BIOS protection device

US 8,533,442 B2
Filed: 09/19/2008
Issued: 09/10/2013
Est. Priority Date: 09/18/2003
Status: Active Grant

First Claim

Patent Images

1. A processing system comprising:

a central processor;

a BIOS memory device including a boot program;

a BIOS protection device including an internal memory;

a plurality of memory address and data paths configured to provide communication between the processor, the BIOS memory device and the BIOS protection device; and

wherein the BIOS protection device is configured to store a copy of the boot program in the internal memory as the BIOS protection device verifies the authenticity of the boot program, wherein the BIOS protection device is further configured to control the memory address and data paths to prevent execution of the boot program until the boot program is authenticated, and wherein the BIOS protection device provides the central processor with access to the copy of the boot program from the internal memory for execution by the central processor when the boot program is successfully authenticated.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A boot program held in a BIOS memory device of a processing system is authenticated. At system start-up, a BIOS protection device temporarily prevents execution of the boot program by the central processor of the processing system by control of address and data paths. The BIOS protection device interrogates the contents of the BIOS memory device to establish authentication. If the contents of the BIOS memory device are not authentic, execution of the boot program is prevented.

28 Citations

View as Search Results

31 Claims

1. A processing system comprising:
- a central processor;
  
  a BIOS memory device including a boot program;
  
  a BIOS protection device including an internal memory;
  
  a plurality of memory address and data paths configured to provide communication between the processor, the BIOS memory device and the BIOS protection device; and
  
  wherein the BIOS protection device is configured to store a copy of the boot program in the internal memory as the BIOS protection device verifies the authenticity of the boot program, wherein the BIOS protection device is further configured to control the memory address and data paths to prevent execution of the boot program until the boot program is authenticated, and wherein the BIOS protection device provides the central processor with access to the copy of the boot program from the internal memory for execution by the central processor when the boot program is successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as claimed in claim 1 wherein the BIOS protection device is in communication between the central processor and the BIOS memory device, wherein the BIOS protection device includes address and data path interface connections, and an authentication processor, wherein the BIOS protection device is configured to control the address and data path(s) to which it is connected, and wherein the authentication processor is configured to interrogate the BIOS memory device connected to the address and data path(s) to determine if the boot program contained in the BIOS memory device is authentic, and if the boot program is determined to be authentic permit execution of the copy of the boot program by the central processor.
  - 3. The system as claimed in claim 2 wherein the address and data path interfaces are selected from a group comprising a serial interface, a totally non-multiplexed bus, an Intel™
    - Low Pin Count (LPC) bus structure.
  - 4. The system as claimed in claim 2 wherein the address and data path interfaces comprise an Intel™
    - Low Pin Count (LPC) bus structure.
  - 5. The system as claimed in claim 1, wherein the BIOS memory device includes a cryptographic structure located at a known location in the BIOS memory device.
  - 6. The system as claimed in claim 5 wherein the BIOS protection device cryptrographic structure is a digital signature and the BIOS protection device is configured to calculate the value of the cryptographic structure from contents of the BIOS memory device and an internal public key, and wherein the BIOS protection device interrogates the BIOS memory device to verify that the correct cryptrographic structure is present and corresponds with the boot program, or a part thereof, stored in the BIOS memory device.
  - 7. The system as claimed in claim 1 wherein the central processor, the BIOS memory device and the BIOS protection device are mounted on a motherboard configured to be inoperative if the BIOS protection device is not present.
  - 8. The system as claimed in claim 7 wherein a reset control circuit is provided in the BIOS protection device to provide a reset signal preventing the motherboard from exiting a reset state, and wherein the motherboard is further prevented from exiting the reset state if the BIOS protection device is not present.
  - 9. The system as claimed in claim 8 wherein the BIOS protection device holds the reset signal in the reset (or, disabling) state while the authentication of the boot program is performed.
  - 10. The system as claimed in claim 9 wherein when the authentication is successful, the BIOS protection device releases the reset signal allowing the central processor to commence operation.
  - 11. The system as claimed in claim 1 wherein the BIOS protection device inserts wait cycles to disable the central processor while authenticating the BIOS memory device.

12. A method of authenticating a boot program held in a BIOS memory device of a processing system, wherein the processing system comprises a central processor, the BIOS memory device, a BIOS protection device, and address and data paths, the method comprising:
- at start-up, using the BIOS protection device to temporarily prevent execution of the boot program by the central processor;
  
  using the BIOS protection device to take control of the address and data paths;
  
  using the BIOS protection device to interrogate the contents of the BIOS memory device to establish if the boot program is authentic;
  
  if the boot program is authentic, storing a copy of the boot program in internal memory of the BIOS protection device;
  
  if the contents of the BIOS memory device are not authentic, using the BIOS protection device to prevent execution of the boot program and to prevent further operation of the central processor; and
  
  if the boot program stored in the BIOS memory device is authentic, using the BIOS protection device to control the address and data paths so that the central processor executes the copy of the boot program in the internal memory of the BIOS protection device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method as claimed in claim 12 wherein the address and data paths are interfaced via one of a serial interface, a totally non-multiplexed bus, an Intel™
    - Low Pin Count (LPC) bus structure.
  - 14. The method as claimed in claim 13 wherein the address and data paths are interfaced via an Intel™
    - Low Pin Count (LPC) bus structure.
  - 15. The method as claimed in claim 12, wherein a cryptographic digital signature is provided at a known location in the BIOS memory device.
  - 16. The method as claimed in claim 15 wherein the value of the cryptographic digital signature is calculated by the BIOS protection device from contents of the BIOS memory device and an internal public key, and wherein the BIOS protection device interrogates the BIOS memory device to verify that the correct signature is present and that it corresponds with the boot program, or a part thereof, stored in the BIOS memory device.
  - 17. The method as claimed in claim 12 wherein the central processor, the BIOS memory device and the BIOS protection device are mounted on a motherboard on which at least one signal line of the motherboard is interrupted by the BIOS protection device to render the motherboard inoperative when the BIOS protection device is not present.
  - 18. The method as claimed in claim 17 wherein a reset control circuit is provided in the BIOS protection device to generate a reset signal to prevent the motherboard from exiting a reset state, and wherein the motherboard is prevented from exiting the reset state if the BIOS protection device is not present.
  - 19. The method as claimed in claim 18 wherein, while the authentication of the BIOS is performed, the BIOS protection device holds the reset signal in a reset (or, disabling) state.
  - 20. The method as claimed in claim 19 wherein, when the authentication is successful, the BIOS protection device releases the reset signal and the central processor commences operation.
  - 21. The method as claimed in claim 12 wherein the BIOS protection device inserts wait cycles to disable the central processor while authenticating the BIOS memory device.

22. A BIOS protection device for connection to a processing system between a central processor and a BIOS memory device containing a boot program, the BIOS protection device including address and data path interface connections for connection to address and data path(s), an authentication processor, and an internal memory, wherein the BIOS protection device is configured so that, when power is applied to the BIOS protection device, the BIOS protection device takes control of the address and data path(s) to which it is connected and the authentication processor interrogates the BIOS memory device connected to the address and data path(s) to determine if the boot program contained in the BIOS memory device is authentic, wherein the BIOS protection device stores a copy of the authenticated boot program in the internal memory, and only if the boot program is determined to be authentic does the BIOS protection device control the address and data path(s) to permit the central processor to execute the copy of the boot program stored in the internal memory of the BIOS protection device.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 31)
- - 23. The device as claimed in claim 22 wherein the address and data path interface connections comprise one of a serial interface, a totally non-multiplexed bus, an Intel™
    - Low Pin Count (LPC) bus structure.
  - 24. The device as claimed in claim 23 wherein the address and data path interface connections comprise an Intel™
    - Low Pin Count (LPC) bus structure.
  - 25. The device as claimed in claim 22, wherein the BIOS memory device includes a cryptographic digital signature located at a known location in the BIOS memory device.
  - 26. The device as claimed in claim 25 wherein the BIOS protection device calculates the value of the cryptographic digital signature from contents of the BIOS memory device and an internal public key and interrogates the BIOS memory device to verify that the correct signature is present and corresponds with the boot program, or a part thereof, stored in the BIOS memory device.
  - 27. The device as claimed in claim 22 wherein the BIOS protection device is configured for mounting on a motherboard on which at least one signal line of the motherboard is interrupted by the BIOS protection device to render the motherboard is inoperative if the BIOS protection device is not present.
  - 28. The device as claimed in claim 27 wherein a reset control circuit is provided in the BIOS protection device to generate a reset signal to prevent the motherboard from exiting the reset state, and wherein the motherboard is prevented from exiting the reset state if the BIOS protection device is not present.
  - 31. The device as claimed in claim 22 wherein the BIOS protection device inserts wait cycles to disable the central processor while authenticating the boot program in the BIOS memory device.

29. The device as claimed in 28 wherein the BIOS protection device holds the reset signal to hold the motherboard in the reset (or, disabling) state while the authentication of the boot program is performed.
- View Dependent Claims (30)
- - 30. The device as claimed in claim 29 wherein when the authentication is successful, the BIOS protection device releases the reset signal allowing the central processor to exit the reset (or, disabling) state to commence operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aristocrat Technologies Australia PTY Limited (Aristocrat Leisure Limited)
Original Assignee
Aristocrat Technologies Australia PTY Limited (Aristocrat Leisure Limited)
Inventors
Muir, Robert Linley
Primary Examiner(s)
TRAN, VINCENT HUY

Application Number

US12/234,323
Publication Number

US 20090182995A1
Time in Patent Office

1,817 Days
Field of Search

713/1, 713/189, 713/193
US Class Current

713/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

BIOS protection device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

BIOS protection device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links