Information handling system boot pre-validation
First Claim
Patent Images
1. An information handling system comprising:
- a processor executing instructions that process information;
memory interfaced with the processor, the memory storing the instructions and information;
a display interfaced with the processor and presenting the information as visual images;
plural components interfaced with the processor and performing functions with firmware instructions loaded at boot of an operating system on the processor;
initiation firmware stored in the memory and initiating boot of the operating system at power on of the processor;
a secure boot module associated with the initiation firmware and comparing bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further preventing execution of firmware that lacks a valid certificate; and
a pre-validation module associated with the initiation firmware and performing a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module, presenting the pre-validation at the display during a setup routine of the initiation firmware, initiating transition to a boot mode of the initiation firmware if the bootloader certificates are valid, and initiating transition to a modified boot mode of the initiation firmware if the bootloader certificates are not valid, the modified boot mode launching a firmware update function of the operating system to update the invalid firmware.
14 Assignments
0 Petitions
Accused Products
Abstract
Pre-validation of bootloader certificates for firmware bootloaders of an operating system boot list during a setup mode of BIOS boot initiation provides the end user with a tool to address boot certification problems associated with the firmware bootloaders before the operating system boot precludes execution of bootloaders that lack a valid certificate. For example, re-configuration of a boot list to address certification problems before exit of boot setup prevents boot to an inoperative state caused by lack of firmware execution during boot due to a failed certificate, such as a failure to load an unsigned option ROM.
-
Citations
18 Claims
-
1. An information handling system comprising:
-
a processor executing instructions that process information; memory interfaced with the processor, the memory storing the instructions and information; a display interfaced with the processor and presenting the information as visual images; plural components interfaced with the processor and performing functions with firmware instructions loaded at boot of an operating system on the processor; initiation firmware stored in the memory and initiating boot of the operating system at power on of the processor; a secure boot module associated with the initiation firmware and comparing bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further preventing execution of firmware that lacks a valid certificate; and a pre-validation module associated with the initiation firmware and performing a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module, presenting the pre-validation at the display during a setup routine of the initiation firmware, initiating transition to a boot mode of the initiation firmware if the bootloader certificates are valid, and initiating transition to a modified boot mode of the initiation firmware if the bootloader certificates are not valid, the modified boot mode launching a firmware update function of the operating system to update the invalid firmware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for booting an information handling system, the method comprising:
-
initiating firmware instructions to bring an operating system from persistent memory to an operational state; executing a set-up state of the firmware instructions, the set-up state accepting end user inputs; while in the set-up state, validating certificates of option ROM bootloaders in a boot list of the firmware; and applying corrective action for invalid certificates in the set-up state before transition to a boot state, the corrective actions including at least presenting invalid certificates at a display while in the set-up state, and accepting end user inputs in response to the presenting invalid certificates. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system for booting an information handling system, the system comprising:
-
non-transitory memory storing; an operating system having instructions that execute on a processor to coordinate execution of applications on the information handling system, the operating system having a secure boot mode that validates bootloader certificates and precludes execution of bootloaders that lack a valid bootloader certificate; initiation firmware having instructions that coordinate boot of the operating system, the initiation firmware having a setup mode, a boot mode and an exit boot services that transitions control of the information handling system from the initiation firmware to the operating system; and a pre-validation module having instructions that determine the validity of the bootloader certificates during the initiation firmware setup mode, present invalid bootloader certificates at a display while in the set-up state, and accept end user inputs in response to the presenting invalid certificates to alter the operating system boot based on the invalid bootloader certificates. - View Dependent Claims (17)
-
-
18. An information handling system comprising:
-
a processor executing instructions that process information; memory interfaced with the processor, the memory storing the instructions and information; a display interfaced with the processor and presenting the information as visual images; plural components interfaced with the processor and performing functions with firmware instructions loaded at boot of an operating system on the processor; initiation firmware stored in the memory and initiating boot of the operating system at power on of the processor; a secure boot module associated with the initiation firmware and comparing bootloader certificates for bootloaders of firmware instructions for the plural components with valid certificates to validate the firmware instructions, the secure boot module further preventing execution of firmware that lacks a valid certificate; and a pre-validation module associated with the initiation firmware and performing a pre-validation by comparing the bootloader certificates with the valid certificates before the comparison performed by the secure boot module, presenting the pre-validation at the display during a setup routine of the initiation firmware; wherein the plural components comprise a graphics subsystem and the firmware instructions comprise an option ROM to execute on the graphics subsystem; and wherein the pre-validation module presents an alternative graphics subsystem to use at boot instead of a graphics subsystem having an invalid certificate, the alternative graphics subsystem selectable by an end user for use in boot through the display.
-
Specification