Secure authentication of firmware configuration updates
First Claim
Patent Images
1. A computer-implemented method for invoking a platform-specific firmware function in a unified extensible firmware interface (UEFI) environment, the method comprising:
- receiving a request, by way of a UEFI firmware, to perform a UEFI runtime function to get or set a value for a firmware variable, the firmware variable comprising a variable name and a variable value;
determining that access to firmware assets is authenticated or unauthenticated; and
in response to determining that the access to the firmware assets is unauthenticated, authenticating the access byverifying that the variable name corresponds to an authentication function,verifying, by the authentication function, that the variable value matches an authentication value, andsetting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing system firmware is provided that includes functionality for securely authenticating a user of the computing system prior to allowing the user, through an application running on an operating system, to invoke firmware functions and to access and modify firmware variables. The authentication may use the same authentication credentials used to access firmware utilities during the computing system'"'"'s power-on self-test (POST) phase. Upon receiving requests to access firmware assets, an authentication service determines whether the access has been authenticated for the user. If so, access to the firmware assets is granted. If access has not been authenticated for the user, the authentication service attempts to authenticate the user by verifying the authentication credentials passed along with the request.
-
Citations
20 Claims
-
1. A computer-implemented method for invoking a platform-specific firmware function in a unified extensible firmware interface (UEFI) environment, the method comprising:
-
receiving a request, by way of a UEFI firmware, to perform a UEFI runtime function to get or set a value for a firmware variable, the firmware variable comprising a variable name and a variable value; determining that access to firmware assets is authenticated or unauthenticated; and in response to determining that the access to the firmware assets is unauthenticated, authenticating the access by verifying that the variable name corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium having stored thereon computer-executable instructions which, when executed by one or more processors, cause a computer to:
-
receive a request, to perform a UEFI runtime function to get or set a value for a firmware variable; determine that access to firmware assets is authenticated or unauthenticated; and in response to determining that the access to the firmware assets is unauthenticated, authenticating the access by verifying that the firmware variable corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a central processing unit (CPU); and a non-volatile memory connected to the CPU and storing a unified extensible firmware interface (UEFI) firmware executable by the CPU, the UEFI firmware configured to, when executed, receive a request to get or set a value for a firmware variable, determine that access to firmware assets is authenticated or unauthenticated, and in response to determining that the access to the firmware assets is unauthenticated, authenticate the access by verifying that the firmware variable corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAmerican Megatrends International, LLC
-
Original AssigneeAmerican Megatrends Incorporated
-
InventorsSantharam, Madhan B., Righi, Stefano
-
Primary Examiner(s)Zaidi, Syed
-
Application NumberUS14/660,602Time in Patent Office882 DaysField of Search726 17US Class CurrentCPC Class CodesG06F 21/31 User authenticationG06F 21/32 using biometric data, e.g. ...G06F 21/572 Secure firmware programming...
