CN103119553B - Platform firmware armouring technology - Google Patents

Abstract

Disclose a kind of method, device, method, machine readable media and system.In one embodiment, described method includes processing routine.Described processing routine is included in the guiding of computer platform, will be located in the platform firmware updating device in described computer platform and is converted to platform firmware armouring technology (PFAT) pattern.Described computer platform includes the platform firmware memory element storing platform firmware.Subsequently, described method is converted to PFAT pattern in response to described platform firmware updating device and locks described platform firmware memory element constantly.When persistently locking, only after platform firmware updating device unlocking program, and the authentication codes module being only allowed in operation platform writes to platform firmware memory element.

Description

Platform firmware armouring technology

Technical field

The present invention relates to update computer platform firmware safely.

Background technology

The first group of instruction operated on the computer systems is derived from platform firmware.Platform firmware can include It is associated with basic input/output, extended firmware, embedded controller and microcontroller firmware Firmware, and this firmware at the memory element in arbitrarily other reside in computer platform.Flat Platform firmware is frequently not static in the vital stage running through computer system.As have operating system and As the renewal of software application, also there is the renewal of platform firmware.Because firmware instructions is to many computers The Successful Operation of system is very important, so when updating firmware, carrying out more in a secured manner New it is critical that.

Accompanying drawing explanation

The present invention is illustrated by way of example and not limited by the accompanying figures, labelling similar in the accompanying drawings Indicate similar element, wherein:

Fig. 1 shows the embodiment of the computer system that can update platform firmware safely.

Fig. 2 is locked out platform component center makes it not allow to the write of system management firmware memory space The flow chart of the embodiment of process.

Fig. 3 A shows the flow chart of the embodiment of the process starting security platform firmware more new procedures.

Fig. 3 B shows the flow chart of the embodiment of the process continuing security platform firmware more new procedures.

Fig. 4 is the stream of the embodiment of the process updating controller firmware in computer systems safely Cheng Tu.

Detailed description of the invention

Disclose and can update the device of platform firmware, system, method and computer-readable Jie safely The embodiment of matter.

Firmware in computer systems provides the one or more equipment in computer system Polytype initialization, management and operational order.The renewal of firmware is normally filled with security breaches.As Really the firmware that a piece is compromised can be supplied to computer system by malicious entities, then destroy being probably Serious, this is because during the operation of computer system, firmware is normally below the virus of standard The rank of rank protection.Therefore, at the reproducting periods of platform firmware, safety is extremely important.

In many examples, platform firmware armouring technology (platform is started in computer systems Firmware armoring technology, PFAT) pattern.PFAT pattern limits most of entity more The ability of new platform firmware.Exactly, PFAT pattern can require at safety certification code (AC) Performed system management firmware by authentication codes module (ACM) under pattern to update.Operation mould in standard In formula, platform component center (PCH) can stop any write and arrive storage.In order to allow firmware Updating, logic can call ACM, and ACM can then pass through and perform CPU depositor Specific write cycle time is used for writing to solve locking part storage.In many examples, ACM is Only entity that can perform specific write cycle time, and once solve locking part storage, ACM is then Only entity that can perform actual firmware renewal.Additionally, ACM can be with consolidating after measurement updaue Part mirror image is supplied to the PKI of CPU to verify its verity to use.

Fig. 1 shows can the embodiment of computer system of security update platform firmware.

Show computer system 100.Computer system can be desktop computer, server, work station, Kneetop computer, handheld, TV set-top box, media center, game console, integrated system (example As in car), or other kinds of computer system.In several embodiments, computer system 100 Including one or more CPU (CPU), also referred to as " processor ".Although it is real in many Execute and example potentially there are many CPU, but in order to clear, the most only show Go out CPU102.CPU102 can beThe CPU of company or the CPU of another brand.? In different embodiments, CPU102 includes one or more kernel.The CPU102 illustrated includes four Individual kernel (kernel 104,106,108 and 110).

In many examples, each kernel includes internal functional blocks, the most one or more execution Unit, withdrawal (retirement) unit, one group of general register and special register etc..At single line In journey kernel, each kernel is referred to alternatively as hardware thread.When kernel is multithreading or hyperthread, Then in each kernel, each thread of operation can also be referred to as hardware thread.Therefore, run Any single-threaded of execution in computer system 100 all can be referred to as hardware thread.Such as, exist In Fig. 1, if each kernel is single-threaded, there are four hardware threads (four the most in systems Individual kernel).On the other hand, if each kernel is multithreading and has two lines of maintenance simultaneously The ability of journey state, (four kernels, each kernel has to there are eight hardware threads the most in systems Two threads).

CPU102 can also include one or more cache, such as cache 112.Permitted In the most unshowned embodiment, it is possible to implement the other cache in addition to cache 112, Make to exist between the performance element in memorizer and each kernel the cache of multiple rank. In various embodiments, cache 112 can be distributed by different modes.Additionally, in difference Embodiment in, cache 112 can have many different sizes.Such as, cache 112 Can be 8 Mbytes of (MB) caches, 16MB caches etc..Additionally, in different realities Executing in example, cache can directly mapping cache, fully-associative cache, multichannel set associative Cache, or there is the cache that another type maps.In many examples, cache 112 can include one in all interior internuclear shared big parts, or cache 112 is permissible It is divided into several independent functional sheets (such as, a sheet being divided for each kernel).At a high speed Caching 112 is additionally may included in all interior internuclear shared parts and only for for each kernel Several other parts of vertical functional sheet.

In many examples, CPU102 includes providing and connecing that system storage 116 communicates The integrated system Memory Controller 114 of mouth.In another unshowned embodiment, memorizer controls Device 114 may be located at other the discrete unit in computer system 100.

System storage 116 can include dynamic random access memory (DRAM), the most double number DRAM according to speed (DDR) type；Nonvolatile memory, such as flash memory, phase transition storage (PCM)；Or other type of memory technology.System storage 116 can be that storage is treated by CPU The data of 102 operations and the general-purpose storage of instruction.Additionally, can have in computer system 100 Other potential equipment, described equipment has the ability read with writing system memorizer, such as can be straight Connect the I/O(input/output of memory access (DMA)) equipment.

The link (that is, bus, interconnection etc.) coupled with system storage 116 by CPU102 is permissible Including can transmit one or more optical fiber of data, address, control and clock information, metal or its His electric wire (that is, circuit).

Platform controller hub 118(such as, I/O controller center) include making it possible at CPU102 And the I/O interface communicated between exterior I/O device.This center can include one or more I/O Adapter, such as I/O adapter 120.The main-machine communication that I/O adapter will use in CPU102 Protocol conversion is the agreement compatible with specific I/O equipment (such as I/O equipment 122).Given I/O Some agreements that adapter can be changed include peripheral component interconnection (pci), USB (universal serial bus) (USB), IDE, SCSI and 1394 firewires etc..Furthermore, it is possible to have one or more wireless Agreement I/O adapter.The example of wireless protocols has bluetooth, wireless protocols based on IEEE802.11, With cellular protocol etc..

In many examples, in controller equiment 124 resides in computer system 100.Controller Equipment 124 can be incorporated to multiple function.Such as, RAID storage controller equipment may reside in meter In calculation machine system 100.RAID controller can manage hard-drive arrays or solid state hard disc (SSD) Array.Other examples of controller equiment can be discrete outband management engine, embedded microcontroller Device, or other type of controller.

In CPU, high-speed interface 126 can provide the link being coupled to one or more other CPU Interface, and allow to carry out communication in CPU.Such as, in CPU, high-speed interface can be quick Path interconnection or other similar interfaces.

It is not shown, but in many examples, computer system 100 includes providing One or more client operating system (OS) is made to operate in the virtualization in virtual machine (VM) environment The hardware and software logic of environment.Virtual machine monitor (VMM) or management program can be in systems Logic in realize, (that is, make each VM and OS isolating the operating environment of each VM And run other VM isolation present in application therein and system, and will not sensory perceptual system Present in other VM).

In many examples, there is supervisor engine 1 28 within system 100.Management engine can wrap Including multiple feature, described feature includes relating to remotely managing, the management of safety management and power management is patrolled Volume.In many examples, supervisor engine 1 28 uses outer (OOB) communication port of band, and it is at meter Operate under the rank of the operating system (OS) run in calculation machine system 100.OOB passage is usual By be able to maintain that with remote system communicate regardless of whether the state of OS.In many examples, although Computer system 100 is in low power state or completely closes, but OOB passage also can continue to lead to Letter.In certain embodiments, supervisor engine 1 28 includesActive management technology hardware logic. In other examples, another form of hardware logic is employed.

In many examples, during firmware is stored in computer system 100.It is stored in computer system The firmware of any unit in 100 is referred to alternatively as " platform firmware ".More specifically, can exist multiple The firmware of type.Such as, system management firmware memory element 130 can be with system management memory firmware 132. System management firmware 130 can include extended firmware, basic input/output (BIOS), and / maybe can be used to during bootup process, such as provide the key instruction for computer system 100 Other kinds of firmware.Another firmware in computer systems can include for controller equiment The platform controller firmware 134 of 124.This firmware can be stored in platform controller firmware storage 136 In, it is coupled with controller equiment 124.Platform controller firmware 132 can provide about management The instruction of the feature of controller equiment 124.

In many examples, (such as, system administration is solid for each firmware memory element in systems Part memory element 130, platform controller firmware memory element 136 etc.) include such as nand flash memory, NOR flash memory, the memorizer of a kind of nonvolatile type of phase transition storage, or another form of non-easily The property lost memorizer.

Although being shown without for purposes of clarity, but CPU can have other interface, example As processed the high-speed i/o interface of figure and Network.In many examples, these High Speed I/O Interface can include one or more PCI-Express interface.

Computer system 100 stores code and starts authentication codes module (ACM) 138 safely, This authentication codes module 138 is that CPU102 calls and sign the soft of (that is, the security measurement of module) Part module.The private key that the production firm of CPU102 can be used to manage utilizes asymmetric encryption to ACM 138 sign.When CPU102 calls ACM138, first by the hash of the PKI provided Being authenticated, described PKI is stored in CPU102, chipset interlock circuit (the most discrete PCH), Or in other hardware in computer systems.PKI is used to carry out by the information of internal private key encryption Deciphering.In general, PKI will be constant.By using security procedure known to these to measure ACM138, it is possible to confirmation module is trusted execution environments.For safety purposes, ACM can To operate in authentication codes (AC) pattern.When in AC pattern, all of system break and Event all can not interrupt ACM, and protects ACM not affected by other system and dma agent. When with AC mode operation, only a hardware thread is movable, therefore gather every other firmly Part thread also makes it into static/sleep state.

During the guiding first of computer system 100 or before this, it is provided that firmware updates public affairs Key 140 also stores it in system management firmware storage 130.Firmware can be used to update PKI 140 Carry out authenticated firmware Mirror Info.In certain embodiments, PKI 140 is used exclusively solid for certification Part mirror image.Although employ term " PKI " and some embodiments store actual alphanumeric, Unencryption key, but in other examples, " PKI " can refer to the hash of PKI.Can be by public affairs Key stores in read only memory (ROM) within a processor or other memory element.Can store scattered Row and incomplete PKI saves memory space potentially.By consolidating of being written in computer system Part mirror image can include PKI.Then can with Hash PKI in mirror image and by it with the most stored The hash of the PKI in system ROM compares.In certain embodiments, for other peace Full purpose can be by hash encryption.

In many examples, computer system 100 can enter platform firmware armouring technology (PFAT) Pattern.PFAT pattern causes the locking of platform firmware.When in PFAT pattern, only allow to run ACM in AC pattern performs the renewal to the firmware memory element in computer system 100 (i.e., Write).And even require that ACM performs specific process to allow platform firmware is stored in row write Enter.Once in PFAT pattern, computer system can not exit this pattern.In many examples, The PFAT pattern entered when each computer system guides causes the memorizer ground at any firmware place Location locking space.Such as, because system management firmware storage 130 is by platform controller hub 118 It is coupled with CPU102, so any write for system management firmware storage 130 can route logical Cross platform controller hub 118.When system is in PFAT pattern, platform controller hub 118 By any for refusal tentative write to the memory cell being preserved for system management firmware storage 130 (not first by the unlocking program based on ACM of safety).The unblock based on ACM of safety Program is discussed below.

In many examples, the code performed in firmware during bootup process will arrange startup The write-once depositor of PFAT pattern.Such as, the PFAT supervisor register being positioned in platform is permissible There is PFAT start bit to start PFAT pattern.In certain embodiments, PFAT supervisor register It is positioned at platform controller hub 118(PFAT depositor 142A) in.In other examples, PFAT supervisor register is positioned at (the PFAT depositor 142B) elsewhere of CPU non-core.This Depositor can have several positions relevant to management PFAT pattern.Such as, PFAT depositor can To include PFAT pattern start bit, start PFAT pattern when arranging described start bit.It addition, PFAT depositor can also include that PFAT pattern lock positions, do not allow when arranging described locking bit into One step updates PFAT pattern start bit (before resetting completely) at least to system.Locking bit eliminates malice Entity makes the ability of PFAT mode failures even during computer system 100 normal operating.

As discussed, once in PFAT pattern, the most do not allow regularly to representing that system administration is solid The memory address space write of part storage 130.In many examples, when computer system 100 When entering PFAT pattern, platform controller hub 118 arranges internal PCH and locks depositor 144, its It is unallowed for indicating the write to system management firmware storage 130.Depositor is locked when arranging PCH When 114, platform controller hub 118 will abandon any trial affairs to firmware storage 130 write.

Additionally, in many examples, the firmware more new logic 146 operating in OS top layer is present in In system storage 116.Firmware more new logic 146 can receive renewal in computer system 100 The request of the certain firmware existed.This more newly requested system manager that can come from network, it May come from internal system (such as, carry out the amendment of selfreparing OS), or from other unit.? In many embodiments, update the mirror image that the request of firmware updates along with reality.Firmware image or can With the most adjoint request, or arrive in time receiving and accept request after a while.Firmware image can be The rewriting completely (such as, new version) of firmware can be maybe the renewal of the smaller portions of whole firmware (such as, rewriteeing the fraction of whole firmware).At certain time point, firmware more new logic 146 receives Actual renewal mirror image.Firmware updates mirrored storage firmware image test in system storage 116 In storage 148.Once firmware more new logic 146 is by whole mirrored storage to test storage, then adjust AC pattern is entered by ACM138 and system.From the master die running firmware more new logic 146 During formula is transformed into the ACM138 operated in AC pattern, sensing is by firmware more new logic 146 The pointer of the firmware image test storage Unit 148 in system memorizer 116 passes to ACM138.This Kind of transmission can use the depositor in CPU102 to store pointer, or pointer can be stored in Known transfer unit in system storage 116.

Once in AC pattern and be ready to store firmware image unit, ACM138 uses public affairs Key 140 carrys out the authentication procedure of initialization firmware mirror image.Authentication procedure uses asymmetric cryptosystem to decipher also And measure the firmware image received.In many examples, it is possible to use be stored in computer system In immutable PKI verify that the firmware image received from suppliers is believable.In many In embodiment, PKI is obtainable to any entity, and in other examples, one group limited Entity has access privileges to read the memory element of storage of public keys.Such as, in certain embodiments, ACM138 in AC pattern is only PKI 140 being able to access that and being stored in CPU102 Entity.

ACM138 performs PKI measurement and is stored in the firmware in firmware image test storage 148 with certification Mirror image.If able to success identity firmware image (that is, the safety of mirror image is not compromised), then ACM138 performs specific write cycle time to the lock depositor 150 in CPU102.In many embodiments In, the lock depositor 150 in CPU102 is specific MSR(model related register), its It is only capable of being write by the ACM in AC pattern.Therefore, this register pair is in the OS of mode standard Or be prohibited from for the entity of another like.This specific write cycle time of lock depositor 150 is caused CPU102 generates the unlocking command based on ACM of the safety sent to platform controller hub 118. When the unlocking command of this safety arrives, the logic in platform controller hub 118 will be removed PCH locks depositor 144.When removing PCH and locking depositor 114, platform controller hub 118 Permission writing system managed firmware is stored 130 address spaces.

Once allowing write firmware storage, the firmware image of certification is just surveyed by ACM138 from firmware image Examination storage Unit 148 copy system management firmware storage 130 to.Once copy terminates, ACM138 Can so send lock order subsequently: specific write week by sending another to CPU lock depositor 150 Phase, this write cycle time then cause generate to platform controller hub 118 send safety based on ACM Lock order.When platform component center 118 receive lock order time, in intracardiac logic PCH is set Lock depositor 144, and stop the system management firmware storage 130 any write of reception again.

Aforementioned exemplary in FIG relates to the renewal of system management firmware 132.In another example, Renewal can relate to platform controller firmware 134.

During computer system 100 guides each time, of short duration (that is, interim) can be generated Password.The logic generating this of short duration password can be in CPU102, at system management firmware 132 In or in other unit of computer system 100.Of short duration password generally by operating system at computer Early stage homing sequence before the normal operating of system generates.The of short duration password generated internally stores In temporary password depositor 152 in CPU102.Also the password that this is same is distributed at meter Calculation machine system needs carry out with CPU in the normal operation period any controller of secure handshake or its His equipment.The such as controller of controller equiment 124 can have internal temporary password memory element 154, in order to be stored between boot time password allotment period the password received.Generally it is led through in safety Create, distribute and store this of short duration password during journey to obtain higher safety.Safety is led through Journey may be compromised than the most less, therefore distributes of short duration close during this time Code will make password less may be stolen.

Subsequently, after computer system 100 complete operation (such as, be currently running OS), firmware More new logic 146 can receive the request updating platform controller firmware 134.Please when receiving this When asking, carry out about updating the mirror-image copies identical process to firmware image test memory element 148. Firmware more new logic 146 is called ACM138 and the control of system is passed to ACM138.ACM 138 then certification mirror images, and if successfully have authenticated mirror image, it tries perform firmware and update. But, unlike system management firmware 132, ACM138 does not have platform controller firmware 134 Control completely.

Controller equiment 124 can have the security procedure of himself and the independence being different from CPU102 Operational requirements.Substantially, controller equiment 124 expectation knows exactly which and stores controller firmware The write request in 136 spaces in fact comes from ACM138.In order to create safer proof procedure, ACM138 can send request to controller equiment 124 and perform in controller firmware storage 136 Address space firmware update.This request based on ACM can arrive together with of short duration password.

In order to verify the verity of the ACM138 request received, controller equiment 124 can be by The of short duration password received in the request arrives during the current guiding of computer system 100 with initial The of short duration password stored reached compares.In many examples, in controller equiment 124 More new logic 156 perform this and compare.If two passwords are identical, then controller equiment 124 136 address spaces can be stored to the write open controller firmware coming from ACM138.Otherwise, Lockout controller firmware storage 136 will be kept, and controller equiment 124 can generate instruction safety Certain error message of problem.In many examples, the closeest in order to be maintained in CPU102 The safety of the of short duration password in Code memory 152, is accessed this by ACM138 the most in the ac mode and posts Storage.Further, in many examples, once ACM138 completes the firmware mirror of certification As writing controller firmware stores 136, ACM138 just can then send to controller equiment 124 Follow-up communication, statement updates and terminates, thus controller equiment 124 is known and do not allowed to controller Firmware memory space 136 writes further.

In many examples, ACM can implement rollback protection come for firmware update.Rollback is protected Protect the more recent version being updated simply firmware renewal mirror image limiting platform firmware.In certain embodiments, Firmware image can have the head including firmware version, and the most resident firmware has similar Head.ACM can read two heads, and if new firmware image be that ratio is currently resident in The firmware of the more redaction of the firmware in platform, the most only allows new firmware image is written to firmware storage Unit.

Fig. 2 is locked out platform component center makes it not allow to the write of system management firmware memory space The flow chart of the embodiment of process.Can be performed this process by processing logic, described process logic can To include hardware circuit, software code, firmware code, or the knot of any these three type of process logic Close.Run through whole this document use term " process logic " anything can be effectively with above-mentioned The logic of the combination in any of logic and even other forms realizes.

The process carried out during processor guides by process logic starts from: arranges PFAT pattern and opens The firmware that dynamic position (processing block 200) is come in activating computer system updates protection device.PFAT pattern Start bit may be located in the firmware management depositor in the PCH equipment in computer system.Once set Put PFAT pattern start bit to start PFAT, processed logic and PFAT pattern is then set starts lock Location (processes block 202).PFAT pattern starts locking bit and does not allow to revise PFAT pattern further Start bit.In many examples, PFAT pattern starts locking bit is to draw in each computer system Once position is write when leading.In these embodiments, during computer system resets completely, Ke Yizai Secondary amendment PFAT pattern lock positions.Therefore, start PFAT pattern and then lock PFAT pattern Process will occur during guiding every time.

Although other embodiment the most not shown, but PFAT pattern start bit is write one Secondary depositor, can not be modified in the whole residue vital stage of its computer system after being written. In these embodiments, a PFAT pattern will be write during each computer system guides to start Position, and hereafter whether instruction computer system is had been turned on by (until rebooting computer system) PFAT pattern.This procedure block is as shown in block 200.Further, in these embodiments, PFAT mould After formula startup locking bit writes like that not necessarily like PFAT pattern start bit during bootup process first To forever can not again write.Therefore, procedure block 202 is not must in these alternative embodiments Need.

Once finishing this process, computer platform will continue its bootstrap.

Fig. 3 A shows the flow chart of the embodiment of the process starting security platform firmware more new procedures.

Process logic to start from receiving the request (processing block 300) updating platform firmware.This request can To relate to any type of renewable firmware in whole computer system.Therefore, implement at some In example, this request can relate to system management firmware；In other examples, this request can To relate to platform controller firmware；And in a further embodiment, it might even be possible to be stored in calculating Other types in machine systems/platforms and the firmware of unit.

By processing the unit that the firmware image being associated with request is copied in system storage by logic (process block 302) and continue described process.Depending on the type updated, mirror image can be whole solid Part or be only a part.In many examples, mirror image is encryption.The mirror image of encryption may make Encrypted with the rivest, shamir, adelman that make use of PKI.When setting up system or set up system slightly PKI is supplied to computer system by the rear time.PKI can be securely stored in not writeable storage Device unit, the such as security of system management firmware storage.Return to Fig. 3 A, the most by firmware Mirror-image copies, to system storage, processes logic and uses in storage safe unit in computer systems Useful PKI carry out certification mirror image (process block 304).

Can be come by the logic in ACM that is that call in systems and that run in AC pattern Reason block 304 and block in figure 3 a.ACM is called discussed above is with reference to Fig. 1.Real in many Execute in example, verification process include checking storage immutable PKI in systems with and mirror image together with include PKI match.Security process in computer systems can be used to measure mirror image.Determine mirror As the process of verity can use several forms, but it is desirable to result be confirm mirror image be not subject to Harm.Process logical check mirror image and be the most verified as really (processing block 306).Though it addition, So being shown without, but send firmware image the most in an encrypted form, it may need the ACM can The extra decruption key accessed allows to carry out the deciphering of mirror image before certification.

If the authentification failure of mirror image, then process logic and send error message (processing block 308) to CPU. Such as, process logic can start interruption failure/problem is notified to the certification of mirror image.On the other hand, If success identity mirror image (that is, mirror image is verified as really), then process logic and can enter into figure Process shown in 3B.

Fig. 3 B shows the flow chart of the embodiment of the process continuing security platform firmware more new procedures.

Now in handling process, process logic (such as, the logic in ACM) and unlock platform Firmware memory element allows to carry out writing (processing block 310).It is system in platform firmware memory element In the embodiment of managed firmware memory element (if reference Fig. 1 is mentioned above), demonstrating mirror During verity (in the block 306 in figure 3 a) of picture, the logic in ACM proceeds to unlock PCH is to allow the write to system management firmware memory element.Reside in controller at platform firmware to deposit In other embodiments in storage, need another process to continue to be stored in row write to firmware and enter (at Fig. 4 Described in the process of controller based on firmware).

Return to Fig. 3 B, once unlock platform firmware memory element, process logic and firmware image is copied To platform firmware memory element (processing block 312).Finally, by the mirror-image copies of certification to platform After firmware memory element, process logic and then lock firmware memory element so that no longer allow write Firmware memory element (processes block 314), and terminal procedure.

As the most discussed further, platform firmware storage releasing process depends on the place that firmware stores Unit.In the case of platform firmware storage is system management firmware memory element, releasing process is permissible Require 138 in the ACM(Fig. 1 run in the ac mode) lock depositor (Fig. 1 to CPU In 150) write.In many examples, CPU lock depositor is in CPU(Fig. 1 102) MSR in non-core.The specific write MSR only started by the ACM in AC pattern (WRMSR) order is to CPU lock depositor write.This process then generates for being present in PCH The specific write of PCH lock depositor (in Fig. 1 114) in (in Fig. 1 118).For The writing commands of PCH lock depositor may cause to PCH and stores (in Fig. 1 to system management firmware 130) opening write capability, this will allow ACM by correct for new system management firmware mirror image write Memory element.When terminating write mirror image, similar WRMSR order then can be started to same CPU lock depositor relocks system management firmware storage.

Fig. 4 is the stream of the embodiment of the process updating controller firmware in computer systems safely Cheng Tu.In many examples, the process streams that figure 4 illustrates includes the place for ACM/CPU Reason logic and the process logic of the controller for discussing.Therefore, in order to make process understand Each block of logical process, the left side (left side of heavy dashed lines) of Fig. 4 can represent and ACM/CPU Relevant logic, and the right side of Fig. 4 (the right of heavy dashed lines) can represent relevant to controller Logic.

During the homing sequence of computer platform, process logic based on CPU starts from creating of short duration Password (processes block 400).Of short duration password can be by current system management firmware or in computer system Other logics be randomly generated.Subsequently, this random cipher will be locally stored in by processing logic CPU only has in the addressable memory element of ACM, or is stored in another peace that can be accessed by CPU Full memory element (processes block 402).Such as, temporary password depositor (Fig. 1 in CPU In 152) this of short duration password generated can be stored, and this depositor can only be by AC ACM in pattern is accessed.

Process logic based on CPU then sends of short duration password (processing block 404) to controller.Control Device processed processes logic and still receives of short duration password (processing block 406) during System guides sequence.At this Time, controller processes logic and supposes that of short duration password is effective, this is because system comes into normally Operate and should not have had a chance to be compromised.Process logic then to be entered by the of short duration password received Row locally stored (processing block 408) (such as, can be by of short duration password storage temporary password in FIG In storage 154).At this moment, process logic in the controller waits until that receiving firmware renewal asks Ask.

During this period, returning to Fig. 3 A, entity can ask to update platform firmware (in Fig. 3 A 300), And process logic based on CPU/ACM will carry out, by the block being associated with Fig. 3 A, the control that certification is new Device dedicated platform firmware image processed.Certification mirror image the most, ACM processes logic and will process at Fig. 3 A In next block, and to controller send request update controller firmware, it includes in the request Of short duration password (process block 410).Controller logic receive have by CPU store the ofest short duration The firmware of password is more newly requested (processing block 412).To just receive it follows that controller processes logic Current of short duration password and the credible of short duration password received during bootup process compare and (process Block 414).

If coupling (processing block 416), then controller process logic turn allows for from ACM to control The firmware of device is stored in row write and enters, and sends acceptance renewal response (processing block 418) to ACM. Process logic based on ACM is controlled device more newly arrives continuation by continuing process block in figure 3b Its renewal processes.Otherwise, if it does not match, controller processes logic sends refusal sound to ACM Answer (continuing not allow the firmware to controller to be stored in row write to enter) simultaneously.Logic based on ACM connects Receive refusal response and start faulty sequence (processing block 422).Faulty sequence can be various, such as life Become to interrupt, error flag is set, causes system to be closed, or by management engine (in Fig. 1 128) Other responses such as band external information relating to mistake are sent to information technology administrators.

The element of embodiments of the invention can also be provided for storing the machine of machine-executable instruction Device computer-readable recording medium.Machine readable media can include but are not limited to, flash memory, CD, read-only optical disc Memorizer (CD-ROM), digital universal/video disc (DVD) ROM, random access storage device (RAM), Erasable Programmable Read Only Memory EPROM (EPROM), electrically erasable is read-only deposits Reservoir (EEPROM), magnetic card or optical card, communication media or other kinds of being applicable to store electricity The machine readable medium of sub-instructions.

In description above and claims, it is possible to use term " include " and " comprising " with And their derivative, and it is intended to the synonym used them as each other.Additionally, in following description In book and claims, it is possible to use term " couples " and " connection " and their derivative. Should be appreciated that, it is not intended to these terms are used as synonym each other.On the contrary, implement specific In example, " connection " may be used to indicate that two or more elements are direct physical contact each other Or electrical contact." couple " and may mean that two or more elements are that direct physical contacts or electricity connects Touch.But, " coupling " can also mean that two or more element is not the most directly to connect Touch, but the most still can cooperate or alternately.

In the above description, use certain term to describe embodiments of the invention.Such as, term " logic " represents for performing the hardware of one or more function, firmware, software (or its any group Close).Such as, the example of " hardware " includes but not limited to: integrated circuit, finite state machine, or very To being combination logic.Integrated circuit can be to use following form: the processor of such as microprocessor, specially With integrated circuit, digital signal processor, microcontroller etc..

It should be appreciated that mention " embodiment " or " embodiment " the most in the whole text Mean that the specific features, structure or the characteristic that combine the description of this embodiment are included at least the one of the present invention In individual embodiment.Therefore, it should emphasize and be understood by, the most everywhere twice or repeatedly carry Not necessarily all refer to same to " embodiment " or " embodiment " or " alternative embodiment " One embodiment.Additionally, described concrete feature, structure or characteristic can be the one of the present invention or many Individual embodiment combines in any suitable manner.

Similarly, it should be appreciated that in description to embodiments of the invention above, in order to make Obtain the disclosure smooth to help to understand the one or more purpose in each invention scheme, and sometimes Various features are combined to together in single embodiment, figure or its description.It can however not by this public affairs The extraction of root is construed to react in each claim of aspect ratio that theme required for protection needs clearly The more intention of statement.But, reacted according to claims, the scheme institute of invention The feature relied on is less than single whole features in foregoing disclosed embodiment.Therefore, will be appended hereto The claim described in detail is expressly incorporated in this detailed description.

Claims (16)

1. the method updating computer platform firmware, including:

In the guiding of computer platform, will be located in the more new clothes of the platform firmware in described computer platform Putting the platform firmware armouring technology PFAT pattern that is converted to, wherein, described computer platform includes storing The platform firmware memory element of one platform firmware；

Be converted to PFAT pattern in response to described platform firmware updating device, lock described platform constantly Firmware memory element, wherein, when persistently locking, does not allow any entity to deposit to described platform firmware Storage unit writes, unless after platform firmware updating device unlocking program, by authentication codes mould Block ACM writes.

Method the most according to claim 1, wherein, described unlocking program also includes:

Described platform firmware updating device starts the specific memory to PFAT protection control depositor and writes Entering the cycle, wherein, the described specific memory that described PFAT protection controls depositor causes write cycle Make to be coupled to the controller of described platform firmware memory element accept from described platform firmware updating device to The writing commands in described platform firmware access unit address space.

Method the most according to claim 2, also includes:

Common encryption key is supplied to described platform firmware memory element；

Reception renewal firmware image updates the non-security request of described first platform firmware；

Respond described non-security request, described renewal firmware image is loaded in described computer platform System storage in；

Once firmware image is fully loaded in system storage, then calls described ACM；

Described common encryption key is used to perform the certification of described renewal firmware image；

In response to updating firmware image described in success identity, perform for described platform firmware memory element Unlocking program；And

The firmware image of certification is copied the storage of to described platform firmware single from described system storage Unit.

Method the most according to claim 3, also includes:

When the authentification failure of described firmware image, issue mistake.

Method the most according to claim 3, wherein, described first platform firmware includes system pipes Reason firmware, and wherein, described controller includes platform component center.

Method the most according to claim 3, wherein, described first platform firmware includes controller Managed firmware, and wherein, described controller includes the controller being positioned in described computer platform.

Method the most according to claim 6, also includes:

In the guiding each time of described computer platform,

Generate of short duration password；

Described of short duration password is stored in the safe unit being only capable of being accessed by described ACM；And

Described of short duration password is at least assigned to the controller coupled with described platform firmware memory element.

Method the most according to claim 7, also includes:

Firmware image is updated described in the successfully certification of described common encryption key in response to using, described ACM sends security request to described controller asks license to update described controller management firmware, its In, described security request includes described of short duration password；

Described controller is by the described of short duration password received from described security request and at described computer The described of short duration password received during the guiding recently of platform compares；And

Being identical in response to two described of short duration passwords, it is right that described controller allows described ACM to perform Described controller management firmware is updated.

9. update a device for computer platform firmware, including:

For in the guiding of computer platform, will be located in the platform firmware in described computer platform more New equipment is converted to the module of platform firmware armouring technology PFAT pattern, wherein, described computer platform Including the platform firmware memory element storing the first platform firmware；

For being converted to PFAT pattern in response to described platform firmware updating device, locking is described constantly The module of platform firmware memory element, wherein, when persistently locking, does not allow any entity to described Platform firmware memory element writes, unless after platform firmware updating device unlocking program, by Authentication codes modules A CM writes.

Device the most according to claim 9, wherein, described unlocking program also includes:

Described platform firmware updating device starts the specific memory to PFAT protection control depositor and writes Entering the cycle, wherein, the described specific memory that described PFAT protection controls depositor causes write cycle Make to be coupled to the controller of described platform firmware memory element accept from described platform firmware updating device to The writing commands in described platform firmware access unit address space.

11. devices according to claim 10, also include:

For common encryption key being supplied to the module of described platform firmware memory element；

For receiving the mould of the non-security request updating described first platform firmware with renewal firmware image Block；

For responding described non-security request, described renewal firmware image is loaded into described computer and puts down The module in system storage in platform；

For being once fully loaded in system storage by firmware image, then call described ACM's Module；

For using the module of the certification of the described common encryption key described renewal firmware image of execution；

For in response to updating firmware image described in success identity, perform to store for described platform firmware The module of the unlocking program of unit；And

For copying the firmware image of certification the storage of to described platform firmware from described system storage The module of unit.

12. devices according to claim 11, also include:

For during when the authentification failure of described firmware image, issue the module of mistake.

13. devices according to claim 11, wherein, described first platform firmware includes system Managed firmware, and wherein, described controller includes platform component center.

14. devices according to claim 11, wherein, described first platform firmware includes controlling Device managed firmware, and wherein, described controller includes the controller being positioned in described computer platform.

15. devices according to claim 14, also include:

In the guiding each time of described computer platform,

For generating the module of of short duration password；

For described of short duration password being stored in the module of safe unit being only capable of being accessed by described ACM； And

For the control being at least assigned to couple with described platform firmware memory element by described of short duration password The module of device.

16. devices according to claim 15, also include:

Firmware image is updated described in the successfully certification of described common encryption key in response to using, described ACM sends security request to described controller asks license to update described controller management firmware, its In, described security request includes described of short duration password；

Described controller is by the described of short duration password received from described security request and at described computer The described of short duration password received during the guiding recently of platform compares；And

Being identical in response to two described of short duration passwords, it is right that described controller allows described ACM to perform Described controller management firmware is updated.