Unified extensible firmware interface (UEFI) credential-based access of hardware resources

US 9,830,457 B2
Filed: 05/05/2015
Issued: 11/28/2017
Est. Priority Date: 05/05/2015
Status: Active Grant

First Claim

Patent Images

1. An Information Handling System (IHS), comprising:

a processor; and

a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to;

receive a credential provided by a given user of a plurality of users of the IHS, wherein the credential indicates whether the user has access to a given device among a plurality of devices coupled to the IHS;

receive a request by the given user to access the given device; and

at least one of;

(a) allow the user to access the given device by determining that a hardware Unified Extensible Firmware Interface (UEFI) Device Path corresponding to the request carries an authentication parameter indicating that the given user has provided the credential;

or(b) prevent the user from accessing the given device by determining that the hardware UEFI Device Path does not carry the authentication parameter.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for Unified Extensible Firmware Interface (UEFI) credential-based access of hardware resources. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive a credential for a given one of a plurality of users; and store the credential, where the credential is retrievable via a UEFI Device Path Protocol as part of a determination of whether the given user has access to a given one of a plurality of devices within the IHS, and where the given device is accessible via a UEFI Device Path.

31 Citations

View as Search Results

18 Claims

1. An Information Handling System (IHS), comprising:
- a processor; and
  
  a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to;
  
  receive a credential provided by a given user of a plurality of users of the IHS, wherein the credential indicates whether the user has access to a given device among a plurality of devices coupled to the IHS;
  
  receive a request by the given user to access the given device; and
  
  at least one of;
  
  (a) allow the user to access the given device by determining that a hardware Unified Extensible Firmware Interface (UEFI) Device Path corresponding to the request carries an authentication parameter indicating that the given user has provided the credential;
  
  or(b) prevent the user from accessing the given device by determining that the hardware UEFI Device Path does not carry the authentication parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The IHS of claim 1, wherein the credential is independent of the given user'"'"'s administrative authority or lack thereof with respect to the IHS.
  - 3. The IHS of claim 1, wherein the credential is received during a login portion of a boot service.
  - 4. The IHS of claim 1, wherein the credential is received via a runtime service after completion of a boot service.
  - 5. The IHS of claim 1, wherein the program instructions, upon execution by the processor, further cause the IHS to receive a request originated by the given user to retrieve the UEFI Device Path of the given device.
  - 6. The IHS of claim 5, wherein the request is part of an action upon an UEFI file system, UEFI shell, UEFI application, or UEFI driver.
  - 7. The IHS of claim 5, wherein retrieval of the UEFI Device Path occurs independently of any authentication or validation operation for the given device using a Secure Boot process.
  - 8. The IHS of claim 5, wherein the program instructions, upon execution by the processor, further cause the IHS to retrieve a file other than the UEFI Device Path in response to the credential indicating that the given user does not have access to the given device.
  - 9. The IHS of claim 8, wherein the retrieval of the file occurs after any authentication or validation operation for the given device using a Secure Boot process.
  - 10. The IHS of claim 8, wherein the file prevents a NULL value from being returned in response to the request.
  - 11. The IHS of claim 8, wherein the program instructions, upon execution by the processor, further cause the IHS to:
    - receive another request from the given user to delete the file; and
      
      not fulfill the other request.

12. In an Information Handling System (IHS), a method comprising:
- receiving a credential provided by a given user of a plurality of users of the IHS, wherein the credential indicates whether the user has access to a given device among a plurality of devices coupled to the IHS;
  
  receiving a request by the given user to access the given device; and
  
  at least one of;
  
  (a) allowing the user to access the given device by determining that a hardware Unified Extensible Firmware Interface (UEFI) Device Path corresponding to the request carries an authentication parameter indicating that the given user has provided the credential;
  
  or(b) preventing the user from accessing the given device by determining that the hardware UEFI Device Path does not carry the authentication parameter.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein the credential is independent of the given user'"'"'s administrative authority or lack thereof with respect to the IHS.
  - 14. The method of claim 12, wherein the credential is received during a login portion of a boot service.
  - 15. The method of claim 12, wherein the credential is received via a runtime service after completion of a boot service.

16. A memory device having program instructions stored thereon that, upon execution by a processor of an Information Handling System (IHS), cause the IHS to:
- receive a credential provided by a given user of a plurality of users of the IHS, wherein the credential indicates whether the user has access to a given device among a plurality of devices coupled to the IHS;
  
  receive a request by the given user to access the given device; and
  
  at least one of;
  
  (a) allow the user to access the given device by determining that a hardware Unified Extensible Firmware Interface (UEFI) Device Path corresponding to the request carries an authentication parameter indicating that the given user has provided the credential;
  
  or(b) prevent the user from accessing the given device by determining that the hardware UEFI Device Path does not carry the authentication parameter.
- View Dependent Claims (17, 18)
- - 17. The memory device of claim 16, wherein the request is part of an action upon an UEFI file system, UEFI shell, UEFI application, or UEFI driver.
  - 18. The memory device of claim 16, wherein the program instructions, upon execution by the processor, further cause the IHS to:
    - receive another request from the given user to delete the information; and
      
      not fulfill the other request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Vidyadhara, Sumanth, Puthillathe, Chandrasekhar
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/703,912
Publication Number

US 20160328564A1
Time in Patent Office

938 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575 Secure boot

G06F 2221/034 Test or assess a computer o...

Unified extensible firmware interface (UEFI) credential-based access of hardware resources

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Unified extensible firmware interface (UEFI) credential-based access of hardware resources

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links