System and method for authentication of off-chip processor firmware code

US 6,571,335 B1
Filed: 04/01/1999
Issued: 05/27/2003
Est. Priority Date: 04/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. An electronic system comprising:

a system substrate;

a memory element coupled to the system substrate, the memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature including a first value and a second value; and

a processor coupled to the system substrate and the memory element, the processor to contain a public key of the signatory and a digital signature function used during a predetermined condition to authenticate the firmware before execution by the processor, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic system and corresponding method for authenticating firmware stored in a memory element external to a processor. In one embodiment, an electronic system comprises a processor and a memory element. The memory element is used to contain firmware and a digital signature of the firmware signed by a signatory. Coupled to the memory element, the processor authenticates the firmware during a predetermined condition, which occurs prior to execution of the firmware, through use of a pre-stored public key of the signatory and a pre-stored digital signature function.

Citations

17 Claims

1. An electronic system comprising:
- a system substrate;
  
  a memory element coupled to the system substrate, the memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature including a first value and a second value; and
  
  a processor coupled to the system substrate and the memory element, the processor to contain a public key of the signatory and a digital signature function used during a predetermined condition to authenticate the firmware before execution by the processor, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The electronic system of claim 1, wherein the predetermined condition is a processor reset condition.
  - 3. The electronic system of claim 1, wherein the processor includes a processor core and a local memory contained in an integrated circuit package.
  - 4. The electronic system of claim 3, wherein the local memory is on-chip memory situated on a same integrated circuit chip as the processor core.
  - 5. The electronic system of claim 1, wherein the firmware controls the functionality of the processor.
  - 6. The electronic system of claim 5, wherein the firmware includes a processing unit reset function.
  - 7. The electronic system of claim 5, wherein the firmware includes one of a function for checking an occurrence of an internal initialization event and a function enabling the electronic system to interrupt the processor.
  - 8. The electronic system of claim 1, wherein the plurality of parameters include a prime modulus (p) and a prime divisor (q).

9. An electronic system:
- a memory element to contain firmware and a digital signature of the firmware signed by a signatory, the digital signature includes a first value and a second value; and
  
  a processor, coupled to the memory element, to authenticate the firmware during a predetermined condition and prior to execution of the firmware through use of a pre-stored public key of the signatory and a pre-stored digital signature function, the processor authenticates the firmware by (i) performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the public key of the signatory and a plurality of parameters associated with the digital signature function to produce a computed first value, (iii) comparing the computed first value to the first value of the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed first value matches the first value of the digital signature.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The electronic system of claim 9, wherein the digital signature function pre-stored in the processor includes a Digital Signature Standard (DSS) function.
  - 11. The electronic system of claim 9, wherein the predetermined condition is a processor reset condition.
  - 12. The electronic system of claim 9, wherein the processor includes a processor core and a local memory contained in a package.
  - 13. The electronic system of claim 9, wherein the firmware controls the functionality of the processor.
  - 14. The electronic system of claim 13, wherein the firmware includes a processing unit reset function.
  - 15. The electronic system of claim 9, wherein the plurality of parameters include a prime modulus (p) and a prime divisor (q).

16. A method comprising:
- undergoing a reset condition by a processor;
  
  accessing firmware from a memory element remotely located from the processor;
  
  authenticating the firmware before execution by the processor by performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, a public key of a signatory to produce a computed value, (iii) comparing the computed value to a value stored within the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed value matches the value stored within the digital signature; and
  
  allowing the processor to execute the firmware once the firmware has been authenticated.

17. A machine readable medium having embodied thereon a program for processing by a processor of an electronic system, the program comprising:
- an authentication subprogram for authenticating firmware loaded into the processor from a memory element remotely located from the processor using a pre-stored public key and a pre-stored digital signature function by performing a hash operation on the firmware to produce a message digest, (ii) using at least the message digest, the pre-stored public key to produce a computed value, (iii) comparing the computed value to a value stored within the digital signature, and (iv) allowing the firmware to be executed by the processor where the computed value matches the value stored within the digital signature;
  
  a processor reset subprogram to release the processor from a RESET state so that the processor can execute the firmware if authenticated; and
  
  an error subprogram to report an authentication error and to prevent the firmware from being executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Rajan, Anand, Thangadurai, George, OʼDonnell, Amy
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/282,948
Time in Patent Office

1,517 Days
Field of Search

713/1, 713/100, 713/156, 713/161, 713/164, 713/165, 713/167, 713/172, 713/173, 713/174, 713/176, 713/187, 713/189, 713/200, 713/201, 713/202, 713/170, 709/100, 705/65, 705/66, 705/67, 712/227, 712/228, 714/38
US Class Current

713/173
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/64 Protecting data integrity, ...

System and method for authentication of off-chip processor firmware code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication of off-chip processor firmware code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links