Method and apparatus for providing enhanced data verification in a computer system
First Claim
1. A personal computer system compatible with application programs and operating system software, the personal computer system comprising:
- a microprocessor;
non-volatile memory electrically coupled to said microprocessor, said non-volatile memory storing a first portion of system microcode that is retrieved and executed by said microprocessor when said computer system is initially powered on,volatile memory electrically coupled to said microprocessor;
a direct access storage device electrically coupled to said microprocessor, said direct access storage device storing a second portion of operating system microcode that is retrieved and executed by said microprocessor after said microprocessor has executed said first portion of microcode,said second portion of operating system microcode including a boot program which, during power on initialization of said system, receives control of said system from said first portion of system microcode, andmeans contained at least in part in said first portion of system microcode for enabling said microprocessor to verify that said boot program has not undergone unauthorized modification since said computer system was previously powered off, said last-mentioned means operating before control of said system is transferred from said first portion to said boot program.
1 Assignment
0 Petitions
Accused Products
Abstract
A personal computer system compatible with application programs and operating system software. The personal computer system includes a microprocessor electrically coupled to a data bus, non-volatile memory electrically coupled to the data bus, volatile memory electrically responsive to the data bus and a direct access storage device electrically responsive to the data bus, the direct access storage device storing a second portion of operating system microcode. The non-volatile memory stores a first portion of operating system microcode and the direct access storage device stores a second portion of operating system microcode. The second portion of operating system microcode includes a boot program. The first portion of operating system microcode verifies the integrity of the boot program prior to loading the boot program into the volatile memory.
-
Citations
15 Claims
-
1. A personal computer system compatible with application programs and operating system software, the personal computer system comprising:
-
a microprocessor; non-volatile memory electrically coupled to said microprocessor, said non-volatile memory storing a first portion of system microcode that is retrieved and executed by said microprocessor when said computer system is initially powered on, volatile memory electrically coupled to said microprocessor; a direct access storage device electrically coupled to said microprocessor, said direct access storage device storing a second portion of operating system microcode that is retrieved and executed by said microprocessor after said microprocessor has executed said first portion of microcode, said second portion of operating system microcode including a boot program which, during power on initialization of said system, receives control of said system from said first portion of system microcode, and means contained at least in part in said first portion of system microcode for enabling said microprocessor to verify that said boot program has not undergone unauthorized modification since said computer system was previously powered off, said last-mentioned means operating before control of said system is transferred from said first portion to said boot program.
-
-
2. A personal computer system comprising:
-
a microprocessor; non-volatile memory electrically coupled to said microprocessor, said non-volatile memory storing a first portion of system microcode that is executed by said microprocessor when said computer system is initially powered on, volatile memory electrically coupled to said microprocessor, a direct access storage device electrically coupled to said microprocessor, said direct access storage device storing a second portion of system microcode associated with an operating system currently installed in said computer system, said second portion of microcode including a boot program which, during power on initialization of said system, is executed by said microprocessor after said microprocessor has finished executing said first portion of microcode, and means contained at least in part in said first portion of microcode for enabling said microprocessor to verify, prior to execution of said boot program, that said boot program has not undergone an unauthorized change since the system was previously powered on, wherein said means for enabling said microprocessor to verify includes means for generating an initial modification detection code, based upon information contained in said boot program, during an initial setup of said computer system, and means operative during subsequent power on executions of said first microcode portion for enabling said microprocessor to use said initial modification detection code as a reference in verifying that said boot program has not undergone a said unauthorized change since said system was previously powered on. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A personal computer system compatible with application programs and operating system software, the personal computer system comprising:
-
a microprocessor, non-volatile memory electrically coupled to said microprocessor, said non-volatile memory storing a first portion of operating system microcode to be executed by said microprocessor when said computer system is initially powered on, volatile memory electrically coupled to said microprocessor, a direct access storage device electrically coupled to said microprocessor, said direct access storage device storing, in separate pads thereof, a second portion of operating system microcode and operating system software for an operating system installed in said computer system, said second portion of operating system microcode including a boot program to be executed by said microprocessor after said first portion of microcode has been executed, first verifying means for verifying, prior to execution of said boot program by said microprocessor, that said boot program has not been changed in an unauthorized manner since a previous execution of said boot program by said microprocessor, and second verifying means for verifying that the part of said direct access storage device containing said operating system software has not been changed in an unauthorized manner since the previous power on initialization of said system, said second verifying means operating while said microprocessor is under control of said boot program, and prior to loading of said operating system software from said direct access storage device into said volatile memory, to prepare said computer system for operating under control of said operating system software. - View Dependent Claims (9)
-
-
10. A personal computer system comprising:
-
a microprocessor; non-volatile memory electrically coupled to said microprocessor, said non-volatile memory storing a first portion of microcode to be executed by said microprocessor for controlling said computer system when said computer system is initially powered on; volatile memory electrically coupled to said microprocessor; direct access storage means electrically coupled to said microprocessor, said direct access storage means storing, in separate parts thereof, a second portion of microcode, for controlling said computer system after execution of said first portion of microcode, and software of an operating system installed in said computer system;
said second portion of microcode including a boot program;first verifying means for verifying during execution of said first portion of microcode that said boot program has not been changed in an unauthorized manner since said system was previously powered on; and second verifying means for verifying during execution of said boot program that said operating system software has not been changed in an unauthorized manner since said computer system was previously powered on; and
whereinsaid first verifying means includes means for generating an initial modification detection code based upon said boot program during an initial setup of said computer system. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification