TW200931312A - Systems and methods for BIOS processing - Google Patents

Abstract

Methods and systems for Basic Input/Output System BIOS processing such as hashing are disclosed. In one embodiment, there is a direct interface between a security module and a non-volatile memory storing the BIOS in a computing system so that the security module may directly access the BIOS without using the central processing unit CPU as an intermediary. In one embodiment, the security module is powered by standby power and therefore can begin BIOS processing even if the computing system has not yet been turned on.

Description

• doc/n 200931312 IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to computing system security. [Prior Art] Usually, there are three possible power states in a computing system. The first power state is unpowered, which occurs when the computing system is not connected to any power source. The second power state is a standby power state, also known as S〇ft 〇ff e (G2/S5) or sleep (S4 non-volatile sleep) mode, which occurs when the computing system is connected to a power source (eg, plugged into a power outlet) The middle or main battery pack is in the battery pack slot) but the computing system is not turned on (ie, not powered). The third power state is the energized state, which occurs when the computing system is powered (i.e., turned "on"). The reset of the metering system can be, for example, a cold boot host platform reset (which includes, for example, a boot self-test after the computing system is turned on), and a hardware host platform reset (also That is, the reset of the computing system component or the hot (also known as soft) boot host platform reset (ie, the reset caused by the software). After redesigning the system, the next is usually (but not necessarily) a shorter reset period. During the reset period, the host central processing unit CPU in the computing system is not enabled. Basic input / output system (Basic

The Input/Output System, BIOS) is the software code and/or data used by the host CPU in the computing system to initiate the computing system (ie, to start the computing system) after the reset is complete. In order to perform a system integrity check, some or all of the BIOS may be measured (e.g., hashed) after the reset period is over. The BIOS measurement 5 f.doc/n 200931312 line delays the execution of the BIOS and the subsequent loading of the operating system. After the reset period has elapsed, the host CPU may hash some or all of the BIOS. Or, 'After the reset period has elapsed, the host CPU can use another module, which preferably executes the BIOS hash faster than the CPU at this point in time. One type of security module that can be used to check the integrity of the BIOS is the Trusted Platform Module (TPM), which conforms to one or more trusted computing organizations (Tmsted c〇mputing Gr〇up, TCG) ) Specification. In the TCG specification, the static metric trust core (c〇re r〇〇t 〇f trust for measurement, cRTM) is the constant part of the computing device initialization code, and the constant part is in the computing system has been Execute after resetting. The reliability of the host platform (host platform including motherboard, host cpu, host metric trusted root RTM, TPM, and all host peripherals attached to the motherboard) is based on static CRTM. In one implementation, the BIOS boot block is referred to as a static CRTM. After the reset period has elapsed, the static CRTM executed by the CPU initializes the TPM driver, which uses the TPM driver to read, write, and control the TPM. The cpu reads a fragment of BlS (non-static CRTM) and sends this fragment of the BIOS to the TPM for hashing. TPM is a fragment of m〇s. The cpu reads the hashed BIOS fragment and the hashed BI〇s fragment or its function is stored in one or more platform configuration registers pCR in the TPM. Alternatively, the hashed BI〇s fragment or its function is stored in one or more pcRs. 6 ••doc/n 200931312 SUMMARY OF THE INVENTION According to the present invention, there is provided a method for performing BIOS processing of a basic input/output system in a computing system, comprising: storing, in a computing system, a security module stored in a computing system via an interface At least part of the BIOS of the non-volatile sympathetic body, the interface is directly connected to the security module; and the security module processes the at least part of the BI 〇s. ❹

According to the present invention, there is also provided a method of performing BIOS processing of a basic input/output system in a computing system, comprising: the security module in the computing system sensing that standby power becomes available after being unavailable; the security module is then via the interface Reading at least a portion of the BIOS stored in the non-volatile memory in the computing system, the interface directly connecting the secure mode domain non-volatile memory; and the security module processing the at least part of the BI〇s. According to the present invention, the system for further processing of the Bios processing of the basic input/round-out system includes: non-volatile memory storage; security module, which is configured to read and delete to == configured To process at least a portion of the Bi〇s; and the interface is directly connected between the security module and the non-volatile memory. , Tongming 'further-step-provided - a security module for the basic wheel / output system 'S processing, including: the sensor, which is used to read at least part of the BI0S trigger; Group ^Wei &' to read the charm of BI〇S through the interface from the non-volatile bet after the induction H has sensed the trigger, which is connected to the non-volatile memory and security module. And the processing module is configured to process at least a portion of the BIOS that is read. , . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The term nasal system as used herein includes any system including a basic input/output system (BIOS). Some embodiments of the present invention are primarily disclosed as a method, and those skilled in the art will understand that devices such as conventional data processors incorporating databases, software, and other suitable components may be programmed or otherwise It is intended to facilitate the implementation of some of the method embodiments of the present invention. Some embodiments of the invention may be used to implement the operations herein, such as a processor, a device, a nasal system, a computer, a device, a system, a subsystem, a module, a unit, an engine, or the like, in the singular or plural. These terms, where appropriate, refer to any combination of software, hardware and/or firmware configured to perform the operations defined and explained herein. A module (or corresponding term specified above) may be specifically constructed for a desired purpose, or it may include a general purpose computing system that is selectively enabled by a computer stored in the computing system. Or reconfigure. This computer program can be stored in a computer readable storage medium. The methods/processes/modules (or corresponding terms specified by j) presented in these embodiments, as well as the display, are not intended to be any particular or other device, and are otherwise assigned. Various general-purpose systems: root=text teaching and programming, or for constructing more specialized devices to perform the desired method. A computing system architecture 100 in accordance with an embodiment of the present invention. ° V,,, G include · host central processing unit CPU (also known as processing 200931312 f.doc / n or microprocessor) 102; non-volatile memory i 〇 4, which stores at least BIOS; security module 1〇6; and the remainder of the computing system 1〇8. In one embodiment, non-volatile memory NVM 104 is any suitable memory with write capability that preserves its content when powered down. Examples include: electrically erasable and programmable read-only memory EEPR〇M, random access memory RAM powered by battery pack, flash memory, semiconductor memory, magnetic memory, optical memory, and above. Any combination of items, etc. The NVM 104 includes 31 〇 3 used by the host cpu to start the computing system. Depending on the embodiment, the NVM 104 can store BI〇s code and/or data. It should be noted that the term "BI〇s," as used herein, refers to BI〇s code and/or data (where appropriate). NVM 1〇4 may also store other items as appropriate. For example, in one embodiment, The NVM 1.4 also stores the code and/or data used by the security module 106. In an embodiment, as will be described in more detail below, the security module 106 is configured to process some of the BIOS or All. The type of processing is not limited by the present invention. The present invention does not impose any limitation on any effect that BIOS processing may have on subsequent operations of the computing secret. Depending on the embodiment, the security module 106 may or may not have The BIOS handles extra-independent functionality. In some embodiments, the security module 106 can be considered a Trusted Platform Module (TPM)' because it conforms to one or more Trustworthy Computing Group (TCG) specifications. The specification is modified from time to time, except for the portion (if any) that conflicts with the description herein. For example, in one of these embodiments, 9. doc/n 200931312, the security module 106 Can be considered as TPM, this is due to its Any of the following specifications, previous versions, or future versions thereof, except those that conflict with the description of this document, if any: www.trustedcomputinggroup.org/specs/TPM/Main_Partl_Re v94.zip , www. trustedcomputinggroup.org/specs/TPM/Main_Part2_Re v94.zip , φ www.tmstedcomputinggroup.org/specs/TPM/Main_Part3_Re v94.zip , www.trustedcomputinggroup.org/groups/pc_client/TCG_PCC lientTPMSpecification_l-20_l-00_FINAL.pdf , www. Trustedcomputinggroup.org/groups/TCG_l_0_Architecture_Overview.pdf, and www.tmstedcomputinggroup.org/specs/PCClient/TCG_PCCli entImplementationfor BIOS_l.20_1 -00.pdf. These specifications are hereby incorporated by reference. In these embodiments In one of the cases, Bi〇s © is a TCG compliant BIOS. As is known in the art, block 108 includes all other modules, including those for any particular embodiment of the computing system. Physical Platform 0 As illustrated in FIG. 1, host CPU 102 interfaces with NVM 104, security module 1〇6, and block 1〇8 via one or more interfaces 122. Letter. In the computing system 100, because the security module 1〇6 is directly interfaced to the NVM 104 through the interface 132, the security module 1〇6 accesses the NVM 104 autonomously without T.doc/n 200931312 depending on the CPU 102. In some embodiments, interface 132 includes one or more sidebands, where the sidebands represent interfaces that do not use host computing system resources. For example, interface 132 can include one or more separate connections, or one or more special protocols for existing connections can be used. In one of these embodiments, the interface 132 includes one or more computer bus bars that are separate from the bus bar 122. In one of these embodiments, the interface 132 includes a busbar that is faster than the busbar 122. For example, in one of these embodiments, bus bar 122 can include a low pin count LPC bus bar, and interface 132 can include a serial peripheral interface SI > In another example, the interface 132 includes one or more direct connections via the bus bar 122 (ie, the 'bus bar 122 is adapted to include a direct connection 132 between the NVM 104 and the security module 1〇6). . In one embodiment, the security module 106 is in the same physical package as the NVM 104. The integration of the security module 106 with the NVM 104 provides additional tamper-resistant protection in this embodiment because the attacker cannot use the compromised, unobtained platform manufacturer without changing the ampere module 丨〇6. / or the BIOS version of the NVMl4 is replaced by the BIOS version that the owner authorizes and/or agrees to use. Thus, this integration provides protection, for example, against resend attacks (i.e., attempts to resend older versions of BIOS). Depending on the situation, it is assumed that other items are also stored in the NVM 104. The use of the security modules 1〇6 and NVM 1〇4 in the same physical package also better protects at least some of these other items from tampering. 2 discloses another computing system architecture 11 .doc/n 200931312 200 in accordance with an embodiment of the present invention. Similar to computing system loo, computing system 2 includes host CPU 102, BIOS NVM 104, security module 106, and remaining portion 108 of the computing system as described above, and modules 1〇2, 1〇4, 1〇6 And each of 108 may be comprised of any combination of software, hardware, and/or firmware capable of performing the functions defined and explained herein. However, in computing system 200, CPU 102 is coupled to security module 106 and block 108 via one or more interfaces 222. In computing system 2, CPU 102 is not connected to NVM 104 by interface 222, but instead CPU 102 is indirectly connected to NVM 104 via security module 106. In some embodiments, 'interfaces 122, 222 include one or more computer busses. Depending on the embodiment, interfaces 122, 222 may include, for example, an LPC bus, an ISA bus, a PCI bus, any combination of the above, and/or any other suitable bus. In computing system 200, because security module 〇6 is directly interfaced to NVM 104' via interface 232, security module 〇6 autonomously accesses NVM 104 without relying on CPU 102. In some embodiments, interface 232 includes one or more sidebands, wherein the sideband table does not use an interface of the host computing system resources. For example, interface 232 can include one or more separate connections, or one or more special protocols can be used on existing connections. In one of these embodiments, interface 232 includes one or more computer busses that are separate from bus bar 222. In one of these embodiments, interface 232 includes a busbar that is faster than busbar 222. For example, in one of these embodiments, bus bar 222 can include a low pin count LPC bus bar, and interface 232 can include a string perimeter 12 f.doc/n 200931312 interface SPI. In another embodiment, the interface 232 includes one or more direct connections via the busbar 222 (i.e., the busbar 222 is adapted to include a direct connection 232 between the nvm 104 and the security module 110). To simplify the description, interfaces 122, 132, 222, 232 are referred to hereinafter as singular forms of interfaces 122, 132, 222, 232 and should be understood to include the presence of a single interface 122, 132, 222, 232. And an embodiment of a plurality of interfaces ❹ 122, 132, 222, 232. Method embodiments that may be specifically implemented by computing system 100 and/or computing system 2 will now be presented. FIG. 3 illustrates a flow diagram of a method 300 for BI〇s processing in accordance with an embodiment of the present invention. In one embodiment, method 3 is performed by a security module. Depending on the embodiment, the security module 1-6 that performs the method 300 may only have power after the computing system 100 or 200 has been turned on, or may have standby power (meaning that as long as the computing system 100 or 2 is connected to The power source, for example, is plugged into a power outlet or the main battery pack is in the battery pack slot, and the security module 106 is powered, regardless of whether the computing system 1 or 2 is turned "on". In stage 302, the security module 106 senses that the computing system 1 or 200 has been reset (i.e., there is a host reset). For example, in one embodiment, when the computing system 1 or 200 is reset, the security module 106 receives the LRESET input signal. For example, in an embodiment; the security module 106 proceeds to stage 304 immediately after sensing that the computing system has been reset (ie, possibly even during the reset period), however, in another 13 f.doc /π 200931312 In an embodiment, there may be a time lag between phase 302 and phase 304. In stage 304, security module 106 reads the BIOS fragment from NVM 104 via interface 132 or 232 and processes the read BIOS fragment in stage 306. In some embodiments, BIOS processing in stage 306 includes measuring the BIOS segment being read. In some of these embodiments, the BIOS measurement includes a BI 〇 s fragment that is hashed. In general, hashing includes the application of a one-way function, which makes it impossible for an attacker to determine the specific input message for the hash result and the ability to replace the different input messages that will produce the same measurement result. For example, in some embodiments where there are hashes, the hash function for the BI〇s segment read by the hash is based on the NIST published by the National Institute of Standards and Technology, US Government Standards Agency. The SHA standard. Continuing with one of these embodiments, the SHA-1 cryptography is used in particular. In other embodiments, security module 106 may additionally or alternatively perform other processing of some or all of the BIOS. In optional stage 308, the BIOS processing (e.g., BI〇s hash), σ fruit, or a function thereof is stored in memory, such as security module. The processing results or their functions can be sent to the memory for storage, for example, by the security module 106. In one embodiment of the security module 〇6, ΤΡΜ in step 308, the hash result is stored in a τρΜ state transition PCR, such as PCR(9) and/or pcR(1), in the embodiment, in the embodiment, the security mode Group 106 in step 304 reads a segment of BI〇s from NVM via interface f.doc/n 200931312 m or 232, processes the segment read in phase. and optionally in security module 1 % reads before the other part of BI〇S (that is, 'before the other-segment repeating stages 304, 306 and optional 308) will be in the middle of the stage 3〇8

The result or its function is a bribe. In the case of the other, the security module 1〇6 reads the self from the NVM 104 via the interface i32 before performing any of the stages 3G4 -: owed, and before processing any of the ship s segments of the mosquito inspection process. And other fragments. In another embodiment, all m〇s segments designated for processing by security module 106 can be read and processed together in a single execution of stages 3〇4 and 306. In one embodiment, the results of the inter-tray processing from each BIOS segment or its function and, ultimately, the results or functions thereof (derived from the processing of all segments that contribute to the final result) may be stored in memory in stage 308, In yet another embodiment, only the final processing result or its function is stored in memory in stage 3〇8. In another embodiment, stage 3〇8 may be omitted and the processing result or its function may not be stored. In one embodiment, only fragments of the BIOS code are read and processed. In another embodiment, only segments of BI〇S data are processed. In another embodiment, the BI〇s code segments are read and processed in a manner separate from the BIOS data fragments, and thus an independent final processing result is obtained. In another embodiment, the final processing result may represent processed fragments from the BIOS code and data. In another embodiment, there may be any number of final processing results, each of which represents processing of a portion of the BIOS code and/or data. 15

Woc/n 200931312 Fragment == 106 is some embodiments of the TPM, and the result is stored in pcr (or another - memory bit 2 in the implementation of the money, for the designated processing body) The results of the Jin dynasty complex and the previous storage to the double-memory 2 repeated iterations are combined with the confusing result 2 in series and hashed (updated) results. Hash and store are repeated 'up to the full designated Bios for processing by TPM

The final result is stored in PCR t (or another memory ^. In one of these embodiments, all of the BIOs are mixed into a final result (ie, all of the BIOS are specified to be processed by the TPM) In an embodiment, any stored processing results or functions thereof are safe. For example, security may result from the nature of the delta memory location used for storage in stage 308, ie, Because the memory is protected. In another example, 'security may additionally or alternatively result from the nature of the operations used. Continuing with this example, the expansion of the results described above may, in some cases, contribute to the storage. Processing the security of the results or their functions. In some embodiments, after the computing system 100 has been reset and the reset period has elapsed, the CPU 102 can check whether the security module 106 has initiated or is starting the process 300, and If the security module 1 〇 6 does not start, the CPU 102 can execute a static CRTM to initialize the drive, which is used by the host CPU to read and write the security module 1 〇 6 in these embodiments. And control. CPU can At least a portion of the BIOS designated for processing is read via bus bar 22 and the read bios are provided to security module 106 for processing in stage 306. In one of these embodiments, An 16 f.doc/n 200931312 full module 106 can then read any unread BIOS designated for processing via interface 132. In the other of these embodiments, once CPU 102 has read Upon at least part of the BIOS designated for processing, the CPU 102 continues to read any unread BIOS designated for processing. In another embodiment, the computing system 100 or 200 has been reset and reset. After the period has elapsed, the CPU 102 can check whether the security module 1〇6 has started or is starting the process 300, and if not, the CPU 102 can instruct the installation module 106 to start the process 300 (for example, Stage 304 begins. In an embodiment, CPU 102 may use a predetermined command or signal (which may be vendor specific in some cases) to check if security module 1 〇 6 has initiated or is starting the process. 300. In another embodiment, the CPU 102 does not check whether the security module ι〇6 is The process 300 is initiated or is beginning, and it is assumed that the security module 〇6 has executed or will execute the method 300. In an embodiment, any BIOS segment designated for processing by the security module 106 is executed at the CPU 102. Previously, this segment was processed as in any of the stages 304, 306, and/or 308 of the method 300 described above. In another embodiment, the CPU 1〇2 is designated for use by the security mode. Prior to any BIOS segments processed by group 106, all of the BIOS segments designated for processing are processed as in any of stages 3〇4, and/or 308 of method 3 described above. In an embodiment, cpu 1〇2 executes the bi〇s segment only if the processing result of the bi〇s segment meets a predetermined criterion, or only when all BI〇s segments specified for processing meet the predetermined criteria The CPU 102 executes the m〇s slices=; 17 f*doc/n 200931312 In another embodiment, there is no predetermined criterion and/or there is no evaluation of whether the processing result of the BIOS segment meets the predetermined criteria, and cpui 〇2 Therefore, the processed BIOS fragment can be executed regardless of the processing result. By way of a description of various embodiments of method 300, the reader will apparently appreciate that the presence of interface 132 or 232 enables security module 1 6 to control BIOS read and/or control in stage 304 in some embodiments. Method 3 随后 subsequent stages. In these embodiments, the security module can directly access the 104 财 104 without requiring the CPU 102 to act as an intermediary between the security module 〇6 and the NVM 104 (i.e., if the security module 1 〇 6 The communication between ^^]^1〇4 is instead made only by connecting the CPU丨02 to the busbar of each of the security module i〇6 and the NVM 104, the CPU will be an intermediate) . Thus, in such embodiments where direct access is made by the security module, the BI〇S read is typically (but not necessarily) faster than if the CPU 102 were acting as an intermediary. In one of these embodiments, the use of 'interface 132 or interface 232 allows for faster communication than the busbar, and the busbar would otherwise be connected to or exactly connect the intermediate CPU 102 to the security module 106 and Each of the NVMs 104, so in comparison, 'BIOS reads may be usually (but not necessarily) accelerated a lot. In one embodiment of the security module 106 in the initial phase 304 of the reset period, the BIOS processing of the method 300 may in some cases be performed more than one must wait until the CPU 102 has ended to initiate a BIOS read during the reset. The way is faster. In other embodiments of method 300, method 300 is performed only after the computing system of some type(s) is reset. In these other embodiments, in stage 302, the security module 1〇6 is configured to sense some type(s).

1S f.doc/n 200931312 resets 'and the remainder of method 300 is performed only after sensing a predetermined type of reset. For example, in some of these other embodiments, 'Security Module 1〇6 is configured to sense a cold start host reset, and only when a cold boot host reset is sensed in stage 3G2, Execution method 3 〇〇 = remaining part. In one of the other embodiments, the security module 106 monitors both the power signal (VDD) and the LRESET signal, and if both are determined, the security module knows that a cold start has occurred. ❹域纽. In some of these other embodiments of the execution of the type(s) after only one (some) type of calculation (four), the method 3 (9) can be executed more times than the type 3 method. The situation is less. 4 is a flow diagram of a method for BI〇s processing in accordance with an embodiment of the present invention. In an embodiment, method 400 is performed by security module 110. In stage 402, the security module 106 senses that the standby power button has become available (i.e., after being unavailable). For example, when computing system i00 or 20A is plugged into or returned to an active power outlet or when a battery pack that powers computing system 100 or 200 is placed or repositioned into a battery pack slot' Standby power may become available. Once the standby power becomes available, the security module 106 can operate. Therefore, in stage 404, the security module 106 is from Nvm via interface i32 or 232.

W4 reads the BIOS fragment and processes the read BI fragment in stage 406. In some embodiments, stage 406 performs the actions performed as stage 3〇6. In optional stage 408, the "d〇c/n 200931312 action performed as in stage 3〇8 is performed. &<>> in some embodiments' may be passed through a computing system or 2〇〇 after obtaining the final processed BIOS results. In one of these embodiments, the security module 106 completes obtaining the most reasonable BlsS results before the CPU 1〇2 executes BI〇s. In the other of these embodiments, the CPU 1 〇 \ can initiate execution of any BIOS = segments that have been read and processed by the security module 106. In an embodiment, the CpU 102 executes the BIOS fragment only when the processing result of the BIOS fragment conforms to the pre-wire, or only when the final processing result of all the BIOS segments designated by the processing 1 meets the predetermined criterion, the CPU 102 executes these BI〇s fragments. In another embodiment, there is no predetermined criterion and/or there is no evaluation of whether the processing result of the m〇s fragment meets the predetermined criterion, and the CPU 1〇2 can thus perform the BI〇s fragment regardless of the processing result. In some embodiments in which the security module 106 has not initiated execution of the method 4 before the computing system 1 is turned "on" and the reset period has elapsed, the CPU 1〇2 can execute a static CRTM to initialize the drive, the driver In this embodiment, the host CPU is used to read, write, and control the security module 1〇6. The CPU can read at least a portion of the BIOS designated for processing via bus bar 122 and provide the read Bi〇s to security module 106 for processing in stage 406. In one of these embodiments, the security module 106 can then read any unread BIOS designated for processing via the interface 132. In the other of these embodiments, once the CPU 102 has read at least a portion of the BIOS designated for processing, the CPU 102 continues to read any unread BIOS designated for processing. In one of the real 20 £doc/n 200931312 embodiments, after the computing system 100 has been turned on and the reset period has elapsed, the CPU 102 checks if the standby power has been removed and resumed, and only if it has been moved In addition to and in returning standby power (which in this embodiment should cause the security module 106 to perform the triggering of the method 400), the CPU 102 reads at least a portion of the BIOS designated for processing. In other embodiments t, after the computing system 100 or 200 has been turned on and the reset period has elapsed, the CPU 102 may check whether the security module 1 〇 6 has started the process 400 ' and if not, the CTU 102 may The security module 106 is instructed to initiate process 400 (e.g., beginning with stage 404). For example, in one of these other embodiments, CPU 102 can use a predetermined command or signal (which in some cases can be vendor specific) to check if security module 106 has started or is positive. The starting process is 4〇〇. In one of these other embodiments, the CPU 102 first checks if the standby power has been removed and resumed, and only if the standby power has been removed and resumed (which in other embodiments should be to have the security module 106 When the triggering of method 400 is performed, CPU 102 instructs security module 106 to initiate process 400 (eg, starting with stage 404). In another embodiment, the CPU 102 does not check whether the security module 106 has started or is starting the process 400, and assumes that the security module 106 has performed or will perform the method 400. By the description of the various embodiments of method 400, it is apparent to the reader that the presence of interface 132 or 232 enables security module 1 6 to control the BIOS read and/or control method in stage 404 in some embodiments. The subsequent stages of 400. In these embodiments, the security module 1〇6 directly accesses the ^1乂4〇4 without requiring the CPU 102 to act as a 21 f.doc/n 200931312 intermediate between the security module 1〇6 and the NVM 104. (That is, if communication between the security module 106 and the NVM 104 is instead only via a bus that connects the CPU 102 to each of the security module 106 and the NVM 104, the cpu 1〇2 will necessarily For the intermediate). Thus, in such embodiments where the security module 106 accesses NVM 1 〇 4 directly, the 'BIOS read is usually (but not necessarily) faster than if the CPU 102 were acting as an intermediary. Using interface 132 or interface 232 allows for faster communication than busbars that would otherwise be connected to or specifically connect intermediate CPU 102 to each of security module 106 and NVM 104. In one case, in comparison, m〇s reading may be usually (but not necessarily) accelerated a lot. It is also apparent to the reader that it is performed by the security module 1〇6 during any time lag between the standby power becoming available (or available again) and the computing system 1〇〇 or 2〇0 being switched on. Any BI〇s processing in some cases translates to less (or no) BIOS processing after the computing system 100 or 2 is turned on, and thus typically (but not necessarily) a faster boot process. For example, BIOS processing by the security module may specifically include any of stages 404 through 408. In embodiments where the time lag is sufficient to allow stages 402 to 408 to be completed before the computing system 1 or 2 〇 is turned "on", the startup process typically (but not necessarily) saves the time required to complete those stages. In some embodiments, since the reading of BI〇s is triggered by sensing the newly available standby power, the method 4〇〇 can be executed fewer times than the method 300, assuming a reset of the computing system 100 or 2〇〇 (or reset of trigger type) occurs more frequently than standby power becomes available (ie, 22 '•doc/n 200931312 compute system 100 or 200 socket or main battery pack returns to power outlet / battery pack slot weight Design calculation system 1〇〇 or 2〇〇 occurs less frequently). As noted above, depending on the embodiment, the final BI〇s processing results and/or intermediate BIOS processing results may or may not be used. The present invention does not impose restrictions on whether to use the BIOS processing results or how to use the BI〇s processing results. In one embodiment, once the CPU 102 is enabled (i.e., after the reset period has elapsed), the security module 1〇6 can determine the interrupt line to indicate that the m〇s processing result is available. In another embodiment, once cpTJ 1 〇 2 is enabled, cpu Ο Ο 102 can poll and thereby understand that the 〇 8 processing result is available. In some embodiments, the security module 106 can perform additional functions using the final BI〇s processing results and/or the care of the towel. To further motivate the reader to describe some of the possible applications in which the BIOS processing results can be used, the described application should not be construed as being required and/or limiting: In some embodiments, the 'Security Module 1Q6 can Provide protected storage services 'This is similar to the known possible functionality of TPM. In such embodiments, the security module 106 can seal the data using the content of one or more memory locations (eg, H in the PCR in the TPM - or more) ). To clarify, one of the scale embodiments includes: and/or includes, for example, the = in the PCR (0). The security module 1G6 returns a representation _ and is required to open the blGb. The security module is only protected by one or more contents of the specified memory location before the specified content is the same as the sealing period. In some embodiments, the security module 106 can perform an RSA private secret operation, which is similar to the known possible functionality of the UI. For example, in one of these embodiments, the security module 106 can maintain a private secret record, and if the caller is authorized to use the private key, the caller can command the security module 106 to use This secret is used to mark the current location of one or more memory locations.

A snapshot of the content (which may, for example, include final and/or intermediate BIOS processing results). In an embodiment, the security module 106 relies on BitlockerTM Drive

Encryption (BitlockerTM Drive Encryption), which is similar to the known possible functionality of TPM. The Microsoft® Windows VistaTM operating system includes BitlockerTM Drive Encryption > BitlockerTM Drive Encryption uses a root secret to encrypt the operating system of the hard drive in an implementation, and relies on the TPM to constrain the storage of such root secrets. take. Depending on the bios hash results and other hash results, the TPM unlocks the root secret order, allowing the operating system to load or not unlock the root secret order. More information is provided, for example, at http://technet.microsoft.eom/en-us/windowsvista/aa906017.a spx', which is hereby incorporated by reference. In an embodiment, depending on the final BIOS processing results and/or intermediate BIOS processing results, computing system 100 or 200 may be permitted to continue to boot or may be prevented from continuing to boot.

In one embodiment, depending on the final BIOS processing results and/or intermediate BIOS processing results, the computing system software may or may not rely on the BIOS 24 £doc/n 200931312 (wherein not including, for example, in an alternate mode) start up).

In one embodiment, the final BIOS processing results and/or intermediate BIOS processing results can be used to extract a snapshot of the system security state or to unlock the encrypted protected material in the security module 106. Figure 5 is a block diagram of a security module 1〇6 in accordance with an embodiment of the present invention. In the illustrated embodiment, the security module 106 includes an inductive module 502, an extraction module 504, a processing module 506, and a memory 508. Each of modules 0 502, 504, 506, and 508 can be constructed of any combination of software, hardware, and/or firmware capable of performing the functions defined and explained herein. To simplify the description 'memory 508 is disclosed as a unit', security module 106 may, in some embodiments, include different types of volatile and/or non-volatile memory, and/or multiple memory sets. For example, in one embodiment, memory 508 can include any of the following: a scratchpad, a temporary memory input and input buffer, and/or a protected memory location. In the illustrated embodiment of the security module 106, the sensing module 502 is configured to sense triggering of the methods 300 and/or 400. For example, the sensing module 502 can be configured to sense the availability of previously unavailable standby power in stage 402, and/or can be configured to sense a computing system reset (or a particular type of weight) in stage 302. Assume). After the sensor 502 has sensed the trigger, the extraction module 504 is configured to directly access the non-volatile memory 104 via the interface 132 or 232. As mentioned previously, in one embodiment, the non-volatile memory 104 may be in the same physical package as the security module 106, but is not illustrated in Figure 5. The extracted BIOS fragment is processed by 25 r.doc/n 200931312 = module 506. In an embodiment, the processing module 5〇6 includes a hash module that performs, for example, the final result and/or processing of the intestine old code 1 mos processing (eg, 'heavy processing') (eg, , or a plurality of intermediate results may be in the embodiment of the memory towel. In: real _ towel, in addition to money II 5G2 configured i for phase 3G2 $ 402 induction trigger, sensor s () 2 can also be configured to sense (for example) when cpu 1 〇 2 is enabled, so that the security mode Group 1〇6

It is possible to confirm that the reset cycle has ended and the final BIqs process results in the interrupt line of the CPU 102. In some embodiments of the invention, the security module 116 may include fewer, more, and/or different modules than those shown in FIG. For example, in one embodiment, the security module may additionally or alternatively include, in particular, a module for generating and/or protecting a cryptographic key, and/or a random number generator module. In other embodiments of the invention, the functionality of the security module 106 described herein may be variously divided into the modules of FIG. In other embodiments of the present invention, the functionality of the security module 1 〇 6 described herein may be divided into fewer, more, and/or different modes than those shown in FIG. The set of modules 'and/or security modules 1-6 may include additional functionality or less functionality than described herein. In other embodiments of the invention, one or more of the modules shown in Figure 5 may have more functionality than described, less, and/or different functionality than the described functionality. For example, in an embodiment, the processing module 506 can perform additional functions, such as sealing/unsealing, tag snapshots, constraint-to-density access, RSA private key operations, etc., or One of the additional functions 26 f.doc/n 200931312 or more can be executed elsewhere in the security module 1〇6. In some embodiments of the present invention, since the security module 106 is directly interfaced to 1〇4 via the interface 132 or 232, 1〇4

The BIOS executed by CPU 102 in G may exclude any code and/or information associated with the functionality performed by security module 1.6 without being executed by CPU 102. For example, in one of these embodiments, the BIOS in NVM1〇4 may exclude code and/or data associated with invoking cpu to read a segment of BI〇s (because of security module 1) 〇6 alternatively reads this (etc.) fragment, and/or may exclude code and/or material associated with invoking the CPU to send the BI〇s fragment to the security module (eg, TPM). In another implementation, the code and/or data associated with the CPU 102 is invoked to read a segment of the BIOS (alternatively read by the security module 106), and/or the cpu 102 is invoked to send the (4) s fragment to The procedure associated with the safety model address 1〇6 and/or the data is included in the m〇s just in the elbow. For example, the read and/or feed code and/or data may be included in the BIOS towel in the nvm 104 to maintain backward compatibility. As another example, reading and/or feeding code and/or material may be included in BI〇s in NVM 104, as in some embodiments 'CPU 1〇2 may have some 'If the security module 1G6 can not start or the method 3 (8) or the nature of the deletion and will be deleted from the security module 106 brain. ^ ί, according to the present invention, may be a computer program of a properly programmed electrical method. The present invention further encompasses a machine readable book = 27 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 2 is not subject to restrictions. Numerous modifications, changes, and improvements within the scope of the invention are apparent to those skilled in the art. [Simple description of the map]

1 is a block diagram of a system with BI〇s in accordance with an embodiment of the present invention. Figure 2 is a block diagram of a computing system with m〇s in accordance with an embodiment of the present invention. 3 is a flow chart for m〇s processing in accordance with an embodiment of the present invention. 4 is a flow chart of a process for m〇s processing in accordance with an embodiment of the present invention. Figure 5 is a block diagram of a security module in accordance with an embodiment of the present invention. [Main Component Symbol Description] 100: Computing System Architecture/Computation System 102: Host Central Processing Unit cpu 104: Non-volatile Memory 106. Security Module 108. s Ten System Remaining Part/Block 122: Interface/Confluence Row 132: Interface/Direct Connection 200: Computing System Architecture/Computation System 28 200931312 f.doc/n

222 Interface/Bus 232 Interface/Direct Connection 300 Method/Process 302 Stage 304 Stage 306 Stage 308 Stage 400 Method/Process 402 Stage 404 Stage 406 Stage 408 Stage 502 Sensing Module/Sensor 504 Extraction Module 506 Processing Module 508 :Memory

29

Claims (1)

F.doc/n 200931312 X. Patent application scope: 1. A method for performing basic input/output system BI〇s in a computing system, comprising: exhaustive memory; and one of the computing systems The security module reads, via the interface, a small portion of the BIOS stored in one of the non-volatile memory in the computing system, the interface directly connecting the security module and the non-swing The security module processes the at least a portion of the BIOS. 2. The method of claim 1, wherein the security module is configured to operate with standby power, the method further comprising: the security module senses that the standby power becomes unavailable after being unavailable. The reading may be initiated after the standby power becomes available. 3. The method of claim 1, wherein the processing comprises measuring. 4. The method of claim 3, wherein the measuring comprises hashing. 5. The method of claim 1, further comprising: the security module sensing that the computing system has been reset; wherein the reading is initiated after the computing system has been reset . 6. The method of claim 5, wherein the reading is initiated only when the computing system has been reset by a cold start reset. 7. The method of claim 5, wherein the security module is provided with standby power. The method of claim 5, wherein the module has power after the computing system has been turned "on". 9. The method of claim 5, wherein the reading is initiated during a reset of the computing system. 10. The method of claim 1, further comprising: said security mode - at least the result of said processing or a function thereof being stored in a memory in said security module.丨1. The method of claim 1, further comprising: after the computing pure has been reset, the central processing unit in the computing system performs the excitation at - time At least a portion of the s, the time point is greater than the portion of the BI〇s that must be read by the central processing unit if the computing system has been reset and the Bi〇S The time is at least partially provided to the security module for processing. 12. A method for performing a basic input/output system Bls processing in a computing system, comprising: 〇 in the itrj· computing system—the security module senses that standby power becomes available after being unavailable; The security module then reads at least part of the BIOS stored in one of the non-volatile memory in the computing system via an interface, the interface directly connecting the security module and the non-volatile memory; And the security module processes the at least part of the BI〇s. 13. The method of claim 12, wherein the doc/n 200931312 includes a hash. 14. A system for basic input/output system BI〇s processing, comprising: a non-volatile memory configured to store BI〇s; a security module configured to read said At least a portion of the BI 〇s and configured to process the at least a portion of the 〇 8; and a " face that is directly coupled between the security module and the non-volatile memory. 15. The system of claim 14, further comprising: a central processing unit; and an interface coupled between the central processing unit and the security module. 16. The system of claim 15 further comprising: an interface coupled between the central processing unit and the memory. The system of claim 16, wherein the interface between the security module and the non-volatile memory is configured to allow a ratio to be connected to the order The central processing unit communicates faster with the interface of the non-volatile token or faster than the interface between the central processing unit and the security module. The system of claim 16, wherein the central processing unit is configured to initiate execution at a point in time after resetting, the at least part of said The at least 32 doc/n 200931312 points that the central processing unit is configured to read the BIOS after the resetting are provided to the security module entry plan 14 item, wherein The An Wang Moguang, the non-core memory is included in the same-physical package. ^The system of claim 14, wherein the An Wang module group _ is not available _ Taking at least the portion of the BIOS. The start-sell group then includes a safety mode sensor for the basic wheel input/output system BI〇S processing 'which is configured to sense a trigger for reading at least part of the BIOS; - an extraction module' Configuring to read the at least portion of the BIOS via an interface from one of the BI〇s non-volatile memory after the sensor has sensed the transmission, the interface being directly connected to The forwarding is recorded between the security modules; and a processing module is configured to process at least a portion of the reading of the BI〇S. 22. The security module of claim 21, wherein the trigger is the availability of standby power after it is not available. 23. The security module of claim 21, wherein the trigger is a reset of a computing system including the security module. The security module of claim 21, wherein the triggering is at least one of at least one predetermined type of resetting of the computing system including the security module. The security module of claim 21, wherein the processing module is configured to hash at least a portion of the read of the BIOS. 26. The security module of claim 21, further comprising: a memory configured to store at least one result or a function of the process. 27. The security module of claim 21, wherein the module conforms to a trusted computing organization specification. 34