Secure authentication of firmware configuration updates
First Claim
1. A computer-implemented method for invoking a platform-specific firmware function in a unified extensible firmware interface (UEFI) environment, the method comprising:
- receiving a request, by way of a UEFI firmware, to perform a UEFI runtime function to get or set a value for a firmware variable, the firmware variable comprising a variable name and a variable value;
determining that access to firmware assets is authenticated or unauthenticated; and
in response to determining that the access to the firmware assets is unauthenticated, authenticating the access byverifying that the variable name corresponds to an authentication function,verifying, by the authentication function, that the variable value matches an authentication value, andsetting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing system firmware is provided that includes functionality for securely authenticating a user of the computing system prior to allowing the user, through an application running on an operating system, to invoke firmware functions and to access and modify firmware variables. The authentication may use the same authentication credentials used to access firmware utilities during the computing system'"'"'s power-on self-test (POST) phase. Upon receiving requests to access firmware assets, an authentication service determines whether the access has been authenticated for the user. If so, access to the firmware assets is granted. If access has not been authenticated for the user, the authentication service attempts to authenticate the user by verifying the authentication credentials passed along with the request.
-
Citations
20 Claims
-
1. A computer-implemented method for invoking a platform-specific firmware function in a unified extensible firmware interface (UEFI) environment, the method comprising:
-
receiving a request, by way of a UEFI firmware, to perform a UEFI runtime function to get or set a value for a firmware variable, the firmware variable comprising a variable name and a variable value; determining that access to firmware assets is authenticated or unauthenticated; and in response to determining that the access to the firmware assets is unauthenticated, authenticating the access by verifying that the variable name corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium having stored thereon computer-executable instructions which, when executed by one or more processors, cause a computer to:
-
receive a request, to perform a UEFI runtime function to get or set a value for a firmware variable; determine that access to firmware assets is authenticated or unauthenticated; and in response to determining that the access to the firmware assets is unauthenticated, authenticating the access by verifying that the firmware variable corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a central processing unit (CPU); and a non-volatile memory connected to the CPU and storing a unified extensible firmware interface (UEFI) firmware executable by the CPU, the UEFI firmware configured to, when executed, receive a request to get or set a value for a firmware variable, determine that access to firmware assets is authenticated or unauthenticated, and in response to determining that the access to the firmware assets is unauthenticated, authenticate the access by verifying that the firmware variable corresponds to an authentication function, verifying, by the authentication function, that the variable value matches an authentication value, and setting, based at least in part on verifying that the variable value matches the authentication value by the authentication function, an access status to the firmware assets as authenticated to enable a subsequent request to execute a subsequent UEFI runtime function. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification