JP2023076096A - Information processing apparatus and program - Google Patents

Abstract

To update BIOS by means of an external storage, safely in terms of security.SOLUTION: An information processing apparatus 10 includes a control unit 11 and storage units 12, 13. The control unit 11 executes processing to recognize whether an external storage medium has been connected or not when detecting a predetermined user operation during device startup. When detecting that a specific external storage medium 2 including specific information has been connected, the control unit 11 disables an access from the specific external storage medium 2 to the storage unit 12 equipped in the apparatus and executes device startup based on the specific information. The control unit 11 executes startup control to update a device setup program stored in the storage unit 13 using update data stored in the specific external storage medium 2.SELECTED DRAWING: Figure 1

Description

The present invention relates to an information processing device and program.

An information processing apparatus such as a PC (Personal Computer) is equipped with a BIOS (Basic Input Output System) for activating hardware. Also, the BIOS undergoes update processing for repairing defects, improving functions, etc., based on update data.

In updating the BIOS, update data is usually provided to the information processing device via the website of the manufacturer. Alternatively, an external storage such as a USB (Universal Serial Bus) memory in which update data is stored may be connected to the information processing apparatus, and update data may be provided to the information processing apparatus through the external storage.

As a related technique, for example, a technique for updating a BIOS program stored in a rewritable nonvolatile memory for normal use according to BIOS update type information stored in a rewritable nonvolatile memory for backup has been proposed. .

JP 2015-153334 A

In an information processing device to which an external storage can be connected, user data (user programs) stored in the internal storage of the information processing device may be illegally retrieved when the external storage is connected to the information processing device. There is Therefore, for security measures, there is an information processing apparatus that disables the communication port to which the external storage is connected and prohibits the connection of the external storage.

On the other hand, in the maintenance work of the information processing apparatus, customer engineers, repair departments, etc. may want to update the BIOS using the external storage. However, since it is difficult to update the BIOS using the external storage for the information processing apparatus to which the connection of the external storage is prohibited, there is a problem that the maintenance work is delayed.

According to one aspect, the present invention provides an information processing device and an information processing device that enables a device for which BIOS update from an external storage is prohibited to be updated safely and securely using a limited external storage. The purpose is to provide a program.

An information processing device is provided to solve the above problems. The information processing apparatus performs a process of recognizing whether or not an external storage medium is connected when a predetermined user operation is detected when the apparatus is started up. access to the first storage unit built in the device is disabled, the device is started based on the specific information, and the update data stored in the specific external storage medium is used to store the update data stored in the second storage unit. It has a control unit that performs activation control for updating the device setup program.
Also, in order to solve the above problems, there is provided a program that causes a computer to perform control similar to that of the information processing apparatus.

According to one aspect, it is possible to securely update the BIOS using the external storage.

It is a figure for demonstrating an example of an information processing apparatus. It is a figure which shows an example of the functional block of an information processing apparatus. It is a figure which shows an example of the hardware constitutions of an information processing apparatus. 4 is a flow chart showing an example of the operation of the information processing device;

Hereinafter, this embodiment will be described with reference to the drawings.
FIG. 1 is a diagram for explaining an example of an information processing apparatus. The information processing apparatus 10 includes a control unit 11, a storage unit 12 (first storage unit), and a storage unit 13 (second storage unit). The functions of the control unit 11 can be realized, for example, by a processor (not shown) included in the information processing apparatus 10 executing a predetermined program. The storage unit 12 stores user data of an OS (Operating System), various control information for operating the information processing apparatus 10, and the like. The storage unit 13 stores a device setup program (hereinafter referred to as BIOS).

[Step S1] The control section 11 detects a predetermined user operation when the apparatus is started up.
[Step S2] When a predetermined user operation is detected, the control section 11 performs a process of recognizing whether or not an external storage medium is connected.
[Step S3] The control unit 11 detects whether the specified external storage medium 2 containing the specified information is connected.

[Step S4] When the control unit 11 detects that the specific external storage medium 2 is connected, it disables access from the specific external storage medium 2 to the internal storage unit 12 of the information processing apparatus 10 . To disable access to the storage unit 12 built in the device means, for example, to prevent the control unit 11 from recognizing the existence of the storage unit 12 .
[Step S5] The control unit 11 executes device activation based on the specific information stored in the specific external storage medium 2, and updates the data stored in the storage unit 13 using the update data stored in the specific external storage medium 2. Update your BIOS.

In this way, when the information processing apparatus 10 detects that the specific external storage medium 2 containing the specific information is connected, it disables access to the internal storage unit 12 and starts the apparatus based on the specific information. Then, the BIOS stored in the storage unit 13 is updated using the update data stored in the specific external storage medium 2 .

As a result, even in an information processing apparatus that prohibits updating the BIOS from an external storage medium in normal use, by using the specified external storage medium 2 containing the specified information, it is possible to limit the update from the specified external storage medium 2. It becomes possible to boot the device and update the BIOS safely in terms of security.

<Functional block>
FIG. 2 is a diagram showing an example of functional blocks of an information processing apparatus. In the following description, the external storage medium will be called external storage. The control unit 11 of the information processing apparatus 10 includes a user operation detection unit 11a, an external storage recognition unit 11b, a boot mode transition processing unit 11c, an access invalidation processing unit 11d, and an external storage activation processing unit 11e.

The user operation detection unit 11a performs detection processing of execution of a predetermined user operation when the apparatus is started up. The external storage recognition unit 11b performs recognition processing for recognizing that the external storage connected to the information processing apparatus 10 is an external storage containing specific information. For example, the external storage is USB.

When the external storage includes specific information, the startup mode transition processing unit 11c performs startup mode transition processing using the specific information, and requests the user to enter a startup password (dedicated password).

When the access invalidation processing unit 11d recognizes that the activation password matches the password input by the user, access from the external storage to the storage unit 12 (hereinafter sometimes referred to as internal storage) is invalidated. The external storage activation processing unit 11e performs activation via the external storage and updates the BIOS stored in the storage unit 13 using the BIOS update data stored in the external storage.

<Hardware configuration>
FIG. 3 is a diagram showing an example of the hardware configuration of the information processing apparatus. The information processing apparatus 10 is entirely controlled by a processor (computer) 100 . The processor 100 implements the functions of the control unit 11 . A memory 101 , an input/output interface 102 , a network interface 104 , a communication port 105 , a storage device 106 and a BIOS nonvolatile memory (flash memory) 107 are connected to the processor 100 via a bus 103 .

Processor 100 may be a multiprocessor. The processor 100 is, for example, a CPU (Central Processing Unit), FPGA, MPU (Micro Processing Unit), DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), or PLD (Programmable Logic Device). Processor 100 may also be a combination of two or more of CPU, FPGA, MPU, DSP, ASIC, and PLD.

The memory 101 is used as a main storage device of the information processing device 10 . The memory 101 temporarily stores at least part of an OS program and application programs to be executed by the processor 100 . Various data required for processing by the processor 100 are stored in the memory 101 .

The storage device 106 corresponds to the storage unit 12 subject to access invalidation processing, and stores OS programs, application programs, and various data. The storage device 106 may include, for example, semiconductor storage devices such as flash memories and SSDs (Solid State Drives), and magnetic recording media such as HDDs (Hard Disk Drives), as auxiliary storage devices. The BIOS nonvolatile memory 107 corresponds to the storage unit 13 and stores the BIOS.

Peripheral devices connected to bus 103 include input/output interface 102 , network interface 104 and communication port 105 . The input/output interface 102 performs input/output interface control with the information processing apparatus 10 . Also, the input/output interface 102 can be connected to an information input device such as a display, a keyboard, and a mouse, and transmits signals sent from the information input device to the processor 100 .

Furthermore, the input/output interface 102 also functions as a communication interface for connecting peripheral devices. For example, the input/output interface 102 can be connected to an optical drive device that reads data recorded on an optical disc using a laser beam or the like. Optical discs include Blu-ray Disc (registered trademark), CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable)/RW (Rewritable), and the like.

Also, the input/output interface 102 can connect a memory device and a memory reader/writer. The memory device is a recording medium equipped with a communication function with the input/output interface 102 . A memory reader/writer is a device that writes data to a memory card or reads data from a memory card. A memory card is a card-type recording medium.

A network interface 104 is connected to a network and controls the network interface. The network interface 104 can also use, for example, a NIC (Network Interface Card), a wireless LAN (Local Area Network) card, or the like. Data received by network interface 104 is output to memory 101 and processor 100 . The communication port 105 is a port for connecting to the external storage 20, such as a USB port. A communication port 105 is connected to an external storage 20 such as a USB, and data stored in the external storage 20 is output to the memory 101 and processor 100 via the communication port 105 .

The processing functions of the information processing apparatus 10 can be realized by the hardware configuration as described above. For example, the information processing device 10 can execute the processing of the present invention by the processor 100 executing a predetermined program.

The information processing apparatus 10 can cause the control unit 11 to execute the processing functions of the present invention by executing a program recorded in a computer-readable recording medium, for example. A program describing the contents of processing to be executed by the information processing apparatus 10 can be recorded in various recording media.

For example, a program to be executed by the information processing device 10 can be stored in the auxiliary storage device. The processor 100 loads at least part of the program in the auxiliary storage device into the main storage device and executes the program.

It can also be recorded in a portable recording medium such as an optical disc, memory device, or memory card. A program stored in a portable recording medium can be executed after being installed in an auxiliary storage device under the control of the processor 100, for example. Alternatively, the processor 100 can read and execute the program directly from the portable recording medium.

<Flowchart>
FIG. 4 is a flow chart showing an example of the operation of the information processing apparatus.
[Step S10] An external storage is connected to the information processing apparatus 10 by the user.
[Step S11] The control unit 11 determines whether or not a predetermined user operation has been performed. If the predetermined user operation has been performed, the process proceeds to step S12, and if the predetermined user operation has not been performed, the process proceeds to step S20. It should be noted that although the flow is such that execution of a predetermined user operation is determined after connection of the external storage, the external storage may be connected after execution of a predetermined user operation is determined.

The predetermined user operation is an operation in which the user presses the power button while pressing arbitrary multiple keys on the keyboard of the information processing apparatus 10 . For example, this corresponds to the operation of pressing the power button while simultaneously pressing "r", "m", "d", and "b" on the keyboard. Multiple key combinations can be arbitrarily changed in the BIOS setup.

[Step S12] When detecting execution of a predetermined user operation, the control unit 11 performs recognition processing of the connected external storage. Here, the control unit 11 disables the function of the communication port to which the external storage is connected when the device is started up, and when a predetermined user operation is detected, enables the function of the communication port to enable the external storage. Recognize whether or not there is a connection. As a result, when a predetermined user operation is not detected, the disabled state of the communication port continues and access from the external storage is prohibited, thereby improving security.

It should be noted that, in the OS (for example, Windows (registered trademark)), the fast startup mode is set by default to reduce the startup time, and the fast startup mode may skip the external storage recognition process. .
Even when such a fast start mode is set, the control unit 11 disables the fast start mode and executes external storage recognition processing upon detecting execution of a predetermined user operation.

[Step S13] The controller 11 determines whether the connected external storage is an external storage containing specific information. When the connection of the external storage containing the specific information (hereinafter sometimes referred to as the specific external storage) is detected, the process proceeds to step S14, and when the connection of the specific external storage is not detected, the process proceeds to step S20.

[Step S14] When the control unit 11 recognizes the specific information stored in the specific external storage, it shifts to a startup mode using the specific information. The fixed path of the specific external storage stores specific information (startup file or startup flag) defining that the device is started by the specific external storage. By detecting it, it shifts to boot mode using the specific external storage.

[Step S15] The boot password for booting from the specific external storage is preset in the control unit 11 by the BIOS setup. When the controller 11 shifts to the boot mode using the specific external storage, the controller 11 displays a password entry field on the screen.

The BIOS setup of a PC usually has a password for BIOS setup, an OS startup password, an HDD password, etc. In addition to these, a startup password for booting from a specific external storage is provided. .

[Step S16] The control unit 11 determines whether or not the activation password matches the password entered in the password entry field. If the activation password and the entered password match, the process proceeds to step S17, and if they do not match, the process proceeds to step S20.

[Step S17] The controller 11 disables access to the internal storage. For example, when internal storage is connected to a port of an expansion bus such as PCIe (Peripheral Component Interconnect Express: registered trademark), the control unit 11 logically disconnects the connection interface to prevent access to the internal storage. Disable access. Also, the built-in storage corresponds to, for example, an SSD in which user data (such as an OS) is installed, an extended HDD for storing data, and the like.

In this way, when the boot mode using the specific external storage is entered, the process of disabling access to the internal storage is executed, so even if the specific external storage contains a virus, for example, , security can be ensured because it does not affect user data stored in the built-in storage.

[Step S18] The controller 11 is activated in the activation mode using the specified external storage.
[Step S19] The controller 11 updates the BIOS using the BIOS update data stored in the specified external storage. An EFI (Extensible Firmware Interface) Shell is stored in the specific external storage, and the BIOS is updated using the EFI Shell. A boot program (eg, EFI/Boot/bootx64.efi) or boot batch (eg, startup.nsh) by a specific external storage conforms to the mechanism of EFI Shell.

[Step S20] The control unit 11 is activated in a normal activation mode. When booting in the normal boot mode and updating the BIOS, for example, update data is acquired via the Web and the BIOS is updated. The processing of steps S11 to S18 and step S20 is realized by executing the BIOS program before updating.

On the other hand, in the above, when the control unit 11 detects the connection of a non-specific external storage (non-specific external storage medium) that does not contain specific information, it prohibits device startup from the non-specific external storage and displays the device startup prohibition screen. display.

Further, when the connection is switched from the non-specified external storage to the specified external storage by the user while the device activation prohibition screen is being displayed, the control unit 11 executes the activation control from step S14 to step S19. As a result, by displaying the device start-up prohibition screen, for example, the user can easily recognize that he/she has accidentally connected a non-specific external storage and switch to the connection to the specific external storage. maintenance work becomes possible.

As described above, according to the present invention, user data in the internal storage can be accessed by using the external storage containing the specific information even for an information processing apparatus in which updating the BIOS from the external storage is prohibited. It is possible to boot the device and safely update the BIOS without Therefore, it is possible to improve the efficiency of maintenance work.

The processing functions of the information processing apparatus 10 of the present invention described above can be realized by a computer. In this case, a program describing the processing contents of the functions that the information processing apparatus 10 should have is provided. By executing the program on a computer, the above processing functions are realized on the computer.

A program describing the processing content can be recorded in a computer-readable recording medium. Computer-readable recording media include a magnetic storage unit, an optical disk, a magneto-optical recording medium, a semiconductor memory, and the like. The magnetic storage unit includes a hard disk device (HDD), flexible disk (FD), magnetic tape, and the like. Optical disks include CD-ROM/RW and the like. Magneto-optical recording media include MO (Magneto Optical disk) and the like.

When distributing a program, for example, portable recording media such as CD-ROMs on which the program is recorded are sold. It is also possible to store the program in the storage unit of the server computer and transfer the program from the server computer to another computer via the network.

A computer that executes a program stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage unit. Then, the computer reads the program from its own storage unit and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program.

The computer can also execute processing according to the received program every time the program is transferred from a server computer connected via a network. At least part of the processing functions described above can also be realized by electronic circuits such as DSPs, ASICs, and PLDs.

Although the embodiment has been illustrated above, the configuration of each unit shown in the embodiment can be replaced with another one having the same function. Also, any other components or steps may be added. Furthermore, any two or more configurations (features) of the above-described embodiments may be combined.

10 information processing device 11 control unit 12 storage unit (first storage unit)
13 storage unit (second storage unit)
2 Specified external storage medium

Claims (6)

When a predetermined user operation is detected at the time of device startup, the presence or absence of connection of an external storage medium is recognized, and when the presence of connection of a specific external storage medium containing specific information is detected, the device internal storage medium is read from the specific external storage medium. Disabling access to the first storage unit, executing device startup based on the specified information, and using update data stored in the specified external storage medium to set up the device stored in the second storage unit A control unit that performs start control for updating the program,
Information processing device having The control unit disables the function of the communication port to which the external storage medium is connected when the device is started up, and enables the function of the communication port when detecting the predetermined user operation. 2. The information processing apparatus according to claim 1, wherein a process of recognizing whether or not a medium is connected is performed. When detecting connection of a non-specific external storage medium that does not contain the specific information, the control unit prohibits device startup from the non-specific external storage medium, displays a device startup prohibition screen, and displays the device startup prohibition screen. 3. The information processing apparatus according to claim 2, wherein said activation control is executed when connection is switched from said non-specified external storage medium to said specified external storage medium during the display of . 2. The information processing apparatus according to claim 1, wherein the control unit detects pressing of a preset combination of keys on a keyboard and pressing of a power button as the predetermined user operation. When detecting that the specific external storage medium is connected, the control unit displays an input field for a dedicated password of the specific external storage medium, and detects that the dedicated password matches the input password. 2. The information processing apparatus according to claim 1, wherein said start-up control is executed at a time. to the computer,
When a predetermined user operation is detected when the device is started up, a process of recognizing whether or not an external storage medium is connected is performed,
When it is detected that a specific external storage medium containing specific information is connected, access from the specific external storage medium to a first storage unit built in the apparatus is disabled, and the apparatus is started based on the specific information. performing start control for updating the device setup program stored in the second storage unit using the update data stored in the specific external storage medium;
A program that causes an action to take place.

Images