×

Fuse-enabled secure bios mechanism with override feature

  • US 9,798,880 B2
  • Filed: 10/31/2016
  • Issued: 10/24/2017
  • Est. Priority Date: 11/13/2013
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus for protecting a basic input/output system (BIOS) in a computing system, the apparatus comprising:

  • a BIOS read only memory (ROM), comprising;

    BIOS contents, wherein said BIOS contents are stored as plaintext; and

    an encrypted message digest, wherein said encrypted message digest comprises an encrypted version of a first message digest that corresponds to said BIOS contents;

    a tamper detector, operatively coupled to said BIOS ROM, configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and configured to access said BIOS contents and said encrypted message digest upon assertion of said BIOS check interrupt, and configured to direct a microprocessor to generate a second message digest corresponding to said BIOS contents and a decrypted message digest corresponding to said encrypted message digest, and configured to compare said second message digest with said decrypted message digest, and configured to preclude said operation of said microprocessor when said second message digest and said decrypted message digest are not equal;

    a random number generator disposed within said microprocessor, wherein said random number generator generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby said prescribed intervals are randomly varied;

    a JTAG control chain, configured to program said combination of prescribed intervals and event occurrences within tamper detection microcode storage;

    a fuse, configured to indicate whether programming of said combination of prescribed intervals and event occurrences is to be disabled;

    a machine specific register, configured to store a value therein; and

    an access control element, coupled to said fuse, said machine specific register, and said JTAG control chain, configured to determine that said fuse is blown, and configured to direct said JTAG control chain to enable programming of said combination of prescribed intervals and event occurrences when said value matches an override value within said access control element during a period that said value is stored within said machine specific register.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×