×

System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device

  • US 9,372,699 B2
  • Filed: 04/06/2012
  • Issued: 06/21/2016
  • Est. Priority Date: 04/08/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:

  • receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode;

    saving, with the firmware request reception module, memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM;

    triggering the transition of the CPU from the normal CPU operating mode to SMM using the request reception module;

    verifying an identity of the firmware request reception module with the firmware verification module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request;

    validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and

    performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×