CN103119553B - Platform firmware armouring technology - Google Patents
Platform firmware armouring technology Download PDFInfo
- Publication number
- CN103119553B CN103119553B CN201180045399.XA CN201180045399A CN103119553B CN 103119553 B CN103119553 B CN 103119553B CN 201180045399 A CN201180045399 A CN 201180045399A CN 103119553 B CN103119553 B CN 103119553B
- Authority
- CN
- China
- Prior art keywords
- firmware
- platform
- controller
- platform firmware
- memory element
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 12
- 230000004044 response Effects 0.000 claims abstract description 12
- 238000000034 method Methods 0.000 description 81
- 238000004891 communication Methods 0.000 description 5
- 239000007787 solid Substances 0.000 description 5
- 230000001010 compromised Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000001808 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 230000003287 optical Effects 0.000 description 2
- 230000003068 static Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000003213 activating Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000003365 glass fiber Substances 0.000 description 1
- 229910052738 indium Inorganic materials 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- RZVAJINKPMORJF-UHFFFAOYSA-N p-acetaminophenol Chemical compound CC(=O)NC1=CC=C(O)C=C1 RZVAJINKPMORJF-UHFFFAOYSA-N 0.000 description 1
- 230000002093 peripheral Effects 0.000 description 1
- 230000001953 sensory Effects 0.000 description 1
Abstract
Disclose a kind of method, device, method, machine readable media and system.In one embodiment, described method includes processing routine.Described processing routine is included in the guiding of computer platform, will be located in the platform firmware updating device in described computer platform and is converted to platform firmware armouring technology (PFAT) pattern.Described computer platform includes the platform firmware memory element storing platform firmware.Subsequently, described method is converted to PFAT pattern in response to described platform firmware updating device and locks described platform firmware memory element constantly.When persistently locking, only after platform firmware updating device unlocking program, and the authentication codes module being only allowed in operation platform writes to platform firmware memory element.
Description
Technical field
The present invention relates to update computer platform firmware safely.
Background technology
The first group of instruction operated on the computer systems is derived from platform firmware.Platform firmware can include
It is associated with basic input/output, extended firmware, embedded controller and microcontroller firmware
Firmware, and this firmware at the memory element in arbitrarily other reside in computer platform.Flat
Platform firmware is frequently not static in the vital stage running through computer system.As have operating system and
As the renewal of software application, also there is the renewal of platform firmware.Because firmware instructions is to many computers
The Successful Operation of system is very important, so when updating firmware, carrying out more in a secured manner
New it is critical that.
Accompanying drawing explanation
The present invention is illustrated by way of example and not limited by the accompanying figures, labelling similar in the accompanying drawings
Indicate similar element, wherein:
Fig. 1 shows the embodiment of the computer system that can update platform firmware safely.
Fig. 2 is locked out platform component center makes it not allow to the write of system management firmware memory space
The flow chart of the embodiment of process.
Fig. 3 A shows the flow chart of the embodiment of the process starting security platform firmware more new procedures.
Fig. 3 B shows the flow chart of the embodiment of the process continuing security platform firmware more new procedures.
Fig. 4 is the stream of the embodiment of the process updating controller firmware in computer systems safely
Cheng Tu.
Detailed description of the invention
Disclose and can update the device of platform firmware, system, method and computer-readable Jie safely
The embodiment of matter.
Firmware in computer systems provides the one or more equipment in computer system
Polytype initialization, management and operational order.The renewal of firmware is normally filled with security breaches.As
Really the firmware that a piece is compromised can be supplied to computer system by malicious entities, then destroy being probably
Serious, this is because during the operation of computer system, firmware is normally below the virus of standard
The rank of rank protection.Therefore, at the reproducting periods of platform firmware, safety is extremely important.
In many examples, platform firmware armouring technology (platform is started in computer systems
Firmware armoring technology, PFAT) pattern.PFAT pattern limits most of entity more
The ability of new platform firmware.Exactly, PFAT pattern can require at safety certification code (AC)
Performed system management firmware by authentication codes module (ACM) under pattern to update.Operation mould in standard
In formula, platform component center (PCH) can stop any write and arrive storage.In order to allow firmware
Updating, logic can call ACM, and ACM can then pass through and perform CPU depositor
Specific write cycle time is used for writing to solve locking part storage.In many examples, ACM is
Only entity that can perform specific write cycle time, and once solve locking part storage, ACM is then
Only entity that can perform actual firmware renewal.Additionally, ACM can be with consolidating after measurement updaue
Part mirror image is supplied to the PKI of CPU to verify its verity to use.
Fig. 1 shows can the embodiment of computer system of security update platform firmware.
Show computer system 100.Computer system can be desktop computer, server, work station,
Kneetop computer, handheld, TV set-top box, media center, game console, integrated system (example
As in car), or other kinds of computer system.In several embodiments, computer system 100
Including one or more CPU (CPU), also referred to as " processor ".Although it is real in many
Execute and example potentially there are many CPU, but in order to clear, the most only show
Go out CPU102.CPU102 can beThe CPU of company or the CPU of another brand.?
In different embodiments, CPU102 includes one or more kernel.The CPU102 illustrated includes four
Individual kernel (kernel 104,106,108 and 110).
In many examples, each kernel includes internal functional blocks, the most one or more execution
Unit, withdrawal (retirement) unit, one group of general register and special register etc..At single line
In journey kernel, each kernel is referred to alternatively as hardware thread.When kernel is multithreading or hyperthread,
Then in each kernel, each thread of operation can also be referred to as hardware thread.Therefore, run
Any single-threaded of execution in computer system 100 all can be referred to as hardware thread.Such as, exist
In Fig. 1, if each kernel is single-threaded, there are four hardware threads (four the most in systems
Individual kernel).On the other hand, if each kernel is multithreading and has two lines of maintenance simultaneously
The ability of journey state, (four kernels, each kernel has to there are eight hardware threads the most in systems
Two threads).
CPU102 can also include one or more cache, such as cache 112.Permitted
In the most unshowned embodiment, it is possible to implement the other cache in addition to cache 112,
Make to exist between the performance element in memorizer and each kernel the cache of multiple rank.
In various embodiments, cache 112 can be distributed by different modes.Additionally, in difference
Embodiment in, cache 112 can have many different sizes.Such as, cache 112
Can be 8 Mbytes of (MB) caches, 16MB caches etc..Additionally, in different realities
Executing in example, cache can directly mapping cache, fully-associative cache, multichannel set associative
Cache, or there is the cache that another type maps.In many examples, cache
112 can include one in all interior internuclear shared big parts, or cache 112 is permissible
It is divided into several independent functional sheets (such as, a sheet being divided for each kernel).At a high speed
Caching 112 is additionally may included in all interior internuclear shared parts and only for for each kernel
Several other parts of vertical functional sheet.
In many examples, CPU102 includes providing and connecing that system storage 116 communicates
The integrated system Memory Controller 114 of mouth.In another unshowned embodiment, memorizer controls
Device 114 may be located at other the discrete unit in computer system 100.
System storage 116 can include dynamic random access memory (DRAM), the most double number
DRAM according to speed (DDR) type;Nonvolatile memory, such as flash memory, phase transition storage
(PCM);Or other type of memory technology.System storage 116 can be that storage is treated by CPU
The data of 102 operations and the general-purpose storage of instruction.Additionally, can have in computer system 100
Other potential equipment, described equipment has the ability read with writing system memorizer, such as can be straight
Connect the I/O(input/output of memory access (DMA)) equipment.
The link (that is, bus, interconnection etc.) coupled with system storage 116 by CPU102 is permissible
Including can transmit one or more optical fiber of data, address, control and clock information, metal or its
His electric wire (that is, circuit).
Platform controller hub 118(such as, I/O controller center) include making it possible at CPU102
And the I/O interface communicated between exterior I/O device.This center can include one or more I/O
Adapter, such as I/O adapter 120.The main-machine communication that I/O adapter will use in CPU102
Protocol conversion is the agreement compatible with specific I/O equipment (such as I/O equipment 122).Given I/O
Some agreements that adapter can be changed include peripheral component interconnection (pci), USB (universal serial bus)
(USB), IDE, SCSI and 1394 firewires etc..Furthermore, it is possible to have one or more wireless
Agreement I/O adapter.The example of wireless protocols has bluetooth, wireless protocols based on IEEE802.11,
With cellular protocol etc..
In many examples, in controller equiment 124 resides in computer system 100.Controller
Equipment 124 can be incorporated to multiple function.Such as, RAID storage controller equipment may reside in meter
In calculation machine system 100.RAID controller can manage hard-drive arrays or solid state hard disc (SSD)
Array.Other examples of controller equiment can be discrete outband management engine, embedded microcontroller
Device, or other type of controller.
In CPU, high-speed interface 126 can provide the link being coupled to one or more other CPU
Interface, and allow to carry out communication in CPU.Such as, in CPU, high-speed interface can be quick
Path interconnection or other similar interfaces.
It is not shown, but in many examples, computer system 100 includes providing
One or more client operating system (OS) is made to operate in the virtualization in virtual machine (VM) environment
The hardware and software logic of environment.Virtual machine monitor (VMM) or management program can be in systems
Logic in realize, (that is, make each VM and OS isolating the operating environment of each VM
And run other VM isolation present in application therein and system, and will not sensory perceptual system
Present in other VM).
In many examples, there is supervisor engine 1 28 within system 100.Management engine can wrap
Including multiple feature, described feature includes relating to remotely managing, the management of safety management and power management is patrolled
Volume.In many examples, supervisor engine 1 28 uses outer (OOB) communication port of band, and it is at meter
Operate under the rank of the operating system (OS) run in calculation machine system 100.OOB passage is usual
By be able to maintain that with remote system communicate regardless of whether the state of OS.In many examples, although
Computer system 100 is in low power state or completely closes, but OOB passage also can continue to lead to
Letter.In certain embodiments, supervisor engine 1 28 includesActive management technology hardware logic.
In other examples, another form of hardware logic is employed.
In many examples, during firmware is stored in computer system 100.It is stored in computer system
The firmware of any unit in 100 is referred to alternatively as " platform firmware ".More specifically, can exist multiple
The firmware of type.Such as, system management firmware memory element 130 can be with system management memory firmware 132.
System management firmware 130 can include extended firmware, basic input/output (BIOS), and
/ maybe can be used to during bootup process, such as provide the key instruction for computer system 100
Other kinds of firmware.Another firmware in computer systems can include for controller equiment
The platform controller firmware 134 of 124.This firmware can be stored in platform controller firmware storage 136
In, it is coupled with controller equiment 124.Platform controller firmware 132 can provide about management
The instruction of the feature of controller equiment 124.
In many examples, (such as, system administration is solid for each firmware memory element in systems
Part memory element 130, platform controller firmware memory element 136 etc.) include such as nand flash memory,
NOR flash memory, the memorizer of a kind of nonvolatile type of phase transition storage, or another form of non-easily
The property lost memorizer.
Although being shown without for purposes of clarity, but CPU can have other interface, example
As processed the high-speed i/o interface of figure and Network.In many examples, these High Speed I/O
Interface can include one or more PCI-Express interface.
Computer system 100 stores code and starts authentication codes module (ACM) 138 safely,
This authentication codes module 138 is that CPU102 calls and sign the soft of (that is, the security measurement of module)
Part module.The private key that the production firm of CPU102 can be used to manage utilizes asymmetric encryption to ACM
138 sign.When CPU102 calls ACM138, first by the hash of the PKI provided
Being authenticated, described PKI is stored in CPU102, chipset interlock circuit (the most discrete PCH),
Or in other hardware in computer systems.PKI is used to carry out by the information of internal private key encryption
Deciphering.In general, PKI will be constant.By using security procedure known to these to measure
ACM138, it is possible to confirmation module is trusted execution environments.For safety purposes, ACM can
To operate in authentication codes (AC) pattern.When in AC pattern, all of system break and
Event all can not interrupt ACM, and protects ACM not affected by other system and dma agent.
When with AC mode operation, only a hardware thread is movable, therefore gather every other firmly
Part thread also makes it into static/sleep state.
During the guiding first of computer system 100 or before this, it is provided that firmware updates public affairs
Key 140 also stores it in system management firmware storage 130.Firmware can be used to update PKI 140
Carry out authenticated firmware Mirror Info.In certain embodiments, PKI 140 is used exclusively solid for certification
Part mirror image.Although employ term " PKI " and some embodiments store actual alphanumeric,
Unencryption key, but in other examples, " PKI " can refer to the hash of PKI.Can be by public affairs
Key stores in read only memory (ROM) within a processor or other memory element.Can store scattered
Row and incomplete PKI saves memory space potentially.By consolidating of being written in computer system
Part mirror image can include PKI.Then can with Hash PKI in mirror image and by it with the most stored
The hash of the PKI in system ROM compares.In certain embodiments, for other peace
Full purpose can be by hash encryption.
In many examples, computer system 100 can enter platform firmware armouring technology (PFAT)
Pattern.PFAT pattern causes the locking of platform firmware.When in PFAT pattern, only allow to run
ACM in AC pattern performs the renewal to the firmware memory element in computer system 100 (i.e.,
Write).And even require that ACM performs specific process to allow platform firmware is stored in row write
Enter.Once in PFAT pattern, computer system can not exit this pattern.In many examples,
The PFAT pattern entered when each computer system guides causes the memorizer ground at any firmware place
Location locking space.Such as, because system management firmware storage 130 is by platform controller hub 118
It is coupled with CPU102, so any write for system management firmware storage 130 can route logical
Cross platform controller hub 118.When system is in PFAT pattern, platform controller hub 118
By any for refusal tentative write to the memory cell being preserved for system management firmware storage 130
(not first by the unlocking program based on ACM of safety).The unblock based on ACM of safety
Program is discussed below.
In many examples, the code performed in firmware during bootup process will arrange startup
The write-once depositor of PFAT pattern.Such as, the PFAT supervisor register being positioned in platform is permissible
There is PFAT start bit to start PFAT pattern.In certain embodiments, PFAT supervisor register
It is positioned at platform controller hub 118(PFAT depositor 142A) in.In other examples,
PFAT supervisor register is positioned at (the PFAT depositor 142B) elsewhere of CPU non-core.This
Depositor can have several positions relevant to management PFAT pattern.Such as, PFAT depositor can
To include PFAT pattern start bit, start PFAT pattern when arranging described start bit.It addition,
PFAT depositor can also include that PFAT pattern lock positions, do not allow when arranging described locking bit into
One step updates PFAT pattern start bit (before resetting completely) at least to system.Locking bit eliminates malice
Entity makes the ability of PFAT mode failures even during computer system 100 normal operating.
As discussed, once in PFAT pattern, the most do not allow regularly to representing that system administration is solid
The memory address space write of part storage 130.In many examples, when computer system 100
When entering PFAT pattern, platform controller hub 118 arranges internal PCH and locks depositor 144, its
It is unallowed for indicating the write to system management firmware storage 130.Depositor is locked when arranging PCH
When 114, platform controller hub 118 will abandon any trial affairs to firmware storage 130 write.
Additionally, in many examples, the firmware more new logic 146 operating in OS top layer is present in
In system storage 116.Firmware more new logic 146 can receive renewal in computer system 100
The request of the certain firmware existed.This more newly requested system manager that can come from network, it
May come from internal system (such as, carry out the amendment of selfreparing OS), or from other unit.?
In many embodiments, update the mirror image that the request of firmware updates along with reality.Firmware image or can
With the most adjoint request, or arrive in time receiving and accept request after a while.Firmware image can be
The rewriting completely (such as, new version) of firmware can be maybe the renewal of the smaller portions of whole firmware
(such as, rewriteeing the fraction of whole firmware).At certain time point, firmware more new logic 146 receives
Actual renewal mirror image.Firmware updates mirrored storage firmware image test in system storage 116
In storage 148.Once firmware more new logic 146 is by whole mirrored storage to test storage, then adjust
AC pattern is entered by ACM138 and system.From the master die running firmware more new logic 146
During formula is transformed into the ACM138 operated in AC pattern, sensing is by firmware more new logic 146
The pointer of the firmware image test storage Unit 148 in system memorizer 116 passes to ACM138.This
Kind of transmission can use the depositor in CPU102 to store pointer, or pointer can be stored in
Known transfer unit in system storage 116.
Once in AC pattern and be ready to store firmware image unit, ACM138 uses public affairs
Key 140 carrys out the authentication procedure of initialization firmware mirror image.Authentication procedure uses asymmetric cryptosystem to decipher also
And measure the firmware image received.In many examples, it is possible to use be stored in computer system
In immutable PKI verify that the firmware image received from suppliers is believable.In many
In embodiment, PKI is obtainable to any entity, and in other examples, one group limited
Entity has access privileges to read the memory element of storage of public keys.Such as, in certain embodiments,
ACM138 in AC pattern is only PKI 140 being able to access that and being stored in CPU102
Entity.
ACM138 performs PKI measurement and is stored in the firmware in firmware image test storage 148 with certification
Mirror image.If able to success identity firmware image (that is, the safety of mirror image is not compromised), then
ACM138 performs specific write cycle time to the lock depositor 150 in CPU102.In many embodiments
In, the lock depositor 150 in CPU102 is specific MSR(model related register), its
It is only capable of being write by the ACM in AC pattern.Therefore, this register pair is in the OS of mode standard
Or be prohibited from for the entity of another like.This specific write cycle time of lock depositor 150 is caused
CPU102 generates the unlocking command based on ACM of the safety sent to platform controller hub 118.
When the unlocking command of this safety arrives, the logic in platform controller hub 118 will be removed
PCH locks depositor 144.When removing PCH and locking depositor 114, platform controller hub 118
Permission writing system managed firmware is stored 130 address spaces.
Once allowing write firmware storage, the firmware image of certification is just surveyed by ACM138 from firmware image
Examination storage Unit 148 copy system management firmware storage 130 to.Once copy terminates, ACM138
Can so send lock order subsequently: specific write week by sending another to CPU lock depositor 150
Phase, this write cycle time then cause generate to platform controller hub 118 send safety based on ACM
Lock order.When platform component center 118 receive lock order time, in intracardiac logic PCH is set
Lock depositor 144, and stop the system management firmware storage 130 any write of reception again.
Aforementioned exemplary in FIG relates to the renewal of system management firmware 132.In another example,
Renewal can relate to platform controller firmware 134.
During computer system 100 guides each time, of short duration (that is, interim) can be generated
Password.The logic generating this of short duration password can be in CPU102, at system management firmware 132
In or in other unit of computer system 100.Of short duration password generally by operating system at computer
Early stage homing sequence before the normal operating of system generates.The of short duration password generated internally stores
In temporary password depositor 152 in CPU102.Also the password that this is same is distributed at meter
Calculation machine system needs carry out with CPU in the normal operation period any controller of secure handshake or its
His equipment.The such as controller of controller equiment 124 can have internal temporary password memory element
154, in order to be stored between boot time password allotment period the password received.Generally it is led through in safety
Create, distribute and store this of short duration password during journey to obtain higher safety.Safety is led through
Journey may be compromised than the most less, therefore distributes of short duration close during this time
Code will make password less may be stolen.
Subsequently, after computer system 100 complete operation (such as, be currently running OS), firmware
More new logic 146 can receive the request updating platform controller firmware 134.Please when receiving this
When asking, carry out about updating the mirror-image copies identical process to firmware image test memory element 148.
Firmware more new logic 146 is called ACM138 and the control of system is passed to ACM138.ACM
138 then certification mirror images, and if successfully have authenticated mirror image, it tries perform firmware and update.
But, unlike system management firmware 132, ACM138 does not have platform controller firmware 134
Control completely.
Controller equiment 124 can have the security procedure of himself and the independence being different from CPU102
Operational requirements.Substantially, controller equiment 124 expectation knows exactly which and stores controller firmware
The write request in 136 spaces in fact comes from ACM138.In order to create safer proof procedure,
ACM138 can send request to controller equiment 124 and perform in controller firmware storage 136
Address space firmware update.This request based on ACM can arrive together with of short duration password.
In order to verify the verity of the ACM138 request received, controller equiment 124 can be by
The of short duration password received in the request arrives during the current guiding of computer system 100 with initial
The of short duration password stored reached compares.In many examples, in controller equiment 124
More new logic 156 perform this and compare.If two passwords are identical, then controller equiment 124
136 address spaces can be stored to the write open controller firmware coming from ACM138.Otherwise,
Lockout controller firmware storage 136 will be kept, and controller equiment 124 can generate instruction safety
Certain error message of problem.In many examples, the closeest in order to be maintained in CPU102
The safety of the of short duration password in Code memory 152, is accessed this by ACM138 the most in the ac mode and posts
Storage.Further, in many examples, once ACM138 completes the firmware mirror of certification
As writing controller firmware stores 136, ACM138 just can then send to controller equiment 124
Follow-up communication, statement updates and terminates, thus controller equiment 124 is known and do not allowed to controller
Firmware memory space 136 writes further.
In many examples, ACM can implement rollback protection come for firmware update.Rollback is protected
Protect the more recent version being updated simply firmware renewal mirror image limiting platform firmware.In certain embodiments,
Firmware image can have the head including firmware version, and the most resident firmware has similar
Head.ACM can read two heads, and if new firmware image be that ratio is currently resident in
The firmware of the more redaction of the firmware in platform, the most only allows new firmware image is written to firmware storage
Unit.
Fig. 2 is locked out platform component center makes it not allow to the write of system management firmware memory space
The flow chart of the embodiment of process.Can be performed this process by processing logic, described process logic can
To include hardware circuit, software code, firmware code, or the knot of any these three type of process logic
Close.Run through whole this document use term " process logic " anything can be effectively with above-mentioned
The logic of the combination in any of logic and even other forms realizes.
The process carried out during processor guides by process logic starts from: arranges PFAT pattern and opens
The firmware that dynamic position (processing block 200) is come in activating computer system updates protection device.PFAT pattern
Start bit may be located in the firmware management depositor in the PCH equipment in computer system.Once set
Put PFAT pattern start bit to start PFAT, processed logic and PFAT pattern is then set starts lock
Location (processes block 202).PFAT pattern starts locking bit and does not allow to revise PFAT pattern further
Start bit.In many examples, PFAT pattern starts locking bit is to draw in each computer system
Once position is write when leading.In these embodiments, during computer system resets completely, Ke Yizai
Secondary amendment PFAT pattern lock positions.Therefore, start PFAT pattern and then lock PFAT pattern
Process will occur during guiding every time.
Although other embodiment the most not shown, but PFAT pattern start bit is write one
Secondary depositor, can not be modified in the whole residue vital stage of its computer system after being written.
In these embodiments, a PFAT pattern will be write during each computer system guides to start
Position, and hereafter whether instruction computer system is had been turned on by (until rebooting computer system)
PFAT pattern.This procedure block is as shown in block 200.Further, in these embodiments, PFAT mould
After formula startup locking bit writes like that not necessarily like PFAT pattern start bit during bootup process first
To forever can not again write.Therefore, procedure block 202 is not must in these alternative embodiments
Need.
Once finishing this process, computer platform will continue its bootstrap.
Fig. 3 A shows the flow chart of the embodiment of the process starting security platform firmware more new procedures.
Process logic to start from receiving the request (processing block 300) updating platform firmware.This request can
To relate to any type of renewable firmware in whole computer system.Therefore, implement at some
In example, this request can relate to system management firmware;In other examples, this request can
To relate to platform controller firmware;And in a further embodiment, it might even be possible to be stored in calculating
Other types in machine systems/platforms and the firmware of unit.
By processing the unit that the firmware image being associated with request is copied in system storage by logic
(process block 302) and continue described process.Depending on the type updated, mirror image can be whole solid
Part or be only a part.In many examples, mirror image is encryption.The mirror image of encryption may make
Encrypted with the rivest, shamir, adelman that make use of PKI.When setting up system or set up system slightly
PKI is supplied to computer system by the rear time.PKI can be securely stored in not writeable storage
Device unit, the such as security of system management firmware storage.Return to Fig. 3 A, the most by firmware
Mirror-image copies, to system storage, processes logic and uses in storage safe unit in computer systems
Useful PKI carry out certification mirror image (process block 304).
Can be come by the logic in ACM that is that call in systems and that run in AC pattern
Reason block 304 and block in figure 3 a.ACM is called discussed above is with reference to Fig. 1.Real in many
Execute in example, verification process include checking storage immutable PKI in systems with and mirror image together with include
PKI match.Security process in computer systems can be used to measure mirror image.Determine mirror
As the process of verity can use several forms, but it is desirable to result be confirm mirror image be not subject to
Harm.Process logical check mirror image and be the most verified as really (processing block 306).Though it addition,
So being shown without, but send firmware image the most in an encrypted form, it may need the ACM can
The extra decruption key accessed allows to carry out the deciphering of mirror image before certification.
If the authentification failure of mirror image, then process logic and send error message (processing block 308) to CPU.
Such as, process logic can start interruption failure/problem is notified to the certification of mirror image.On the other hand,
If success identity mirror image (that is, mirror image is verified as really), then process logic and can enter into figure
Process shown in 3B.
Fig. 3 B shows the flow chart of the embodiment of the process continuing security platform firmware more new procedures.
Now in handling process, process logic (such as, the logic in ACM) and unlock platform
Firmware memory element allows to carry out writing (processing block 310).It is system in platform firmware memory element
In the embodiment of managed firmware memory element (if reference Fig. 1 is mentioned above), demonstrating mirror
During verity (in the block 306 in figure 3 a) of picture, the logic in ACM proceeds to unlock
PCH is to allow the write to system management firmware memory element.Reside in controller at platform firmware to deposit
In other embodiments in storage, need another process to continue to be stored in row write to firmware and enter (at Fig. 4
Described in the process of controller based on firmware).
Return to Fig. 3 B, once unlock platform firmware memory element, process logic and firmware image is copied
To platform firmware memory element (processing block 312).Finally, by the mirror-image copies of certification to platform
After firmware memory element, process logic and then lock firmware memory element so that no longer allow write
Firmware memory element (processes block 314), and terminal procedure.
As the most discussed further, platform firmware storage releasing process depends on the place that firmware stores
Unit.In the case of platform firmware storage is system management firmware memory element, releasing process is permissible
Require 138 in the ACM(Fig. 1 run in the ac mode) lock depositor (Fig. 1 to CPU
In 150) write.In many examples, CPU lock depositor is in CPU(Fig. 1
102) MSR in non-core.The specific write MSR only started by the ACM in AC pattern
(WRMSR) order is to CPU lock depositor write.This process then generates for being present in PCH
The specific write of PCH lock depositor (in Fig. 1 114) in (in Fig. 1 118).For
The writing commands of PCH lock depositor may cause to PCH and stores (in Fig. 1 to system management firmware
130) opening write capability, this will allow ACM by correct for new system management firmware mirror image write
Memory element.When terminating write mirror image, similar WRMSR order then can be started to same
CPU lock depositor relocks system management firmware storage.
Fig. 4 is the stream of the embodiment of the process updating controller firmware in computer systems safely
Cheng Tu.In many examples, the process streams that figure 4 illustrates includes the place for ACM/CPU
Reason logic and the process logic of the controller for discussing.Therefore, in order to make process understand
Each block of logical process, the left side (left side of heavy dashed lines) of Fig. 4 can represent and ACM/CPU
Relevant logic, and the right side of Fig. 4 (the right of heavy dashed lines) can represent relevant to controller
Logic.
During the homing sequence of computer platform, process logic based on CPU starts from creating of short duration
Password (processes block 400).Of short duration password can be by current system management firmware or in computer system
Other logics be randomly generated.Subsequently, this random cipher will be locally stored in by processing logic
CPU only has in the addressable memory element of ACM, or is stored in another peace that can be accessed by CPU
Full memory element (processes block 402).Such as, temporary password depositor (Fig. 1 in CPU
In 152) this of short duration password generated can be stored, and this depositor can only be by AC
ACM in pattern is accessed.
Process logic based on CPU then sends of short duration password (processing block 404) to controller.Control
Device processed processes logic and still receives of short duration password (processing block 406) during System guides sequence.At this
Time, controller processes logic and supposes that of short duration password is effective, this is because system comes into normally
Operate and should not have had a chance to be compromised.Process logic then to be entered by the of short duration password received
Row locally stored (processing block 408) (such as, can be by of short duration password storage temporary password in FIG
In storage 154).At this moment, process logic in the controller waits until that receiving firmware renewal asks
Ask.
During this period, returning to Fig. 3 A, entity can ask to update platform firmware (in Fig. 3 A 300),
And process logic based on CPU/ACM will carry out, by the block being associated with Fig. 3 A, the control that certification is new
Device dedicated platform firmware image processed.Certification mirror image the most, ACM processes logic and will process at Fig. 3 A
In next block, and to controller send request update controller firmware, it includes in the request
Of short duration password (process block 410).Controller logic receive have by CPU store the ofest short duration
The firmware of password is more newly requested (processing block 412).To just receive it follows that controller processes logic
Current of short duration password and the credible of short duration password received during bootup process compare and (process
Block 414).
If coupling (processing block 416), then controller process logic turn allows for from ACM to control
The firmware of device is stored in row write and enters, and sends acceptance renewal response (processing block 418) to ACM.
Process logic based on ACM is controlled device more newly arrives continuation by continuing process block in figure 3b
Its renewal processes.Otherwise, if it does not match, controller processes logic sends refusal sound to ACM
Answer (continuing not allow the firmware to controller to be stored in row write to enter) simultaneously.Logic based on ACM connects
Receive refusal response and start faulty sequence (processing block 422).Faulty sequence can be various, such as life
Become to interrupt, error flag is set, causes system to be closed, or by management engine (in Fig. 1 128)
Other responses such as band external information relating to mistake are sent to information technology administrators.
The element of embodiments of the invention can also be provided for storing the machine of machine-executable instruction
Device computer-readable recording medium.Machine readable media can include but are not limited to, flash memory, CD, read-only optical disc
Memorizer (CD-ROM), digital universal/video disc (DVD) ROM, random access storage device
(RAM), Erasable Programmable Read Only Memory EPROM (EPROM), electrically erasable is read-only deposits
Reservoir (EEPROM), magnetic card or optical card, communication media or other kinds of being applicable to store electricity
The machine readable medium of sub-instructions.
In description above and claims, it is possible to use term " include " and " comprising " with
And their derivative, and it is intended to the synonym used them as each other.Additionally, in following description
In book and claims, it is possible to use term " couples " and " connection " and their derivative.
Should be appreciated that, it is not intended to these terms are used as synonym each other.On the contrary, implement specific
In example, " connection " may be used to indicate that two or more elements are direct physical contact each other
Or electrical contact." couple " and may mean that two or more elements are that direct physical contacts or electricity connects
Touch.But, " coupling " can also mean that two or more element is not the most directly to connect
Touch, but the most still can cooperate or alternately.
In the above description, use certain term to describe embodiments of the invention.Such as, term
" logic " represents for performing the hardware of one or more function, firmware, software (or its any group
Close).Such as, the example of " hardware " includes but not limited to: integrated circuit, finite state machine, or very
To being combination logic.Integrated circuit can be to use following form: the processor of such as microprocessor, specially
With integrated circuit, digital signal processor, microcontroller etc..
It should be appreciated that mention " embodiment " or " embodiment " the most in the whole text
Mean that the specific features, structure or the characteristic that combine the description of this embodiment are included at least the one of the present invention
In individual embodiment.Therefore, it should emphasize and be understood by, the most everywhere twice or repeatedly carry
Not necessarily all refer to same to " embodiment " or " embodiment " or " alternative embodiment "
One embodiment.Additionally, described concrete feature, structure or characteristic can be the one of the present invention or many
Individual embodiment combines in any suitable manner.
Similarly, it should be appreciated that in description to embodiments of the invention above, in order to make
Obtain the disclosure smooth to help to understand the one or more purpose in each invention scheme, and sometimes
Various features are combined to together in single embodiment, figure or its description.It can however not by this public affairs
The extraction of root is construed to react in each claim of aspect ratio that theme required for protection needs clearly
The more intention of statement.But, reacted according to claims, the scheme institute of invention
The feature relied on is less than single whole features in foregoing disclosed embodiment.Therefore, will be appended hereto
The claim described in detail is expressly incorporated in this detailed description.
Claims (16)
1. the method updating computer platform firmware, including:
In the guiding of computer platform, will be located in the more new clothes of the platform firmware in described computer platform
Putting the platform firmware armouring technology PFAT pattern that is converted to, wherein, described computer platform includes storing
The platform firmware memory element of one platform firmware;
Be converted to PFAT pattern in response to described platform firmware updating device, lock described platform constantly
Firmware memory element, wherein, when persistently locking, does not allow any entity to deposit to described platform firmware
Storage unit writes, unless after platform firmware updating device unlocking program, by authentication codes mould
Block ACM writes.
Method the most according to claim 1, wherein, described unlocking program also includes:
Described platform firmware updating device starts the specific memory to PFAT protection control depositor and writes
Entering the cycle, wherein, the described specific memory that described PFAT protection controls depositor causes write cycle
Make to be coupled to the controller of described platform firmware memory element accept from described platform firmware updating device to
The writing commands in described platform firmware access unit address space.
Method the most according to claim 2, also includes:
Common encryption key is supplied to described platform firmware memory element;
Reception renewal firmware image updates the non-security request of described first platform firmware;
Respond described non-security request, described renewal firmware image is loaded in described computer platform
System storage in;
Once firmware image is fully loaded in system storage, then calls described ACM;
Described common encryption key is used to perform the certification of described renewal firmware image;
In response to updating firmware image described in success identity, perform for described platform firmware memory element
Unlocking program;And
The firmware image of certification is copied the storage of to described platform firmware single from described system storage
Unit.
Method the most according to claim 3, also includes:
When the authentification failure of described firmware image, issue mistake.
Method the most according to claim 3, wherein, described first platform firmware includes system pipes
Reason firmware, and wherein, described controller includes platform component center.
Method the most according to claim 3, wherein, described first platform firmware includes controller
Managed firmware, and wherein, described controller includes the controller being positioned in described computer platform.
Method the most according to claim 6, also includes:
In the guiding each time of described computer platform,
Generate of short duration password;
Described of short duration password is stored in the safe unit being only capable of being accessed by described ACM;And
Described of short duration password is at least assigned to the controller coupled with described platform firmware memory element.
Method the most according to claim 7, also includes:
Firmware image is updated described in the successfully certification of described common encryption key in response to using, described
ACM sends security request to described controller asks license to update described controller management firmware, its
In, described security request includes described of short duration password;
Described controller is by the described of short duration password received from described security request and at described computer
The described of short duration password received during the guiding recently of platform compares;And
Being identical in response to two described of short duration passwords, it is right that described controller allows described ACM to perform
Described controller management firmware is updated.
9. update a device for computer platform firmware, including:
For in the guiding of computer platform, will be located in the platform firmware in described computer platform more
New equipment is converted to the module of platform firmware armouring technology PFAT pattern, wherein, described computer platform
Including the platform firmware memory element storing the first platform firmware;
For being converted to PFAT pattern in response to described platform firmware updating device, locking is described constantly
The module of platform firmware memory element, wherein, when persistently locking, does not allow any entity to described
Platform firmware memory element writes, unless after platform firmware updating device unlocking program, by
Authentication codes modules A CM writes.
Device the most according to claim 9, wherein, described unlocking program also includes:
Described platform firmware updating device starts the specific memory to PFAT protection control depositor and writes
Entering the cycle, wherein, the described specific memory that described PFAT protection controls depositor causes write cycle
Make to be coupled to the controller of described platform firmware memory element accept from described platform firmware updating device to
The writing commands in described platform firmware access unit address space.
11. devices according to claim 10, also include:
For common encryption key being supplied to the module of described platform firmware memory element;
For receiving the mould of the non-security request updating described first platform firmware with renewal firmware image
Block;
For responding described non-security request, described renewal firmware image is loaded into described computer and puts down
The module in system storage in platform;
For being once fully loaded in system storage by firmware image, then call described ACM's
Module;
For using the module of the certification of the described common encryption key described renewal firmware image of execution;
For in response to updating firmware image described in success identity, perform to store for described platform firmware
The module of the unlocking program of unit;And
For copying the firmware image of certification the storage of to described platform firmware from described system storage
The module of unit.
12. devices according to claim 11, also include:
For during when the authentification failure of described firmware image, issue the module of mistake.
13. devices according to claim 11, wherein, described first platform firmware includes system
Managed firmware, and wherein, described controller includes platform component center.
14. devices according to claim 11, wherein, described first platform firmware includes controlling
Device managed firmware, and wherein, described controller includes the controller being positioned in described computer platform.
15. devices according to claim 14, also include:
In the guiding each time of described computer platform,
For generating the module of of short duration password;
For described of short duration password being stored in the module of safe unit being only capable of being accessed by described ACM;
And
For the control being at least assigned to couple with described platform firmware memory element by described of short duration password
The module of device.
16. devices according to claim 15, also include:
Firmware image is updated described in the successfully certification of described common encryption key in response to using, described
ACM sends security request to described controller asks license to update described controller management firmware, its
In, described security request includes described of short duration password;
Described controller is by the described of short duration password received from described security request and at described computer
The described of short duration password received during the guiding recently of platform compares;And
Being identical in response to two described of short duration passwords, it is right that described controller allows described ACM to perform
Described controller management firmware is updated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611007938.1A CN107092495B (en) | 2010-09-22 | 2011-09-12 | Platform firmware armoring technology |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/887,866 US8522322B2 (en) | 2010-09-22 | 2010-09-22 | Platform firmware armoring technology |
US12/887,866 | 2010-09-22 | ||
PCT/US2011/051160 WO2012039971A2 (en) | 2010-09-22 | 2011-09-12 | Platform firmware armoring technology |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611007938.1A Division CN107092495B (en) | 2010-09-22 | 2011-09-12 | Platform firmware armoring technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103119553A CN103119553A (en) | 2013-05-22 |
CN103119553B true CN103119553B (en) | 2016-12-14 |
Family
ID=
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107092495A (en) | Platform firmware armouring technology | |
US10516533B2 (en) | Password triggered trusted encryption key deletion | |
CN106462708B (en) | Authenticate the management method and device of variable | |
CN105022954B (en) | Soar tri-state operation system security kernel service dynamic operation method on CPU | |
WO2019104988A1 (en) | Plc security processing unit and bus arbitration method thereof | |
CN109858265A (en) | A kind of encryption method, device and relevant device | |
KR20170095161A (en) | Secure system on chip | |
JP2016025616A (en) | Method for protecting data stored in disk drive, and portable computer | |
US20080134321A1 (en) | Tamper-resistant method and apparatus for verification and measurement of host agent dynamic data updates | |
CN103353931A (en) | Security-enhanced computer systems and methods | |
JP2008052704A (en) | Computer and shared password management method | |
KR20210090505A (en) | Memory controller, storage device including the same | |
CN102208000A (en) | Method and system for providing security mechanisms for virtual machine images | |
TW201349007A (en) | Systems and methods for providing anti-malware protection on storage devices | |
EP2619707B1 (en) | Verification and protection of genuine software installationv using hardware super key | |
US11615207B2 (en) | Security processor configured to authenticate user and authorize user for user data and computing system including the same | |
EP3757838B1 (en) | Warm boot attack mitigations for non-volatile memory modules | |
CN105740733A (en) | Encrypted mobile hard disk and realization method thereof | |
CN104361280B (en) | A kind of method realizing carrying out authentic authentication to USB storage device by SMI interrupt | |
US8972745B2 (en) | Secure data handling in a computer system | |
CN104361298A (en) | Method and device for information safety and confidentiality | |
JP2005182816A (en) | Method for autonomously jointing subsystem for theft prevention to system | |
CN102473225B (en) | For the protection of the method for digital storage equipment, system and equipment | |
JP2021060721A (en) | Memory system | |
US9064118B1 (en) | Indicating whether a system has booted up from an untrusted image |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161214 Termination date: 20190912 |