Firmware updates during limited time period
First Claim
1. A computer-implemented method for managing access to firmware, comprising:
- under control of one or more computer systems configured with executable instructions,triggering a clock for a peripheral device on a host machine at a time after power is supplied to the peripheral device, the clock configured to initiate a period of mutability with respect to the peripheral device;
enabling firmware of the peripheral device to be updated during the period of mutability;
disabling updates to the firmware of the peripheral device after the period of mutability, the period of mutability being determined based at least in part upon the clock; and
after the period of mutability, loading a guest operating system onto the host machine,wherein the guest operating system has non-virtualized direct memory access to the peripheral device but the guest operating system is unable to modify the firmware of the peripheral device.
1 Assignment
0 Petitions
Accused Products
Abstract
When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.
-
Citations
26 Claims
-
1. A computer-implemented method for managing access to firmware, comprising:
under control of one or more computer systems configured with executable instructions, triggering a clock for a peripheral device on a host machine at a time after power is supplied to the peripheral device, the clock configured to initiate a period of mutability with respect to the peripheral device; enabling firmware of the peripheral device to be updated during the period of mutability; disabling updates to the firmware of the peripheral device after the period of mutability, the period of mutability being determined based at least in part upon the clock; and after the period of mutability, loading a guest operating system onto the host machine, wherein the guest operating system has non-virtualized direct memory access to the peripheral device but the guest operating system is unable to modify the firmware of the peripheral device. - View Dependent Claims (2)
-
3. A computer-implemented method for managing access to configuration information, comprising:
under control of one or more computer systems configured with executable instructions, initiating a period of mutability on a host machine; enabling configuration updates for the host machine only during the period of mutability; and loading a guest operating system on the host machine at a time after the period of mutability, wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
18. A system for managing access to configuration information, comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the processor to; initiate a period of mutability on a host machine; enable configuration updates for the host machine only during the period of mutability; and load a guest operating system on the host machine at a time after the period of mutability, wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A non-transitory computer readable storage medium storing instructions for managing access to configuration information, the instructions when executed by a processor causing the processor to:
-
initiate a period of mutability on a host machine; enable configuration updates for the host machine only during the period of mutability; and load a guest operating system on the host machine at a time after the period of mutability, wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine. - View Dependent Claims (24, 25, 26)
-
Specification