×

System and method for verifying changes to UEFI authenticated variables

  • US 9,660,807 B2
  • Filed: 09/22/2014
  • Issued: 05/23/2017
  • Est. Priority Date: 09/20/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computing device-implemented method for trusting an operating system application attempting to change a Unified Extensible Firmware Interface (UEFI) authenticated variable comprising:

  • receiving, with an operating system application, a user-supplied password;

    using the user-supplied password to create a hash of configuration data for a request to alter a UEFI authenticated variable;

    clearing, the user-supplied password from a memory of the computing device following the creating of the hash of configuration data for the request;

    receiving with system firmware the request to alter the UEFI authenticated variable from the operating system application, the request accompanied by the hash of configuration data and the configuration data;

    examining the request with the system firmware, the examining verifying that a portion of an authentication header is set to a pre-determined Globally Unique Identifier (GUID) and that the request contains a timestamp value later than a current timestamp value associated with the UEFI authenticated variable for which alteration is requested, the pre-determined GUID indicating that the operating system application request used a password-based mechanism for authentication;

    calculating with the firmware a new hash of the configuration data contained in the request based on a password known to the firmware;

    comparing the new hash to the hash contained in the request; and

    allowing alteration of the UEFI authenticated variable in event of a match between the new hash and the hash contained in the request.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×