Methods, systems and computer program products for secure firmware updates

US 7,069,452 B1
Filed: 07/12/2000
Issued: 06/27/2006
Est. Priority Date: 07/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method of controlling updates of a programmable memory of a device, the method comprising:

providing an update window of predefined duration during which the programmable memory may be updated; and

allowing updates of the programmable memory only during the update window;

wherein the steps of providing an update window and allowing updates comprise the steps of;

allowing access to the programmable memory based on the state of an access latch;

setting the access latch to allow access to the programmable memory after a hardware reset of the device;

executing an update control program to control access to the programmable memory;

resetting the latch to prevent access to the programmable memory upon completion of the update control program;

allowing access to a memory where the update control program resides when the access latch allows access to the programmable memory; and

preventing access to the memory where the update control program resides when the access latch prevents access to the programmable memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products which provide secure updates of firmware (i.e. data stored in a programmable memory device of a processing system) are disclosed. Updates of a programmable memory of a device may be controlled by providing an update window of finite duration during which the programmable memory may be updated. Access to the programmable memory may be based on the state of an access latch. The access latch may be set to allow access after a hardware reset of the device. An update control program may be executed to control access to the programmable memory and the latch reset to prevent access upon completion of the update control program. Verification of the update may be provided through encryption techniques and rules incorporated in certificates for application of updates to provide for selectively updating devices. Also disclosed are methods of securely providing differing functionality to generic devices.

209 Citations

36 Claims

1. A method of controlling updates of a programmable memory of a device, the method comprising:
- providing an update window of predefined duration during which the programmable memory may be updated; and
  
  allowing updates of the programmable memory only during the update window;
  
  wherein the steps of providing an update window and allowing updates comprise the steps of;
  
  allowing access to the programmable memory based on the state of an access latch;
  
  setting the access latch to allow access to the programmable memory after a hardware reset of the device;
  
  executing an update control program to control access to the programmable memory;
  
  resetting the latch to prevent access to the programmable memory upon completion of the update control program;
  
  allowing access to a memory where the update control program resides when the access latch allows access to the programmable memory; and
  
  preventing access to the memory where the update control program resides when the access latch prevents access to the programmable memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method according to claim 1, wherein the update control program further carries out the steps of:
    - determining if an update of the programmable memory is, available; and
      
      updating the programmable memory if an update of the programmable memory is available.
  - 3. A method according to claim 2, wherein the step of determining if an update of the programmable memory is available comprises examining at least one of a local memory location, a local drive, a network drive and an input device status to determine if an update is available.
  - 4. A method according to claim 2, wherein the step of determining if an update of the programmable memory is available comprises examining persistent status information.
  - 5. A method according to claim 2, wherein the step of updating the programmable memory comprises the steps of:
    - obtaining an update image associated with the available update containing update data to be written to the programmable memory;
      
      obtaining installation information from the update image; and
      
      writing the update data to the programmable memory based on the installation information obtained from the update image.
  - 6. A method according to claim 5, wherein the installation information comprises an install program and wherein the step of writing the update data to the programmable memory based on the installation information obtained from the update image comprises executing the install program to write the update data to the programmable memory.
  - 7. A method according to claim 2, wherein the step of updating the programmable memory comprises the steps of:
    - loading an update image associated with the available update into a temporary workspace; and
      
      updating the programmable memory from the loaded update image.
  - 8. A method according to claim 2, further comprising the step of storing existing data from the programmable memory so as to provide a backup copy of the existing data from the programmable memory.
  - 9. A method according to claim 8, further comprising the steps of:
    - determining if the update of the programmable memory was successful; and
      
      restoring the contents of the programmable memory from the backup copy if the update of the programmable memory was not successful.
  - 10. A method according to claim 2, wherein the update control program further carries out the step of:
    - verifying the authenticity of the update of the programmable memory if an update of the programmable memory is available.
  - 11. A method according to claim 10, wherein the step or verifying the authenticity of the update comprises the step of determining if a valid digital signature is provided with the image by decrypting the digital signature provided with the image using a shared secret.
  - 12. A method according to claim 10, wherein the step of verifying the authenticity of the update comprises the step of:
    - evaluating at least one certificate in an update image associated with the available update to determine if a valid digital signature is provided with the update image.
  - 13. A method according to claim 12, wherein the step of evaluating at least one certificate comprises the steps of:
    - decrypting a digital signature of the certificate utilizing a public key of a certificate authority accessible to the update program; and
      
      comparing the decrypted digital signature with a precomputed value to determine if the digital signature is a valid digital signature associated with the certificate authority.
  - 14. A method according to claim 13, wherein the public key is stored in a non-updateable memory associated with the update control program.
  - 15. A method according to claim 13, further comprising the step of:
    - providing the public key of the certificate authority in a previous version of data to be stored in the programmable memory; and
      
      wherein the step of decrypting a digital signature of the certificate utilizing a public key further comprises the step of obtaining the public key from the programmable memory.
  - 16. A method according to claim 10, wherein the update includes a plurality of certificates in a hierarchy of certificates and wherein the step of verifying the authenticity of the update comprises the step of evaluating certificates of the plurality of certificates in an update image to determine if a valid digital signature is provided with certificates of the plurality of certificates in the update image.
  - 17. A method according to claim 16, wherein the step of evaluating certificates of the plurality of certificates comprises the steps ofdecrypting a digital signature of a certificate utilizing a public key associated with a next-higher certificate in the hierarchy;
    - comparing the decrypted digital signature with a precomputed value to determine if the digital signature is a valid digital signature associated with the certificate;
      
      obtaining a public key associated with another of the digital certificates;
      
      repeating the steps of decrypting and comparing utilizing the obtained public key associated with another of the digital certificates; and
      
      wherein the step of obtaining a public key is repeated until a public key associated with a last of the digital certificates is obtained, and comparing the last public key with a predetermined value.
  - 18. A method according to claim 10, further comprising the steps of:
    - obtaining application rules information from an extension of at least one certificate associated with the update;
      
      evaluating the rules information obtained from the at least one certificate; and
      
      wherein the step of updating the programmable memory comprises the step of selectively updating the programmable memory based on the evaluation of the rules information obtained from the at least one certificate.
  - 19. A method according to claim 18, wherein the step of evaluating the rules information comprises the step of evaluating at least one of rules information associated with a manufacturer of the device, rules information associated with a brand of the device, rules information associated with a software version of the device, rules information associated with a license authorization of the device or rules information associated with the individual device.

20. A system for controlling updates of a programmable memory of a device, comprising:
- means for providing an update window of predefined duration during which the programmable memory may be updated; and
  
  means for allowing updates of the programmable memory only during the update window;
  
  wherein the means for providing an update window and the means for allowing updates, comprise;
  
  means for allowing access to the programmable memory based on the state of an access latch;
  
  means for setting the access latch to allow access to the programmable memory after a hardware reset of the device;
  
  means for executing an update control program to control access to the programmable memory;
  
  means for resetting the latch to prevent access to the programmable memory upon completion of the update control program;
  
  means for allowing access to a memory where the update control program resides when the access latch allows access to the programmable memory; and
  
  means for preventing access to the memory where the update control program resides when the access latch prevents access to the programmable memory.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 21. A system according to claim 20, further comprising:
    - means for determining if an update of the programmable memory is available; and
      
      means for updating the programmable memory if an update of the programmable memory is available.
  - 22. A system according to claim 21, wherein the means for determining if an update of the programmable memory is available comprises means for examining at least one of a local memory location, a local drive, a network drive and an input device status to determine if an update is available.
  - 23. A system according to claim 21, wherein the means for determining if an update of the programmable memory is available comprises means for examining persistent status information.
  - 24. A system according to claim 21, wherein the means for updating the programmable memory comprises:
    - means for obtaining an update image associated with the available update containing update data to be written to the programmable memory;
      
      means for obtaining installation information from the update image; and
      
      means for writing the update data to the programmable memory based on the installation information obtained from the update image.
  - 25. A system according to claim 24, wherein the installation information comprises an install program and wherein the means for writing the update data to the programmable memory based on the installation information obtained from the update image comprises means for executing the install program to write the update data to the programmable memory.
  - 26. A system according to claim 20, wherein the means for updating the programmable memory comprises:
    - means for loading an update image associated with the available update into a temporary workspace; and
      
      means for updating the programmable memory from the loaded update image.
  - 27. A system according to claim 20, further comprising means for storing existing data from the programmable memory so as to provide a backup copy of the existing data from the programmable memory.
  - 28. A system according to claim 27, further comprising:
    - means for determining if the update of the programmable memory was successful; and
      
      means for restoring the contents of the programmable memory from the backup copy if the update of the programmable memory was not successful.
  - 29. A system according to claim 20, further comprising means for verifying the authenticity of the update of the programmable memory if an update of the programmable memory is available.
  - 30. A system according to claim 29, wherein the means for verifying the authenticity of the update comprises means for evaluating at least one certificate in update image associated with the available update to determine if a valid digital signature is provided with the update image.
  - 31. A system according to claim 30, wherein the means for evaluating at least one certificate comprises:
    - means for decrypting a digital signature of the certificate utilizing a public key of a certificate authority accessible to the update program; and
      
      means for comparing the decrypted digital signature with a precomputed value to determine if the digital signature is a valid digital signature associated with the certificate authority.
  - 32. A system according to claim 31, wherein the public key is stored in a non-updateable memory associated with the update control program.
  - 33. A system according to claim 31, further comprising:
    - means for providing the public key of the certificate authority in a previous version of data to be stored in the programmable memory; and
      
      wherein means for decrypting a digital signature of the certificate utilizing a public key further comprises means for obtaining the public key from the programmable memory.
  - 34. A system according to claim 30, further comprising:
    - means for obtaining application rules information from an extension of at least one certificate associated with the update;
      
      means for evaluating the rules information obtained from the at least one certificate; and
      
      wherein the means for updating the programmable memory comprises means for selectively updating the programmable memory based on the evaluation of the rules information obtained from the at least one certificate.
  - 35. A system according to claim 34, wherein the means for evaluating the rules information comprises means for evaluating at least one of rules information associated with a manufacturer of the device, rules information associated with a brand of the device, rules information associated with a software version of the device, rules information associated with a license authorization of the device or rules information associated with the individual device.
  - 36. A system according to claim 29, wherein the means for verifying the authenticity of the update image comprises means for determining if a valid digital signature is provided with the image by decrypting the digital signature provided with the image using a shared secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peters, Marcia Lambert, Hind, John R.
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US09/614,982
Time in Patent Office

2,176 Days
Field of Search

703/200, 713 1- 2, 713200-202, 713189-194
US Class Current

713/1
CPC Class Codes

G06F 21/572 Secure firmware programming...

Methods, systems and computer program products for secure firmware updates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

209 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems and computer program products for secure firmware updates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links