Protected boot flow
First Claim
Patent Images
1. A method of booting software in a computer system, comprising:
- initiating a reset function;
executing a first protected program;
validating a firmware-based BIOS program with code that cannot be updated by the computer system by verifying the BIOS program contains expected code;
locking down portions of at least one of the first protected program and the BIOS program; and
executing the BIOS program.
1 Assignment
0 Petitions
Accused Products
Abstract
A protected boot sequence in a computer system. A reset vector directs the system to a boot program including a protected program. This protected program verifies the integrity of the BIOS contents before branching to the BIOS for execution of normal bootstrap functions. The protected program can also lock down various blocks of bootstrap code to prevent them from being changed after a certain point in the boot sequence. The protected boot sequence can proceed in layers, with each layer providing some level of validation or security for succeeding layers.
-
Citations
31 Claims
-
1. A method of booting software in a computer system, comprising:
-
initiating a reset function;
executing a first protected program;
validating a firmware-based BIOS program with code that cannot be updated by the computer system by verifying the BIOS program contains expected code;
locking down portions of at least one of the first protected program and the BIOS program; and
executing the BIOS program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of booting software in a computer system, comprising:
-
initiating a reset function;
executing a first protected program that cannot be updated by the computer system;
validating, through said executing a first protected program, at least one of first and second firmware-based BIOS programs by verifying the at least one of the first and second BIOS programs contains expected code;
executing the first BIOS program;
executing a second protected program; and
executing the second BIOS program, wherein at least one of said executing the first protected program and said executing the second protected program includes locking down blocks of data in at least one of said first protected program, said second protected program, said first BIOS program, and said second BIOS program. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A machine-readable medium having stored thereon instructions, which when executed by at least one processor causes said at least one processor to perform the following:
-
initiating a reset function;
executing a protected program that cannot be updated by the at least one processor;
validating, by said executing a protected program, a firmware-based BIOS program by verifying the BIOS program contains expected code;
locking down portions of at least one of said protected program and said BIOS program; and
executing the BIOS program. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. An apparatus, comprising:
-
a first firmware-based memory block containing a protected first program sequence; and
a second firmware-based memory block containing a second program sequence for booting a computer system;
wherein the first program sequence includes instructions for validating the second program sequence by verifying the second program sequence contains expected code and for transferring control to the second program sequence;
wherein the protected first program sequence cannot be updated by the computer system;
wherein the first program sequence includes instructions for locking down at least one of a portion of the first memory block and a portion of the second memory block. - View Dependent Claims (27, 28, 29, 30, 31)
-
Specification