Manufacturing mode for secure firmware using lock byte

US 9,627,081 B2
Filed: 10/05/2007
Issued: 04/18/2017
Est. Priority Date: 10/05/2007
Status: Active Grant

First Claim

Patent Images

1. A method for securing non-volatile memory comprising:

updating a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode;

after updating the signature byte from the default value to the updated value, determining that the signature byte is set to a value associated with the write-enabled mode;

write-protecting at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode;

after updating the signature byte from the default value to the updated value, preventing an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier;

determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and

if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Upon initialization or startup of an electronic device, the device checks a predetermined section of non-volatile memory, referred to as the signature byte or lock byte, and allows either the manufacturing mode which allows for installation of the final or production version of firmware to be loaded into non-volatile memory, or the production mode which write-protects certain portions of non-volatile memory before giving operating control of the electronic device to another program, for example, an operating system. By only allowing execution of operating system or other executable code after write-protecting certain portions of non-volatile memory, system security, integrity, and robustness are substantially increased.

Citations

24 Claims

1. A method for securing non-volatile memory comprising:
- updating a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, determining that the signature byte is set to a value associated with the write-enabled mode;
  
  write-protecting at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, preventing an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier;
  
  determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and
  
  if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein the default value is an initial state of the non-volatile memory or a result of performing an erase operation.
  - 3. The method of claim 1, further comprising the step of finding a signature byte by searching for a pre-determined header structure within the non-volatile memory, the pre-determined header structure being unique to the signature byte.
  - 4. The method of claim 1, further comprising the step of finding a signature byte by reading a pre-determined location within the nonvolatile memory.
  - 5. The method of claim 4, wherein the pre-determined location of nonvolatile memory is a memory address.
  - 6. The method of claim 1, wherein the signature byte is located within the at least one sector of the non-volatile memory.
  - 7. The method of claim 6, wherein the step of write-protecting the at least one sector of the non-volatile memory remains in effect until at least one of a power-on, system reset, or resume from CPU-off/suspend.
  - 8. The method of claim 1, wherein the signature byte is not located within the at least one sector of the non-volatile memory, and further including the step of write-protecting the signature byte if the signature byte is not set to the value associated with the the write-enabled mode.
  - 9. The method of claim 8, wherein the step of write-protecting the signature byte remains in effect until at least one of a power-on, system reset, or resume from CPU-off/suspend.
  - 10. The method of claim 1, wherein the non-volatile memory is a flash memory, and the step of write-protecting the at least one sector of non-volatile memory includes using flash-programming commands to set at least one sector of the flash memory to a write-protected state.
  - 11. The method of claim 1, wherein the step of write-protecting the at least one sector of the non-volatile memory includes using chipset write-protect registers.
  - 12. The method of claim 1, wherein the step of write-protecting the at least one sector of the non-volatile memory includes connecting a general purpose output to a pin of the non-volatile memory that controls writing to the non-volatile memory and setting the general purpose output to a state that disables writing to the non-volatile memory.
  - 13. The method of claim 12, wherein the state of the general purpose output is locked until an electronic device is reset.
  - 14. The method of claim 1, further comprising the steps of:
    - modifying firmware of the non-volatile memory if the signature byte is set to the value associated with the the write-enabled mode, and then changing the signature byte to a different value than the value associated with the the write-enabled mode.
  - 15. The method of claim 14, wherein the step of modifying the firmware further includes adding firmware to the non-volatile memory.
  - 16. The method of claim 14, wherein the step of changing the signature byte includes writing to the signature byte with a bitwise not of the signature byte.
  - 17. The method of claim 16, wherein the at least one sector of non-volatile memory is either NAND-type flash or ˜
    - OR-type flash, and wherein the step of changing the signature byte further comprises the steps of;
      
      determining whether the value of the signature byte changed following the step of writing to the signature byte with a bitwise not of the signature byte; and
      
      if the signature byte value does not change following the step of writing to the signature byte with a bitwise not of the signature byte, reporting an error message.
  - 18. The method of claim 1, wherein the step of determining whether a reflash is authorized further includes receiving a username and password combination.
  - 19. The method of claim 1, wherein the step of determining whether a reflash is authorized further includes making a secure handshake between a firmware resident in the non-volatile memory and a replacement firmware.
  - 20. The method of claim 19, wherein the secure handshake includes using cryptographic keys.
  - 21. The method of claim 19;
    - wherein the secure handshake includes using a replacement firmware that is electronically signed.

22. An electronic device, comprising:
- a processor; and
  
  a system memory, coupled to the processor, the system memory maintaining instructions that if executed by the processor, cause the processor to;
  
  update a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, determine that the signature byte is set to a value associated with the write-enabled mode;
  
  write-protect at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, prevent an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier;
  
  determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and
  
  if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode.

23. A processor readable storage medium storing code segments, that if executed by a processor, cause the processor to:
- update a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, determine that the signature byte is set to a value associated with the write-enabled mode;
  
  write-protect at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode;
  
  after updating the signature byte from the default value to the updated value, prevent an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier;
  
  determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and
  
  if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode.
- View Dependent Claims (24)
- - 24. The processor readable storage medium of claim 23, wherein execution of the code segments further causes:
    - after updating the signature byte from the default value to the updated value, write firmware to the non-volatile memory or modify portions of the firmware stored in the non-volatile memory if the signature byte is set to the value associated with the the write-enabled mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinglite Holdings Inc.
Original Assignee
Kinglite Holdings Inc.
Inventors
Lewis, Timothy Andrew
Primary Examiner(s)
TSAI, SHENG JEN

Application Number

US11/973,223
Publication Number

US 20090094421A1
Time in Patent Office

3,483 Days
Field of Search

711163, 711103, 717168, 713 2
US Class Current
CPC Class Codes

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/78   to assure secure storage of...

G11C 16/22   Safety or protection circui...

Manufacturing mode for secure firmware using lock byte

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Manufacturing mode for secure firmware using lock byte

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links