Apparatus and method for preventing unauthorized access to BIOS in a personal computer system

US 5,022,077 A
Filed: 08/25/1989
Issued: 06/04/1991
Est. Priority Date: 08/25/1989
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for protecting BIOS in a personal computer system, the personal computer system having a system processor for executing an operating system, a read only memory, a random access memory, and at least one direct access storage device, said apparatus comprising:

a direct access storage device controller having a protection means for protecting a region of the at least one direct access storage device, said protection means allowing access to the protected region in response to a reset signal;

a master boot record included in the protected region of the at least one direct access storage device, said master boot record including an executable code segment having means for loading information from the at least one direct access storage device;

a first portion of BIOS being included in the read only memory, said first portion of BIOS initializing the system processor and initiating generation of the reset signal to the direct access storage device controller to permit the system processor to access said master boot record in order to load said master boot record into the random access memory;

a remaining portion of BIOS being included in the protected region of the at least one direct access storage device, said remaining portion of BIOS being loaded into the random access memory by the executable code segment in response to said first portion of BIOS transferring control to the executable code segment, the executable code segment transferring control to said remaining portion of BIOS to boot the operating system, said remaining portion of BIOS activating said protection means to prevent access to the protected region of the at least one direct access storage device during normal operations of the operating system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for protecting BIOS stored on a direct access storage device into a personnal computer system. The personal computer system comprises a system processor, a system planar, a random access main memory, a read only memory, a protection means and at least one direct access storage device. The read only memory includes a first portion of BIOS and data representing the type of system processor and system planar I/O configuration. The first portion of BIOS initializes the system and the direct access storage device, and resets the protection means in order to read in a master boot record into the random access memory from a protectable partition on the direct access storage device.

335 Citations

32 Claims

1. An apparatus for protecting BIOS in a personal computer system, the personal computer system having a system processor for executing an operating system, a read only memory, a random access memory, and at least one direct access storage device, said apparatus comprising:
- a direct access storage device controller having a protection means for protecting a region of the at least one direct access storage device, said protection means allowing access to the protected region in response to a reset signal;
  
  a master boot record included in the protected region of the at least one direct access storage device, said master boot record including an executable code segment having means for loading information from the at least one direct access storage device;
  
  a first portion of BIOS being included in the read only memory, said first portion of BIOS initializing the system processor and initiating generation of the reset signal to the direct access storage device controller to permit the system processor to access said master boot record in order to load said master boot record into the random access memory;
  
  a remaining portion of BIOS being included in the protected region of the at least one direct access storage device, said remaining portion of BIOS being loaded into the random access memory by the executable code segment in response to said first portion of BIOS transferring control to the executable code segment, the executable code segment transferring control to said remaining portion of BIOS to boot the operating system, said remaining portion of BIOS activating said protection means to prevent access to the protected region of the at least one direct access storage device during normal operations of the operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the at least one direct access storage device comprises a fixed disk.
  - 3. The apparatus of claim 2, wherein said system processor transfers data records to a disk controller in blocks being in a format which numbers the blocks sequentially, and further wherein said master boot record and said remaining portion of BIOS are effectively stored in a higher ordered numbered of blocks.
  - 4. The apparatus of claim 3, wherein said protection means comprises setting a maximum block addressable, said maximum block addressable being a lowest order numbered block of the master boot record and the remaining portion of BIOS, said protection means preventing access to numbered blocks equal to or greater than the maximum block addressable while permitting access to numbered blocks less than the maximum block addressable.
  - 5. The apparatus of claim 1, wherein said first portion of BIOS initiates the generation of the reset signal in response to the personal computer system being powered on.
  - 6. The apparatus of claim 1, wherein said first portion of BIOS initiates the generation of the reset signal in response to a reset condition being applied to the personal computer system.
  - 7. The apparatus of claim 1, wherein the master boot record further includes hardware configuration data, the hardware configuration data representing a hardware configuration of the personal computer system which is compatible with said master boot record, and further wherein the read only memory includes system processor identification data representing a hardware configuration of the system processor, wherein before said remaining portion of BIOS is loaded into the random access memory, said first portion of BIOS compares the hardware configuration data from the master boot record with the system processor identification data from the read only memory to verify the master boot record is compatible with the system processor.
  - 8. The apparatus of claim 7, wherein the data segment of the master boot record includes a value representing a system planar which is compatible with the master boot record and further wherein the system planar further includes a means for uniquely identifying the system planar in order to verify that the master boot record is compatible with the system planar.
  - 9. The apparatus of claim 7, wherein the hardware configuration data from the master boot record includes a model value and a submodel value, wherein the model value identifies a system processor which is compatible with said master boot record and the submodel value represent an I/O configuration of a system planer which is compatible with the master boot record, and further wherein said read only memory includes a corresponding model value identifying the system processor and a corresponding submodel value representing the I/O configuration of the system planar, wherein said model value and said submodel value of the master boot record are compared to the corresponding model and the submodel value of the read only memory respectively, in order to verify that the master boot record is compatible with the system processor and the I/O configuration of the system planar.
  - 10. The apparatus of claim 1, wherein the personal computer system further includes a nonvolatile random access memory being electrically coupled to the system processor, said nonvolatile random access memory including data representing a system configuration, said data being updated when the system configuration is changed, wherein said first portion of BIOS compares said data in the nonvolatile random access memory to corresponding data in the read only memory to determine if the configuration of the system has changed.

11. An apparatus for protecting a system resident program in a personal computer system, the personal computer system having a system processor, a read only memory, a main memory, and at least one direct access storage device capable of storing a plurality of data records, said apparatus comprising:
- a first program being included in the read only memory, said first program initializing the system processor, said first program further initiating the generation of a reset signal to the at least one direct access storage device to permit access to the data records;
  
  a loading means for loading data records from the at least one direct access storage device into the main memory, said loading means being stored in a protectable partition of the at least one direct access storage device, said loading means being read from the at least one direct access storage device into the main memory by said first program, wherein said first program activates said loading means;
  
  a main memory resident program image being stored in the protectable partition of the at least on direct access storage device, said main memory resident program image being read from the at least one direct access storage device into the main memory by said loading means to produce a main memory resident program;
  
  means for protecting the protectable partition of the at least one direct access storage device, said means for protecting being activated by said main memory resident program to prevent unauthorized access to said loading means and said main memory resident program image.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The apparatus of claim 11, wherein said loading means further includes a validation means for confirming the personal computer system is compatible with the main memory resident program.
  - 13. The apparatus of claim 12, wherein said validation means includes data representing a type of system processor and a configuration of a system planar coupled to the system processor.
  - 14. The apparatus of claim 12, wherein said loading means comprises a master boot record having an executable code segment for effecting the loading of the main memory resident program, wherein said first program transfers control to said executable code segment to effect the loading of said main memory resident program image into the main memory.
  - 15. The apparatus of claim 11, wherein said first program includes a power on self test routine, said power on self test routine initializing and testing operating functions of the personal computer system necessary to load the main memory resident program.
  - 16. The apparatus of claim 15, wherein said power on self test routine initializes the system processor, the main memory, and the at least one direct access storage device.
  - 17. The apparatus of claim 11, wherein the at least one direct access storage device comprises a fixed disk drive wherein said loading means loads data records from said fixed disk drive into the main memory.
  - 18. The apparatus of claim 17, wherein said fixed disk drive includes a disk controller and further wherein said system processor transfers data records to said disk controller in blocks being in a format which numbers the blocks sequentially, and further wherein said main memory resident program image is effectively stored in a higher ordered number of blocks.
  - 19. The apparatus of claim 18, wherein said protection means comprises setting a maximum block addressable, said maximum block addressable being a lowest order numbered block of the main memory resident program image, said protection means preventing access to numbered blocks greater than or equal to the maximum block addressable while permitting access to numbered blocks less than the maximum block addressable.
  - 20. The apparatus of claim 11, wherein said first program initiates generation of the reset signal in response to power being applied to the system.
  - 21. The apparatus of claim 11, wherein said first program initiates generation of the reset signal in response to a reset condition being applied to the system.

22. A device for preventing an unauthorized access of BIOS stored in a mass storage device in a personal computer system having a system processor, the mass storage device capable of storing a plurality of data blocks defined between a first and second data block extreme, BIOS being accessible by the system processor in the form of individual definable contiguous blocks of data, BIOS extending from a third data block extreme to a fourth data block extreme, the third and fourth extremes being bounded by the first and second extremes, said device comprising:
- (a) controller device coupled between said system processor and said mass storage device for transforming a communication request from the system processor to physical characteristics of the mass storage device, the input/output requests being in the form of individual definable contiguous blocks of data;
  
  (b) first logic means for initiating the generation of a reset signal;
  
  (c) second logic means for generating a second signal for preventing access to the BIOS; and
  
  (d) protection means responsive to said reset signal for permitting access to said BIOS, said protection means being responsive to said second signal for setting a boundary at the third data block extreme to prevent access to the BIOS during normal execution of authorized programs by the system processor.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The device of claim 22, wherein the mass storage device comprises a fixed disk having input/output requests in the form of a cylinder, head and sector format, and further wherein said controller converts from data block format to cylinder, head and sector format.
  - 24. The device of claim 22, wherein said controller device includes an SCSI adapter card responsive to said system processor.
  - 25. The device of claim 22, wherein the first logic means initiates generation of the reset signal in response to a power on condition for the system processor.
  - 26. The device of claim 22, wherein the first logic means initiates generation of the reset signal in response to an input from a keyboard connected to the system.

27. A method for protecting BIOS in a personal computer system, the system including a system processor, a read only memory, a random access memory, and direct storage access device, said method comprising the steps of:
- (a) storing a first portion of BIOS in the read only memory, the first portion of BIOS including means for initializing the system;
  
  (b) storing a master boot record and a remaining portion of BIOS in a protectable partition on the direct access storage device, the remaining portion of BIOS being resident in the random access memory during normal operations of the personal computer system;
  
  (c) initializing the system and initiating the generation of a rest signal, said reset signal being effectively applied to the direct access storage device;
  
  (d) removing a protection to the protectable partition to permit the system processor to access the master boot record and the remaining portion of BIOS, the protection being removed in response to the reset signal;
  
  (e) loading the master boot record into the random access memory, the master boot record including an executable code segment;
  
  (f) transferring control the executable code segment to load the remaining portion of BIOS into the random access memory; and
  
  (g) transferring control to the remaining portion of BIOS in the random access memory, the remaining portion of BIOS setting the protection on the protectable partition to prevent unauthorized access to the master boot record and the remaining portion of BIOS stored in the protectable partition on the direct access storage device.
- View Dependent Claims (28, 29)
- - 28. The method of claim 27, further including the step (h) of verifying the master boot record is compatible with the system by comparing data stored in the first portion of BIOS with corresponding data stored in the master boot record.
  - 29. The method of claim 27, further including the step (i) of verifying the master boot record is compatible with the system processor by comparing data in the read only memory to corresponding data included in the master boot record.

30. An apparatus for protecting a system resident program in a personal computer system, the personal computer system having a system processor, a random access memory, and at least one direct access storage device capable of storing a plurality of data records, said apparatus comprising:
- a first module configured for initializing and testing the system processor;
  
  a second module configured for initializing the at least one direct access storage device to permit access to the data records;
  
  a third module configured for loading data records from the at least one direct access storage device into the random access memory, said third module configured for effecting the loading of a random access memory resident program image being stored in a protectable partition of the at least one direct access storage device, said random access memory resident program image being read from the at least one direct access storage device into the random access memory to produce a random access memory resident program;
  
  means for protecting the protectable partition of the at least one direct access storage device, said means for protecting being activated by said random access memory resident program to prevent unauthorized access to said random access memory resident program image.
- View Dependent Claims (31, 32)
- - 31. The apparatus of claim 30, further including a read only memory, said first, second and third module being a portion of said read only memory.
  - 32. The apparatus of claim 30, further including a validation means for confirming the personal computer system is compatible with the random access memory resident program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Bealkowski, Richard, Dayan, Richard A., Cronk, Doyle S., McNeill, Andrew B., Wachtel, Edward I., Blackledge, John W. Jr., Zyvoloski, Kevin M., Sachsenmaier, Robert, Palka, Matthew S. Jr., Kovach, George D., Kinnear, Scott G., Dixon, Jerry D.
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
Gregory, Bernarr Earl

Application Number

US07/398,820
Time in Patent Office

648 Days
Field of Search

364/200, 364/900, 380/4, 380/23, 380/24, 380/25, 380/49, 380/50, 340/825.34, 340/825.31
US Class Current

711/163
CPC Class Codes

G06F 9/4406 Loading of operating system

Apparatus and method for preventing unauthorized access to BIOS in a personal computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

335 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for preventing unauthorized access to BIOS in a personal computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

335 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others