Apparatus and method for preventing unauthorized access to BIOS in a personal computer system
First Claim
1. An apparatus for protecting BIOS in a personal computer system, the personal computer system having a system processor for executing an operating system, a read only memory, a random access memory, and at least one direct access storage device, said apparatus comprising:
- a direct access storage device controller having a protection means for protecting a region of the at least one direct access storage device, said protection means allowing access to the protected region in response to a reset signal;
a master boot record included in the protected region of the at least one direct access storage device, said master boot record including an executable code segment having means for loading information from the at least one direct access storage device;
a first portion of BIOS being included in the read only memory, said first portion of BIOS initializing the system processor and initiating generation of the reset signal to the direct access storage device controller to permit the system processor to access said master boot record in order to load said master boot record into the random access memory;
a remaining portion of BIOS being included in the protected region of the at least one direct access storage device, said remaining portion of BIOS being loaded into the random access memory by the executable code segment in response to said first portion of BIOS transferring control to the executable code segment, the executable code segment transferring control to said remaining portion of BIOS to boot the operating system, said remaining portion of BIOS activating said protection means to prevent access to the protected region of the at least one direct access storage device during normal operations of the operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for protecting BIOS stored on a direct access storage device into a personnal computer system. The personal computer system comprises a system processor, a system planar, a random access main memory, a read only memory, a protection means and at least one direct access storage device. The read only memory includes a first portion of BIOS and data representing the type of system processor and system planar I/O configuration. The first portion of BIOS initializes the system and the direct access storage device, and resets the protection means in order to read in a master boot record into the random access memory from a protectable partition on the direct access storage device.
335 Citations
32 Claims
-
1. An apparatus for protecting BIOS in a personal computer system, the personal computer system having a system processor for executing an operating system, a read only memory, a random access memory, and at least one direct access storage device, said apparatus comprising:
-
a direct access storage device controller having a protection means for protecting a region of the at least one direct access storage device, said protection means allowing access to the protected region in response to a reset signal; a master boot record included in the protected region of the at least one direct access storage device, said master boot record including an executable code segment having means for loading information from the at least one direct access storage device; a first portion of BIOS being included in the read only memory, said first portion of BIOS initializing the system processor and initiating generation of the reset signal to the direct access storage device controller to permit the system processor to access said master boot record in order to load said master boot record into the random access memory; a remaining portion of BIOS being included in the protected region of the at least one direct access storage device, said remaining portion of BIOS being loaded into the random access memory by the executable code segment in response to said first portion of BIOS transferring control to the executable code segment, the executable code segment transferring control to said remaining portion of BIOS to boot the operating system, said remaining portion of BIOS activating said protection means to prevent access to the protected region of the at least one direct access storage device during normal operations of the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for protecting a system resident program in a personal computer system, the personal computer system having a system processor, a read only memory, a main memory, and at least one direct access storage device capable of storing a plurality of data records, said apparatus comprising:
-
a first program being included in the read only memory, said first program initializing the system processor, said first program further initiating the generation of a reset signal to the at least one direct access storage device to permit access to the data records; a loading means for loading data records from the at least one direct access storage device into the main memory, said loading means being stored in a protectable partition of the at least one direct access storage device, said loading means being read from the at least one direct access storage device into the main memory by said first program, wherein said first program activates said loading means; a main memory resident program image being stored in the protectable partition of the at least on direct access storage device, said main memory resident program image being read from the at least one direct access storage device into the main memory by said loading means to produce a main memory resident program; means for protecting the protectable partition of the at least one direct access storage device, said means for protecting being activated by said main memory resident program to prevent unauthorized access to said loading means and said main memory resident program image. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A device for preventing an unauthorized access of BIOS stored in a mass storage device in a personal computer system having a system processor, the mass storage device capable of storing a plurality of data blocks defined between a first and second data block extreme, BIOS being accessible by the system processor in the form of individual definable contiguous blocks of data, BIOS extending from a third data block extreme to a fourth data block extreme, the third and fourth extremes being bounded by the first and second extremes, said device comprising:
-
(a) controller device coupled between said system processor and said mass storage device for transforming a communication request from the system processor to physical characteristics of the mass storage device, the input/output requests being in the form of individual definable contiguous blocks of data; (b) first logic means for initiating the generation of a reset signal; (c) second logic means for generating a second signal for preventing access to the BIOS; and (d) protection means responsive to said reset signal for permitting access to said BIOS, said protection means being responsive to said second signal for setting a boundary at the third data block extreme to prevent access to the BIOS during normal execution of authorized programs by the system processor. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A method for protecting BIOS in a personal computer system, the system including a system processor, a read only memory, a random access memory, and direct storage access device, said method comprising the steps of:
-
(a) storing a first portion of BIOS in the read only memory, the first portion of BIOS including means for initializing the system; (b) storing a master boot record and a remaining portion of BIOS in a protectable partition on the direct access storage device, the remaining portion of BIOS being resident in the random access memory during normal operations of the personal computer system; (c) initializing the system and initiating the generation of a rest signal, said reset signal being effectively applied to the direct access storage device; (d) removing a protection to the protectable partition to permit the system processor to access the master boot record and the remaining portion of BIOS, the protection being removed in response to the reset signal; (e) loading the master boot record into the random access memory, the master boot record including an executable code segment; (f) transferring control the executable code segment to load the remaining portion of BIOS into the random access memory; and (g) transferring control to the remaining portion of BIOS in the random access memory, the remaining portion of BIOS setting the protection on the protectable partition to prevent unauthorized access to the master boot record and the remaining portion of BIOS stored in the protectable partition on the direct access storage device. - View Dependent Claims (28, 29)
-
-
30. An apparatus for protecting a system resident program in a personal computer system, the personal computer system having a system processor, a random access memory, and at least one direct access storage device capable of storing a plurality of data records, said apparatus comprising:
-
a first module configured for initializing and testing the system processor; a second module configured for initializing the at least one direct access storage device to permit access to the data records; a third module configured for loading data records from the at least one direct access storage device into the random access memory, said third module configured for effecting the loading of a random access memory resident program image being stored in a protectable partition of the at least one direct access storage device, said random access memory resident program image being read from the at least one direct access storage device into the random access memory to produce a random access memory resident program; means for protecting the protectable partition of the at least one direct access storage device, said means for protecting being activated by said random access memory resident program to prevent unauthorized access to said random access memory resident program image. - View Dependent Claims (31, 32)
-
Specification