Managing firmware update attempts
First Claim
1. A computer-implemented method for tracking attempted updates to firmware on a peripheral device of a host machine, comprising:
- under control of one or more computer systems configured with executable instructions,provisioning a guest operating system (OS) with non-virtualized direct memory access to at least one device of a host machine, the guest OS provisioned for a remote user and being accessible by the remote user over a network connection;
configuring a secure counter to monotonically adjust a current value of the secure counter for each attempted update to firmware of the at least one device that is accessible via non-virtualized direct memory access to the guest OS;
verifying at least once that the firmware has been updated by an authorized source and storing the current value of the secure counter as an expected value in a secure location inaccessible to the guest OS provisioned on the host machine;
at one or more subsequent times, comparing the current value of the secure counter with the expected value; and
if it is determined, based on the comparing, that the current value of the secure counter has been modified but that the authorized source had not updated the firmware, performing at least one remedial action with respect to at least one of the remote user, the firmware, the device, or the host machine.
1 Assignment
0 Petitions
Accused Products
Abstract
Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
158 Citations
28 Claims
-
1. A computer-implemented method for tracking attempted updates to firmware on a peripheral device of a host machine, comprising:
under control of one or more computer systems configured with executable instructions, provisioning a guest operating system (OS) with non-virtualized direct memory access to at least one device of a host machine, the guest OS provisioned for a remote user and being accessible by the remote user over a network connection; configuring a secure counter to monotonically adjust a current value of the secure counter for each attempted update to firmware of the at least one device that is accessible via non-virtualized direct memory access to the guest OS; verifying at least once that the firmware has been updated by an authorized source and storing the current value of the secure counter as an expected value in a secure location inaccessible to the guest OS provisioned on the host machine; at one or more subsequent times, comparing the current value of the secure counter with the expected value; and if it is determined, based on the comparing, that the current value of the secure counter has been modified but that the authorized source had not updated the firmware, performing at least one remedial action with respect to at least one of the remote user, the firmware, the device, or the host machine. - View Dependent Claims (2, 3, 4)
-
5. A computer-implemented method for tracking attempted updates to configuration information on a hardware device, comprising:
under control of one or more computer systems configured with executable instructions, provisioning a guest operating system (OS) with non-virtualized direct memory access to at least one device of a host machine, the guest OS provisioned for a remote user and being accessible by the remote user over a network connection; configuring a counter to monotonically adjust a current value of the counter for each attempted update to configuration information of the at least one device that is accessible via non-virtualized direct memory access to the guest OS; verifying at least once that the configuration information on the host machine has been updated by an authorized source and storing the current value of the counter as an expected value in a secure location; at one or more subsequent times, comparing an actual value of the counter with the expected value; and if it is determined, based on the comparing, that the current value of the counter has been modified but that the authorized source had not updated the configuration information, performing at least one action with respect to at least one of the remote user, the configuration information, or the host machine. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
19. A system for tracking attempted updates to configuration information on a hardware device, comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the processor to; provision a guest operating system (OS) with non-virtualized direct memory access to at least one device of a host machine, the guest OS provisioned for a remote user and being accessible by the remote user over a network connection; configure a counter to monotonically adjust a current value of the counter for each attempted update to configuration information of the at least one device that is accessible via non-virtualized direct memory access to the guest OS; verify at least once that the configuration information on the host machine has been updated by an authorized source and store the current value of the counter as an expected value in a secure location; at one or more subsequent times, compare an actual value of the counter with the expected value; and if it is determined, based on the comparing, that the current value of the counter has been modified but that the authorized source had not updated the configuration information, perform at least one action with respect to at least one of the remote user, the configuration information, or the host machine. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A non-transitory computer readable storage medium storing instructions for tracking attempted updates to configuration information on a hardware device, the instructions when executed by a processor causing the processor to:
-
provision a guest operating system (OS) with non-virtualized direct memory access to at least one device of a host machine, the guest OS provisioned for a remote user and being accessible by the remote user over a network connection; configure a counter to monotonically adjust a current value of the counter for each attempted update to configuration information of the at least one device that is accessible via non-virtualized direct memory access to the guest OS; verify at least once that the configuration information on the host machine has been updated by an authorized source and store the current value of the counter as an expected value in a secure location; at one or more subsequent times, compare an actual value of the counter with the expected value; and if it is determined, based on the comparing, that the current value of the counter has been modified but that the authorized source had not updated the configuration information, perform at least one action with respect to at least one of the remote user, the configuration information, or the host machine. - View Dependent Claims (25, 26, 27, 28)
-
Specification