Firmware updates during limited time period

US 8,887,144 B1
Filed: 09/04/2009
Issued: 11/11/2014
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing access to firmware, comprising:

under control of one or more computer systems configured with executable instructions,triggering a clock for a peripheral device on a host machine at a time after power is supplied to the peripheral device, the clock configured to initiate a period of mutability with respect to the peripheral device;

enabling firmware of the peripheral device to be updated during the period of mutability;

disabling updates to the firmware of the peripheral device after the period of mutability, the period of mutability being determined based at least in part upon the clock; and

after the period of mutability, loading a guest operating system onto the host machine,wherein the guest operating system has non-virtualized direct memory access to the peripheral device but the guest operating system is unable to modify the firmware of the peripheral device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.

Citations

26 Claims

1. A computer-implemented method for managing access to firmware, comprising:
- under control of one or more computer systems configured with executable instructions,triggering a clock for a peripheral device on a host machine at a time after power is supplied to the peripheral device, the clock configured to initiate a period of mutability with respect to the peripheral device;
  
  enabling firmware of the peripheral device to be updated during the period of mutability;
  
  disabling updates to the firmware of the peripheral device after the period of mutability, the period of mutability being determined based at least in part upon the clock; and
  
  after the period of mutability, loading a guest operating system onto the host machine,wherein the guest operating system has non-virtualized direct memory access to the peripheral device but the guest operating system is unable to modify the firmware of the peripheral device.
- View Dependent Claims (2)
- - 2. The computer-implemented method of claim 1, wherein the clock is a secure clock or guest-isolated counter implemented in hardware on the peripheral device.

3. A computer-implemented method for managing access to configuration information, comprising:
- under control of one or more computer systems configured with executable instructions,initiating a period of mutability on a host machine;
  
  enabling configuration updates for the host machine only during the period of mutability; and
  
  loading a guest operating system on the host machine at a time after the period of mutability,wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 4. The computer-implemented method of claim 3, further comprising:
    - triggering a secure clock at a time after startup of the host machine, the secure clock configured to determine the period of mutability.
  - 5. The computer-implemented method of claim 3, wherein the configuration updates are firmware updates for a hardware device.
  - 6. The computer-implemented method of claim 3, wherein a length of the period of mutability is fixed in hardware on the host machine.
  - 7. The computer-implemented method of claim 3, wherein a length of the period of mutability is configurable by an external source.
  - 8. The computer-implemented method of claim 3, wherein startup of the host machine comprises an initial boot phase of the host machine.
  - 9. The computer-implemented method of claim 3, further comprising:
    - triggering a hardware-based access control to prevent access to a configuration subsystem after the period of mutability.
  - 10. The computer-implemented method of claim 3, wherein the period of mutability is determined by a dedicated clock on a hardware device on the host machine.
  - 11. The computer-implemented method of claim 3, wherein the period of mutability can vary between multiple hardware devices on the host machine.
  - 12. The computer-implemented method of claim 3, further comprising:
    - utilizing a discovery protocol for a hardware device on the host machine to determine a length of the period of mutability.
  - 13. The computer-implemented method of claim 3, further comprising:
    - applying at least one policy defining a length of the period of mutability.
  - 14. The computer-implemented method of claim 3, further comprising:
    - extending a network booting protocol to include tags specifying a length of the period of mutability.
  - 15. The computer-implemented method of claim 3, further comprising:
    - triggering the period of mutability through a secure channel.
  - 16. The computer-implemented method of claim 15, wherein the secure channel comprises a physical switch on a hardware device requiring physical access to the host machine.
  - 17. The computer-implemented method of claim 3, further comprising:
    - suspending a clock for determining the period of mutability via a physical switch on a hardware device connected to the host machine.

18. A system for managing access to configuration information, comprising:
- a processor; and
  
  a memory device including instructions that, when executed by the processor, cause the processor to;
  
  initiate a period of mutability on a host machine;
  
  enable configuration updates for the host machine only during the period of mutability; and
  
  load a guest operating system on the host machine at a time after the period of mutability,wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18, the memory device further includes instructions that, when executed by the processor, cause the processor to:
    - trigger a secure clock at a time after startup, the secure clock configured to determine the period of mutability.
  - 20. The system of claim 18, wherein the configuration updates are firmware updates for a hardware device.
  - 21. The system of claim 18, wherein a length of the period of mutability is fixed in hardware on the host machine or configurable by an external source.
  - 22. The system of claim 18, wherein the memory device further includes instructions that, when executed by the processor, cause the processor to:
    - trigger a hardware-based access control to prevent access to a configuration subsystem after the period of mutability.

23. A non-transitory computer readable storage medium storing instructions for managing access to configuration information, the instructions when executed by a processor causing the processor to:
- initiate a period of mutability on a host machine;
  
  enable configuration updates for the host machine only during the period of mutability; and
  
  load a guest operating system on the host machine at a time after the period of mutability,wherein the guest operating system has non-virtualized direct memory access to the host machine but the guest operating system is unable to execute configuration updates for the host machine.
- View Dependent Claims (24, 25, 26)
- - 24. The non-transitory computer readable storage medium of claim 23, wherein the instructions when executed by the processor further cause the processor to:
    - trigger a secure clock at a time after startup, the secure clock configured to determine the period of mutability.
  - 25. The non-transitory computer readable storage medium of claim 23, wherein the configuration updates are firmware updates for a hardware device.
  - 26. The non-transitory computer readable storage medium of claim 23, wherein the instructions when executed by the processor further cause the processor to:
    - trigger a hardware-based access control to prevent access to a configuration subsystem after the period of mutability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Marr, Michael David, Corddry, Matthew T., Hamilton, James R.
Primary Examiner(s)
SNYDER, STEVEN G

Application Number

US12/554,770
Time in Patent Office

1,894 Days
Field of Search

None
US Class Current

717/168
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 8/65   Updates security arrangemen...

G06F 9/4416   Network booting; Remote ini...

H04L 41/082   the condition being updates...

H04L 63/126   the source of the received ...

H04L 67/34   involving the movement of s...

Firmware updates during limited time period

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Firmware updates during limited time period

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links