RU129675U1 - COMPUTER TO START A THIN HYPERVISOR IN UEFI AT AN EARLY STAGE OF LOADING A COMPUTER - Google Patents

Abstract

1. A computer for starting a thin hypervisor in UEFI at an early stage of computer startup, including a motherboard with a system bus, a memory module containing UEFI, and at least one memory device with an operating system, while UEFI contains a thin hypervisor module that starts immediately after the transition to the driver execution environment and selecting at least one storage device for loading the main operating system. 2. A computer for starting a thin hypervisor in UEFI at an early stage of computer boot according to claim 1, characterized in that the memory module of the computer in which the UEFI is stored is a FLASH chip.3. A computer for starting a thin hypervisor in UEFI at an early stage of computer boot according to claim 1, characterized in that the thin hypervisor has a built-in antivirus module, which, when potentially dangerous files are detected, blocks them and transfers information to the main antivirus module, which runs inside the operating system.

Description

The proposed utility model relates to a computer containing an operating system that is protected from unauthorized access to information.

Currently, Unified Extensible Firmware (UEFI) is being developed for modern computers, or rather their motherboards. This interface is designed to replace the computer BIOS and is intended to correctly initialize the equipment when the system is turned on and transfer control to the bootloader of the operating system. UEFI has two phases: the preliminary EFI phase, at which the computer elements are initialized, and the Driver Execution Environment (DXE) driver loading phase, after which the computer operating system is already loaded, see, for example, US 2009319763 A1 dated 12.24.2009. Thanks to the use of UEFI, the loading of the computer operating system is accelerated.

The closest technical solution is RU 2446447 C2, dated 03/27/2012 which describes a computer for controlling access to operating systems using a hypervisor. This computer contains a motherboard with a system bus, a memory module containing a BIOS and a storage device with an operating system, and a hypervisor module. The BIOS has a set of instructions executed at the boot stage, which launch the hypervisor. The disadvantage of this system is not sufficient computer protection, because The hypervisor is stored in a section on the storage device, which may be subject to change.

The proposed technical solution is aimed at creating a computer to run a thin hypervisor in UEFI at an early stage of computer boot. In the proposed solution, the hypervisor is part of the UEFI located in the memory module and is not subject to change when the operating system is loaded, therefore such a computer has increased security of the operating system.

The task that the proposed utility model allows to solve is the possibility of guaranteed launch of the hypervisor before the start of any code located on accessible media / storage devices that are susceptible to virus attacks in order to prevent unauthorized access to information and check the entire information schedule by the antivirus, inside the hypervisor module itself.

The technical result of the proposed technical solution is to increase the security of the computer.

The technical result is achieved by the fact that the computer for starting a thin hypervisor in UEFI at an early stage of computer startup includes a motherboard with a system bus, a memory module containing UEFI, and at least one memory device with an operating system. At the same time, UEFI contains a thin hypervisor module that starts immediately after the transition to the driver execution environment and selects at least one storage device for loading the main operating system.

The memory module of the computer in which the UEFI is stored is essentially a FLASH chip.

In addition, it is preferable that the thin hypervisor has a built-in antivirus module, which, when it detects potentially dangerous files, will block them and transmit information to the main antivirus module that runs inside the operating system.

Figure 1 shows a diagram of a computer for starting a thin hypervisor in UEFI at an early stage in computer startup.

Consider the work of the proposed computer device to run a thin hypervisor in UEFI at an early stage of computer boot. To operate the proposed computer, the motherboard of the computer is used, which has a memory module in the form of a FLASH chip, where instead of BIOS (BIOS) UEFI is recorded. In addition, one of the parts of UEFI is the thin hypervisor module. The remaining elements of the computer represent standard computer elements: a processor with a cooling system, RAM, a video card, hard disks (SSD or HDD), on which a bootable operating system, a monitor, a case with a power supply, a keyboard and a mouse are installed.

The work of the proposed computer device to run a thin hypervisor in UEFI at an early stage of computer boot is as follows. The user turns on the computer, after which the UEFI download starts, and various graphic or textual design of the UEFI download can be formed on the monitor. After performing the UEFI transition to the driver execution environment - DXE, the hypervisor module is launched. The thin hypervisor module is a layer between the OS and interfaces, it virtualizes all device interfaces. That is, let's say the device has an interface for wireless access to the network, interfaces for a monitor, printer, and CD drive. In the usual case, the operating system sees these devices and accesses them directly. And a malicious program or an unauthorized user can, under certain conditions, gain access to these interfaces. When the thin hypervisor module is turned on, the OS sees only the hypervisor itself, without seeing the device interfaces directly, but only in the form that the hypervisor displays for it. Thus, certain users or programs (depending on the configuration of the hypervisor) simply will not see, for example, a printer, or wireless access to the network, because for them the hypervisor will not display these interfaces, and the system will assume that there is no such device on the computer. In contrast, a thin hypervisor can show the system any devices that do not really exist, such as a virtual printer or virtual hard disk. In addition, all traffic exchanged by the OS with any interfaces is processed by the hypervisor, and can be transmitted by the hypervisor for processing by the anti-virus module regardless of the OS, while the operating system itself, even if it is taken under the control of a malicious program, will not be to have information that such a check is carried out, which excludes the effect of viruses on the check process (and treatment). In our case, the peculiarity is that the launch of this thin hypervisor is carried out at the pre-boot stage described above, before launching any programs (and until the user has the ability to take actions) that could potentially affect the launch of the thin hypervisor or prevent it.

The hypervisor code is located inside the memory module microcircuit and is not subject to the possibility of changing or discrediting the code.

At the same time, an antivirus module can be integrated into the thin hypervisor module. In this case, the hypervisor virtualizes the interaction interfaces with the network and disk subsystems of the computer in order to add additional anti-virus scanning procedures for the transmitted schedule. When detecting potential dangers, the anti-virus module blocks this schedule and transfers information to the main anti-virus module, which runs inside the operating system. In addition to controlling the schedule, the hypervisor is designed to control the memory of processes in order to detect unauthorized changes. When changes are detected, the process is blocked and information is transmitted to the main antivirus module. The meaning of a thin hypervisor is that it is a layer between the operating system (OS) and device interfaces, with the hypervisor turned on, all OS calls to the network, disks, input and output devices do not go directly, as in the usual case, but are processed by the hypervisor, which can emulate any interfaces that do not exist in reality, or prohibit the system from seeing real ones, or replace them, which allows guaranteed control of traffic in order to detect virus activity and security threats, as well as e Define access policies for different users.

A specific embodiment of the proposed technical solution has been disclosed above, but it is obvious to any person skilled in the art that based on the disclosed data, it is possible to create computer variations for launching a thin hypervisor in UEFI, for example, storing the antivirus module code on a separate FLASH chip. Thus, the scope of the utility model should not be limited to the specific embodiment described in the proposed utility model formula.

Claims (3)

1. A computer for starting a thin hypervisor in UEFI at an early stage of computer startup, including a motherboard with a system bus, a memory module containing UEFI, and at least one memory device with an operating system, while UEFI contains a thin hypervisor module that starts immediately after the transition to the driver execution environment and selecting at least one storage device for loading the main operating system. 2. A computer for starting a thin hypervisor in UEFI at an early stage of computer boot according to claim 1, characterized in that the memory module of the computer in which the UEFI is stored is a FLASH chip. 3. A computer for starting a thin hypervisor in UEFI at an early stage of computer boot according to claim 1, characterized in that the thin hypervisor has a built-in antivirus module, which, when potentially dangerous files are detected, blocks them and transfers information to the main antivirus module, which runs inside the operating system .

Images