Approaches for firmware to trust an application

US 8,918,907 B2
Filed: 04/13/2011
Issued: 12/23/2014
Est. Priority Date: 04/13/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium storing one or more sequences of instructions, which when executed, causes:

upon being instructed to execute an application, an operating system determining whether to permit execution of the application by (a) obtaining a first signature of an in-memory image of the application and (b) verifying that the first signature matches a second signature of a persistently stored image of the application;

upon firmware receiving from the application a request for a service provided by the firmware, the firmware determining whether the application should be trusted by (a) verifying that the request originated from the in-memory image of the application and (b) verifying that the second signature of the persistently stored image of the application corresponds to an application which the firmware has previously been notified as being deemed trustworthy;

upon the firmware determining that the application requesting the service from the firmware should be trusted, the firmware storing trust data that permits the application to access the service provided by the firmware; and

upon the firmware determining that the application requesting the service from the firmware should not be trusted, the firmware denying performance of the service to the application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for determining whether firmware should trust an application sufficiently so as to provide a service to the application. Firmware, executing on a device, receives an indication that an application, also executing on the device, is requesting a service provided by the firmware. The firmware obtains (a) an operating system signature associated with the application and (b) a firmware signature associated with the application. The operating system signature is a signature that is used by the operating system, executing on the device, to authenticate the application, while the firmware signature is a signature that is used by the firmware to authenticate the application. If the firmware determines that the operating system signature matches the firmware signature, then the firmware storing trust data that permits the application to access the service provided by the firmware. The firmware need not calculate a signature based on the in-memory image of the application.

18 Citations

View as Search Results

20 Claims

1. A non-transitory machine-readable medium storing one or more sequences of instructions, which when executed, causes:
- upon being instructed to execute an application, an operating system determining whether to permit execution of the application by (a) obtaining a first signature of an in-memory image of the application and (b) verifying that the first signature matches a second signature of a persistently stored image of the application;
  
  upon firmware receiving from the application a request for a service provided by the firmware, the firmware determining whether the application should be trusted by (a) verifying that the request originated from the in-memory image of the application and (b) verifying that the second signature of the persistently stored image of the application corresponds to an application which the firmware has previously been notified as being deemed trustworthy;
  
  upon the firmware determining that the application requesting the service from the firmware should be trusted, the firmware storing trust data that permits the application to access the service provided by the firmware; and
  
  upon the firmware determining that the application requesting the service from the firmware should not be trusted, the firmware denying performance of the service to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further causes:
    - prior to the execution of the application, performing the steps of;
      
      creating an operating system signature for the application, wherein the operating system signature is the second signature,appending the operating system signature to a first image of the application using a first signed container that is signed by the operating system to create a second image of the application,creating a firmware signature for the application,appending the firmware signature to the second image of the application using a second signed container signed by the firmware to create a third image of the application; and
      
      the firmware consulting the firmware signature to verify whether the application requesting the service from the firmware should be trusted.
  - 3. The non-transitory machine-readable medium of claim 1, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 4. The non-transitory machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further causes:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 5. The non-transitory machine-readable medium of claim 1, wherein the firmware does not create either the first or second signature.
  - 6. The non-transitory machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further causes:
    - upon the operating system successfully authenticating the operating system using the first signature, the operating system allowing the application to execute; and
      
      upon the operating system determining that the operating system cannot be authenticated using the first signature or that the first signature is not present, the operating system preventing the application from executing.
  - 7. The non-transitory machine-readable medium of claim 2, wherein the first and second signed containers are signed using X.509 certificates or Unified Extensible Firmware Interface (UEFI) WIN_CERTIFICATE structures.

8. A computer, comprising:
- an application;
  
  an operating system performing;
  
  upon being instructed to execute the application, the operating system determining whether to permit execution of the application by (a) obtaining a first signature of an in-memory image of the application and (b) verifying that the first signature matches a second signature of a persistently stored image of the application; and
  
  firmware performing;
  
  upon the firmware receiving from the application a request for a service provided by the firmware, the firmware determining whether the application should be trusted by (a) verifying that the request originated from the in-memory image of the application and (b) verifying that the second signature of the persistently stored image of the application corresponds to an application which the firmware has previously been notified as being deemed trustworthy;
  
  upon the firmware determining that the application requesting the service from the firmware should be trusted, the firmware storing trust data that permits the application to access the service provided by the firmware; and
  
  upon the firmware determining that the application requesting the service from the firmware should not be trusted, the firmware denying performance of the service to the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer of claim 8, further comprising:
    - one or more software components, prior to execution of the application, performing;
      
      creating an operating system signature for the application, wherein the operating system signature is the second signature,appending the operating system signature to a first image of the application using a first signed container that is signed by the operating system to create a second image of the application,creating a firmware signature for the application,appending the firmware signature to the second image of the application using a second signed container signed by the firmware to create a third image of the application; and
      
      the firmware consulting the firmware signature to verify whether the application requesting the service from the firmware should be trusted.
  - 10. The computer of claim 8, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 11. The computer of claim 8, wherein the firmware further performs:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 12. The computer of claim 8, wherein the firmware does not create either the first or second signature.
  - 13. The computer of claim 8, wherein the operating system further performs:
    - upon the operating system successfully authenticating the operating system using first signature, the operating system allowing the application to execute; and
      
      upon the operating system determining that the operating system cannot be authenticated using the first signature or that the first signature is not present, the operating system preventing the application from executing.
  - 14. The computer of claim 9, wherein the first and second signed containers are signed using X.509 certificates or Unified Extensible Firmware Interface (UEFI) WIN_CERTIFICATE structures.

15. A method for firmware to determine whether to provide services to an application, comprising:
- upon being instructed to execute an application, an operating system determining whether to permit execution of the application by (a) obtaining a first signature of an in-memory image of the application and (b) verifying that the first signature matches a second signature of a persistently stored image of the application;
  
  upon firmware receiving from the application a request for a service provided by the firmware, the firmware determining whether the application should be trusted by (a) verifying that the request originated from the in-memory image of the application and (b) verifying that the second signature of the persistently stored image of the application corresponds to an application which the firmware has previously been notified as being deemed trustworthy;
  
  upon the firmware determining that the application requesting the service from the firmware should be trusted, the firmware storing trust data that permits the application to access the service provided by the firmware; and
  
  upon the firmware determining that the application requesting the service from the firmware should not be trusted, the firmware denying performance of the service to the application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein further comprising:
    - prior to the execution of the application, performing the steps of;
      
      creating an operating system signature for the application, wherein the operating system signature is the second signature,appending the operating system signature to a first image of the application using a first signed container that is signed by the operating system to create a second image of the application,creating a firmware signature for the application,appending the firmware signature to the second image of the application using a second signed container signed by the firmware to create a third image of the application; and
      
      the firmware consulting the firmware signature to verify whether the application requesting the service from the firmware should be trusted.
  - 17. The method of claim 15, wherein the trust data further authorizes the application to access services provided by the firmware for a predetermined length of time or a predetermined number of subsequent service requests.
  - 18. The method of claim 15, further comprising:
    - in response to the firmware receiving a notification from the application that the application is finished using the service provided by the firmware, the firmware deleting the trust data to prevent the application from subsequently accessing the service provided by the firmware.
  - 19. The method of claim 15, wherein the firmware does not create either the operating system signature or the firmware signature.
  - 20. The method of claim 15, further comprising:
    - upon the operating system successfully authenticating the operating system using the first signature, the operating system allowing the application to execute; and
      
      upon the operating system determining that the operating system cannot be authenticated using the first signature or that the first signature is not present, the operating system preventing the application from executing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenix Technologies EMEA Limited
Original Assignee
Phoenix Technologies Limited (Pharaoh Acquisition LLC)
Inventors
Lewis, Timothy A.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US13/085,992
Publication Number

US 20120266259A1
Time in Patent Office

1,350 Days
Field of Search

726/26, 726/27, 726/30, 713/176
US Class Current

726/30
CPC Class Codes

G06F 21/51 at application loading time...

Approaches for firmware to trust an application

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Approaches for firmware to trust an application

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links