, a previously validated UEFI driver corresponding to the first component/device and loading the previously validated UEFI driver.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - in response to determining that the first UEFI driver is an authenticated driver, loading the first UEFI driver.
  - 3. The method of claim 1, wherein determining whether the previously validated UEFI driver is to be retrieved and loaded further comprises:
    - generating a first hash of the first UEFI driver;
      
      retrieving, from the second memory device, a second hash associated with the previously validated UEFI driver;
      
      determining if the first hash and the second hash match; and
      
      in response to the first hash and the second hash not matching;
      
      generating third type error message and storing the third type error message to an error log; and
      
      initiating the retrieving and loading of the previously validated UEFI driver.
  - 4. The method of claim 3, further comprising:
    - in response to the first hash and the second hash matching;
      
      generating a second type error message;
      
      storing the second type error message to an error log; and
      
      preventing the IHS from booting.
  - 5. The method of claim 1, further comprising:
    - during a provisioning process of the IHS;
      
      identifying a provided UEFI driver as the previously validated UEFI driver on the second memory device;
      
      generating the second hash from the provided UEFI driver;
      
      associating the second hash with the previously validated UEFI driver; and
      
      storing the previously validated UEFI driver and the second hash to the second memory device.
  - 6. The method of claim 5, further comprising:
    - determining if the previously validated UEFI driver is to be updated with a new validated UEFI driver;
      
      in response to determining that the previously validated UEFI driver is to be updated, identifying the new validated UEFI driver;
      
      generating a third hash from the new validated UEFI driver;
      
      associating the third hash with the new validated UEFI driver; and
      
      replacing the previously validated UEFI driver and second hash with the new validated UEFI driver and the third hash to the second memory device.
  - 7. The method of claim 1, further comprising:
    - retrieving a first UEFI image from the first memory device;
      
      determining, via the secure boot process, if the first UEFI image is an authenticated UEFI image; and
      
      retrieving, from the second memory device, a previously validated UEFI image corresponding to the first UEFI image and loading the previously validated UEFI image.

8. An information handling system (IHS) comprising:
- a first IHS component having a first memory device; and
  
  a processor communicatively coupled to a second memory device, the processor further communicatively coupled to the first IHS component and the first memory device, the processor having firmware executing thereon for recovering the IHS from a secure boot authentication failure, wherein the firmware configures the processor to;
  
  retrieve from the first memory device, a first unified extensible firmware interface (UEFI) driver associated with a first component/device of the IHS;
  
  determine, via a secure boot process, if the first UEFI driver is an authenticated UEFI driver; and
  
  in response to determining that the first UEFI driver is not an authenticated UEFI driver, retrieve, from the second memory device, a previously validated UEFI driver corresponding to the first component/device and loading the previously validated UEFI driver.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The information handling system of claim 8, wherein the firmware further configures the processor to:
    - in response to determining that the first UEFI driver is an authenticated driver, load the first UEFI driver.
  - 10. The information handling system of claim 8, wherein determining whether the previously validated UEFI driver is to be retrieved and loaded comprises the firmware further configuring the processor to:
    - generate a first hash of the first UEFI driver;
      
      retrieve, from the second memory device, a second hash associated with the previously validated UEFI driver;
      
      determine if the first hash and the second hash match; and
      
      in response to the first hash and the second hash not matching;
      
      generate third type error message and store the third type error message to an error log; and
      
      initiate the retrieving and loading of the previously validated UEFI driver.
  - 11. The information handling system of claim 10, wherein the firmware further configures the processor to:
    - in response to the first hash and the second hash matching;
      
      generate second type error message;
      
      store the second type error message to an error log; and
      
      prevent the IHS from booting.
  - 12. The information handling system of claim 8, wherein the firmware further configures the processor to:
    - during a provisioning process of the IHS;
      
      identify a provided UEFI driver as the previously validated UEFI driver on the second memory device;
      
      generate the second hash from the provided UEFI driver;
      
      associate the second hash with the previously validated UEFI driver; and
      
      store the previously validated UEFI driver and the second hash to the second memory device.
  - 13. The information handling system of claim 12, wherein the firmware further configures the processor to:
    - determine if the previously validated UEFI driver is to be updated with a new validated UEFI driver;
      
      in response to determining that the previously validated UEFI driver is to be updated, identify the new validated UEFI driver;
      
      generate a third hash from the new validated UEFI driver;
      
      associate the third hash with the new validated UEFI driver; and
      
      replacing the previously validated UEFI driver and second hash with the new validated UEFI driver and the third hash to the second memory device.
  - 14. The information handling system of claim 8, wherein the firmware further configures the processor to:
    - retrieve a first UEFI image from the first memory device;
      
      determine, via the secure boot process, if the first UEFI image is an authenticated UEFI image; and
      
      retrieving from the second memory device, regardless of whether the first UEFI image is or is not an authenticated image, a previously validated UEFI image corresponding to the first UEFI image and loading the previously validated UEFI image.

15. A recovery system for recovering an information handling system (IHS) from a secure boot authentication failure, the recovery system comprising:
- a first IHS component having a first memory device; and
  
  a processor communicatively coupled to a second memory device, the processor further communicatively coupled to the first IHS component and the first memory device, the processor having firmware executing thereon for recovering the IHS from a secure boot authentication failure, wherein the firmware configures the processor to;
  
  retrieve from the first memory device, a first unified extensible firmware interface (UEFI) driver associated with a first component/device of the IHS;
  
  determine, via a secure boot process, if the first UEFI driver is an authenticated UEFI driver; and
  
  in response to determining that the first UEFI driver is not an authenticated UEFI driver, retrieve, from the second memory device, a previously validated UEFI driver corresponding to the first component/device and loading the previously validated UEFI driver.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The recovery system of claim 15, wherein the firmware further configures the processor to:
    - in response to determining that the first UEFI driver is an authenticated driver, load the first UEFI driver.
  - 17. The recovery system of claim 15, wherein determining whether the previously validated UEFI driver is to be retrieved and loaded comprises the firmware further configuring the processor to:
    - generate a first hash of the first UEFI driver;
      
      retrieve, from the second memory device, a second hash associated with the previously validated UEFI driver;
      
      determine if the first hash and the second hash match; and
      
      in response to the first hash and the second hash not matching;
      
      generate a third type error message and store the third type error message to an error log; and
      
      initiate the retrieving and loading of the previously validated UEFI driver.
  - 18. The recovery system of claim 17, wherein the firmware further configures the processor to:
    - in response to the first hash and the second hash matching;
      
      generate a second type error message;
      
      store the second type error message to an error log; and
      
      prevent the IHS from booting.
  - 19. The recovery system of claim 15, wherein the firmware further configures the processor to:
    - during a provisioning process of the IHS;
      
      identify a provided UEFI driver as the previously validated UEFI driver on the second memory device;
      
      generate the second hash from the provided UEFI driver;
      
      associate the second hash with the previously validated UEFI driver; and
      
      store the previously validated UEFI driver and the second hash to the second memory device.
  - 20. The recovery system of claim 19, wherein the firmware further configures the processor to:
    - determine if the previously validated UEFI driver is to be updated with a new validated UEFI driver;
      
      in response to determining that the previously validated UEFI driver is to be updated, identify the new validated UEFI driver;
      
      generate a third hash from the new validated UEFI driver;
      
      associate the third hash with the new validated UEFI driver; and
      
      replace the previously validated UEFI driver and second hash with the new validated UEFI driver and the third hash to the second memory device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
KHATRI, MUKUND P., MUNGER, WILLIAM C.

Granted Patent

US 10,540,501 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575 Secure boot

G06F 9/4406 Loading of operating system

RECOVERING AN INFORMATION HANDLING SYSTEM FROM A SECURE BOOT AUTHENTICATION FAILURE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

RECOVERING AN INFORMATION HANDLING SYSTEM FROM A SECURE BOOT AUTHENTICATION FAILURE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others