System and method for supporting host-based firmware upgrade of input/output (I/O) devices in a middleware machine environment

US 9,665,719 B2
Filed: 12/05/2013
Issued: 05/30/2017
Est. Priority Date: 06/04/2012
Status: Active Grant

First Claim

Patent Images

1. A method for supporting controlled and secure firmware upgrade in a middleware machine environment, comprising:

managing the network fabric with a fabric administrator system;

providing a fabric administration boot image of an operating system on a host node which is separate from a normal boot image of the operating system on the host node,wherein the host node connects to a shared resource via an input/output device,wherein the normal boot image provides access to a local file system of the host node but no access to firmware of the input/output device,wherein the fabric administration boot image provides access to firmware of the input/output device but no access to the local file system of the host node, andwherein when loaded with the fabric administration boot image, the host node is accessible to the fabric administrator system and not a local host administrator of the host node;

specifying, by the local host administrator, and via a local logic of the input/output device, an identified firmware update option from a plurality of firmware update options persistently stored on the input/output device;

loading the fabric administration boot image; and

upgrading, by the fabric administration system, and via the fabric administration boot image, the firmware of the input/output device using a firmware image which corresponds to the identified firmware update option.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method can support controlled and secure firmware upgrade in a middleware machine environment. The system can provide a boot image of an operating system (OS) in a host node, wherein the host node connects to a shared resource, such as a network fabric, via an input/out (I/O) device. The boot image can receive at least one of a firmware image and a firmware update from the host node, and upgrade firmware in the I/O device associated with the host node. Furthermore, the host-based firmware upgrade can be based on a special boot image that is prevented from accessing local information on the host node, or a normal boot image that is prevented from controlling the I/O device.

Citations

16 Claims

1. A method for supporting controlled and secure firmware upgrade in a middleware machine environment, comprising:
- managing the network fabric with a fabric administrator system;
  
  providing a fabric administration boot image of an operating system on a host node which is separate from a normal boot image of the operating system on the host node,wherein the host node connects to a shared resource via an input/output device,wherein the normal boot image provides access to a local file system of the host node but no access to firmware of the input/output device,wherein the fabric administration boot image provides access to firmware of the input/output device but no access to the local file system of the host node, andwherein when loaded with the fabric administration boot image, the host node is accessible to the fabric administrator system and not a local host administrator of the host node;
  
  specifying, by the local host administrator, and via a local logic of the input/output device, an identified firmware update option from a plurality of firmware update options persistently stored on the input/output device;
  
  loading the fabric administration boot image; and
  
  upgrading, by the fabric administration system, and via the fabric administration boot image, the firmware of the input/output device using a firmware image which corresponds to the identified firmware update option.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the input/output device is a host channel adaptor and the shared resource is a network fabric.
  - 3. The method according to claim 1, further comprising:
    - preventing the fabric administration boot image from accessing local information on the host node.
  - 4. The method according to claim 1, further comprising:
    - containing a password in the fabric administration boot image, wherein the password is used to upgrade the firmware of the input/output device.
  - 5. The method according to claim 1, further comprising:
    - preventing the normal boot image from controlling the input/output device.
  - 6. The method according to claim 1, wherein the firmware image is encrypted.
  - 7. The method according to claim 6, further comprising:
    - decrypting, via the input/output device, the firmware image.
  - 8. The method according to claim 1, further comprising:
    - allowing the host administrator to control when upgrading the firmware occurs.

9. A system for supporting controlled and secure firmware upgrade in a middleware machine environment, comprising:
- a fabric administrator system that manages a network fabric;
  
  a host node that connects to a shared resource via an input/output device, wherein the host node includes;
  
  one or more microprocessors;
  
  a normal boot image of an operating system of the host node, wherein the normal boot image is executable on the one or more microprocessors, and wherein the normal boot image provides access to a local file system of the host node but no access to firmware of the input/output device; and
  
  a fabric administration boot image of the operating system executable on the one or more microprocessors and that is separate from the normal boot image of the operating system, wherein the fabric administration boot image provides access to the firmware of the input/output device but no access to the local file system of the host node, and wherein, when loaded with the fabric administration boot image, the host node is accessible to the fabric administrator system and not a local host administrator of the host node;
  
  wherein the input/output device operates to receive, from a local host administrator via a local logic of the input/output device that is accessible through the normal boot image, a selection of an identified firmware update option from a plurality of firmware update options persistently stored on the input/output device; and
  
  wherein the fabric administration system loads the fabric administration boot image and upgrades the firmware of the input/output device using a firmware image which corresponds to the identified firmware update option.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system according to claim 9, wherein:
    - the input/output device is a host channel adaptor and the shared resource is a network fabric.
  - 11. The system according to claim 9, wherein:
    - the fabric administration boot image is prevented from accessing local information on the host node.
  - 12. The system according to claim 9, wherein:
    - the fabric administration boot image contains a password, and wherein the password is used to upgrade the firmware.
  - 13. The system according to claim 9, wherein:
    - the normal boot image is prevented from controlling the input/output device.
  - 14. The system according to claim 9, wherein:
    - the firmware image is encrypted.
  - 15. The system according to claim 14, wherein:
    - the input/output device operates to decrypt the firmware.

16. A non-transitory machine readable storage medium having instructions stored thereon that when executed cause a system to:
- provide a fabric administration system that manages a network fabric;
  
  provide a fabric administration boot image of an operating system in a host node and provide a normal boot image of the operating system which is separate from the fabric administration boot image of the operating system,wherein the host node connects to a shared resource via an input/output device,wherein the normal boot image provides access to a local file system of the host node but no access to firmware of the input/output device,wherein the fabric administration boot image provides access to the firmware of the input/output device but no access to the local file system of the host node, andwherein when loaded with the fabric administration boot image, the host node is accessible to the fabric administrator system and not a local host administrator of the host node;
  
  provide a local logic of the input/output device, wherein the local logic of the input/output device is accessible through the normal boot image, and wherein the local logic of the input/output device receives a selection, from a local host administrator of the host node, of an identified firmware update option from a plurality of firmware update options persistently stored on the input/output device; and
  
  cause the fabric administration system to load the fabric administration boot image and upgrade the firmware of the input/output device using a firmware image which corresponds to the identified firmware update option.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Johnsen, Bjrn Dag, Mayhead, Martin Paul
Primary Examiner(s)
LEE, THOMAS C
Assistant Examiner(s)
Poudel, Santosh R

Application Number

US14/098,030
Publication Number

US 20150161391A1
Time in Patent Office

1,272 Days
Field of Search

713 2
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/629   to features or functions of...

G06F 8/654   using techniques specially ...

System and method for supporting host-based firmware upgrade of input/output (I/O) devices in a middleware machine environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for supporting host-based firmware upgrade of input/output (I/O) devices in a middleware machine environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links