System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device
First Claim
Patent Images
1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
- receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode;
saving, with the firmware request reception module, memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM;
triggering the transition of the CPU from the normal CPU operating mode to SMM using the request reception module;
verifying an identity of the firmware request reception module with the firmware verification module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request;
validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and
performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for allowing firmware in a UEFI-compliant device to implement the UEFI specification driver signing and Authenticated Variable elements while at the same time protecting the system security database holding the library of approved keys and lists of allowed and forbidden programs from unauthorized modifications is discussed.
24 Citations
12 Claims
-
1. A method for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
-
receiving a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode; saving, with the firmware request reception module, memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM; triggering the transition of the CPU from the normal CPU operating mode to SMM using the request reception module; verifying an identity of the firmware request reception module with the firmware verification module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request; validating a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and performing the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM. - View Dependent Claims (2, 3)
-
-
4. A method for updating a firmware store region in a flash Read-Only Memory (ROM) in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising:
-
receiving at the UEFI-compliant device a downloaded update package that includes an executable update program, a replacement image of the firmware store and a signed hash of the replacement image; executing the update program while a central processing unit (CPU) in the UEFI-compliant computing device is operating in a normal CPU operating mode, the update program generating an update request for the firmware store region; saving, with the update program, memory location information related to the update package for use of firmware used to verify the update program, the firmware used to verify the update program being executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM; triggering with the update program, while the CPU is operating in the normal CPU operating mode, the transition of the CPU from the normal CPU operating mode to SMM; verifying while the CPU is in SMM that the update request is from the update program, the verifying performed by checking a location in memory of the request against a previously noted update program load address to identify an origin of the update request; validating the signature and replacement image with SMM-resident firmware that is only executable when the CPU is in SMM; and updating the firmware store with the replacement image, the updating occurring using SMM-resident firmware that is only executable when the CPU is in SMM. - View Dependent Claims (5)
-
-
6. A non-transitory computer-readable medium holding computer-executable instructions for processing system security database requests in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, the instructions when executed causing at least one computing device to:
-
receive a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request processed by a firmware request reception module, code for the request reception module being accessible when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode; save, with the firmware request reception module, memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM; trigger the transition of the CPU from the normal CPU operating mode to SMM using the request reception module; verify an identity of the firmware request reception module with the firmware verification module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request; validate a signature contained in the processed request for performing an alteration of the system security database, the validating occurring using a firmware validation module that is only executable when the CPU is in SMM; and perform the alteration of the system security database requested using a firmware update module, the alteration occurring following a successful validation of the signature, the firmware update module only executable when the CPU is in SMM. - View Dependent Claims (7)
-
-
8. A non-transitory computer-readable medium holding computer-executable instructions for updating a firmware store region in a flash Read-Only Memory (ROM) in a Unified Extensible Firmware Interface (UEFI)-compliant computing device, the instructions when executed causing at least one computing device to:
-
receive at the UEFI-compliant device a downloaded update package that includes an executable update program, a replacement image of the firmware store and a signed hash of the replacement image; execute the update program while a central processing unit (CPU) in the UEFI-compliant computing device is operating in a normal CPU operating mode, the update program generating an update request for the firmware store region; save, with the update program, memory location information related to the update package for use of firmware used to verify the update program, the firmware used to verify the update program being executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to a triggering of a transition of the CPU from the normal CPU operating mode to SMM; trigger with the update program, while the CPU is operating in the normal CPU operating mode, the transition of the CPU from the normal CPU operating mode to SMM; verify while the CPU is in SMM that the update request is from the update program, the verifying performed by checking a location in memory of the request against a previously noted update program load address to identify an origin of the update request; validate the signature and replacement image with SMM-resident firmware that is only executable when the CPU is in SMM; and update the firmware store with the replacement image, the updating occurring using SMM-resident firmware that is only executable when the CPU is in SMM. - View Dependent Claims (9)
-
-
10. A Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising a central processing unit configured to execute:
-
a firmware request reception module for receiving and processing a signed system security database modification request from an operating system module, the request seeking to perform an alteration of a system security database in the UEFI-compliant computing device, the request reception module being executable when a central processing unit (CPU) in the computing device is operating in a normal CPU operating mode and saving memory location information related to the system security database modification request for the use of a firmware verification module, the firmware verification module executable only when the CPU is in a System Management Mode (SMM), the memory location information saved prior to triggering a transition of the CPU from the normal CPU operating mode to a SMM following the processing; the firmware verification module for verifying an identity of the firmware request reception module, the verifying performed by checking a location in memory of the request against a previously noted request reception module load address to identify an origin of the processed request; a firmware validation module for validating a signature contained in the processed request for performing an alteration of the system security database, the firmware validation module executing only when the CPU is in SMM; and a firmware update module for performing the requested alteration of the system security database following a successful validation of the signature, the firmware update module executing only when the CPU is in SMM. - View Dependent Claims (11)
-
-
12. A Unified Extensible Firmware Interface (UEFI)-compliant computing device, comprising a central processing unit (CPU) configured to execute:
-
a downloaded update package including an executable update program for updating a firmware store region in a flash Read-Only Memory (ROM) in the UEFI-compliant computing device, the update package further including a replacement image of at least part of the firmware store and a signed hash of the replacement image, the update program executing while the CPU in the UEFI-compliant computing device is operating in a normal CPU operating mode, the update program generating an update request for the firmware store region and triggering a transition of the CPU from the normal CPU operating mode to a System Management Mode (SMM) to update the firmware store with the replacement image, memory location information related to the update package saved by the update program for use by firmware used to verify the update program, the memory location information saved prior to the triggering of the transition of the CPU from the normal CPU operating mode to SMM by the update program; the firmware used for verifying the update program, the firmware being executable only when the CPU is in a SMM, the verifying performed by checking a location in memory of the request against a previously noted update program load address to identify an origin of the update request; firmware for validating the signature and replacement image, the firmware for validating the signature and replacement image only executing when the CPU is in SMM; and firmware for updating the firmware store with the replacement image, the firmware for updating the firmware store only executing when the CPU is in SMM.
-
Specification