Firmware authentication
First Claim
1. An Information Handling System (IHS), comprising:
- a controller including a memory configured to store a plurality of firmware volumes, wherein each of the plurality of firmware volumes includes a plurality of firmware files, wherein all of the plurality of firmware volumes are encapsulated into a header file, wherein the header file includes a table that lists a plurality of digital signatures, wherein the table associates each digital signature with a different set of firmware file(s) within each firmware volume, and wherein each set of firmware file(s) can be authenticated its associated digital signature; and
a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files using a single digital signature, wherein a first one of the two or more firmware files belongs to a first firmware volume and a second one of the two of more firmware files belongs to a second firmware volume distinct from the first firmware volume, and wherein at least one of the first or second firmware volumes includes at least one firmware file that cannot be authenticated using the digital signature.
15 Assignments
0 Petitions
Accused Products
Abstract
Firmware authentication in Information Handling Systems (IHSs) are disclosed. In some embodiments, an IHS may include a controller having a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files. The IHS may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature. In another embodiment, a method may include creating a firmware volume, adding a plurality of firmware files to the firmware volume, and creating a digital signature based upon at least one of the plurality of firmware files, where the digital signature, upon being authenticated, allows a BIOS to load any of the plurality of firmware files.
21 Citations
20 Claims
-
1. An Information Handling System (IHS), comprising:
-
a controller including a memory configured to store a plurality of firmware volumes, wherein each of the plurality of firmware volumes includes a plurality of firmware files, wherein all of the plurality of firmware volumes are encapsulated into a header file, wherein the header file includes a table that lists a plurality of digital signatures, wherein the table associates each digital signature with a different set of firmware file(s) within each firmware volume, and wherein each set of firmware file(s) can be authenticated its associated digital signature; and a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files using a single digital signature, wherein a first one of the two or more firmware files belongs to a first firmware volume and a second one of the two of more firmware files belongs to a second firmware volume distinct from the first firmware volume, and wherein at least one of the first or second firmware volumes includes at least one firmware file that cannot be authenticated using the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
creating a header file including a table and a plurality of firmware volumes, wherein each firmware volume includes a plurality of firmware files, wherein the table lists a plurality of digital signatures, wherein each digital signature is associated with a different set of firmware file(s) within each firmware volume, and wherein each set of firmware file(s) can be authenticated its associated digital signature; adding firmware file to a given firmware volume; and creating a digital signature based upon the firmware file, wherein the digital signature, upon being authenticated, allows a Basic Input/Output System (BIOS) to load two or more firmware files, wherein a first one of the two or more firmware files belongs to a first firmware volume and a second one of the two of more firmware files belongs to a second firmware volume distinct from the first firmware volume, and wherein at least one of the first or second firmware volumes includes at least one firmware file that cannot be authenticated using the digital signature. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A Basic Input/Output System (BIOS) having program instructions stored thereon that, upon execution, cause an Information Handling System (IHS) to:
-
access a header file external to the BIOS, the header file including a table and a plurality of firmware volumes, wherein each firmware volume includes a plurality of firmware files, wherein the table lists a plurality of digital signatures, wherein each digital signature is associated with a different set of firmware files, and wherein each set of firmware files can be authenticated using its associated digital signature; receive a digital signature; authenticate two or more firmware files using the digital signature, wherein a first one of the two or more firmware files belongs to a first firmware volume and a second one of the two of more firmware files belongs to a second firmware volume distinct from the first firmware volume, and wherein at least one of the first or second firmware volumes includes at least one firmware file that cannot be authenticated using the digital signature; and load the two or more firmware files during a booting process. - View Dependent Claims (17, 18, 19, 20)
-
Specification