Method for ensuring boot source integrity of a computing system
First Claim
Patent Images
1. A boot module for use in enforcing booting from a designated memory, the boot module comprising:
- a processor;
a memory storing instructions executable by the processor and data corresponding to an authorized boot sequence;
a plurality ports coupled to the processor for monitoring a corresponding plurality of communication busses including a first bus for carrying signals related to a boot operation from an authorized location, and one or more additional busses capable of carrying signals related to a boot operation from an unauthorized location; and
an output operable to disrupt operation of a computer when a boot operation from the unauthorized location is detected.
2 Assignments
0 Petitions
Accused Products
Abstract
A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program.
-
Citations
19 Claims
-
1. A boot module for use in enforcing booting from a designated memory, the boot module comprising:
-
a processor; a memory storing instructions executable by the processor and data corresponding to an authorized boot sequence; a plurality ports coupled to the processor for monitoring a corresponding plurality of communication busses including a first bus for carrying signals related to a boot operation from an authorized location, and one or more additional busses capable of carrying signals related to a boot operation from an unauthorized location; and an output operable to disrupt operation of a computer when a boot operation from the unauthorized location is detected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of preventing a boot cycle in a computer from other than a designated memory comprising:
-
designating a first memory to support an authorized boot cycle; monitoring a data bus coupled to a second memory capable of supporting the boot cycle but unauthorized to execute the boot cycle; determining when the boot cycle is being executed from the second memory; and interrupting the boot cycle when the boot cycle is being executed from the second memory. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer arranged and adapted to support booting from a known memory containing an authorized basic input/output system (BIOS) code, the computer comprising:
-
a first processor; a plurality memory devices, each coupled to a respective data bus; and a security circuit coupled to at least one of the respective data busses, the security circuit comprising; a second processor; a memory coupled to the second processor; a plurality of ports coupled to the second processor and the respective data busses whereby the second processor monitors the respective data busses; and an output that causes a disruption in an operation of the computer responsive to a signal from the second processor when the second processor detects signals on one of the data busses relating to a boot operation from a non-authorized one of the plurality of memory devices. - View Dependent Claims (16, 17, 18, 19)
-
Specification