TWI467485B - Verification of the basic input and output system update method, the computer can read the recording media and computer program products - Google Patents

Verification of the basic input and output system update method, the computer can read the recording media and computer program products Download PDF

Info

Publication number
TWI467485B
TWI467485B TW100119729A TW100119729A TWI467485B TW I467485 B TWI467485 B TW I467485B TW 100119729 A TW100119729 A TW 100119729A TW 100119729 A TW100119729 A TW 100119729A TW I467485 B TWI467485 B TW I467485B
Authority
TW
Taiwan
Prior art keywords
file
basic input
program
firmware
output system
Prior art date
Application number
TW100119729A
Other languages
Chinese (zh)
Other versions
TW201250592A (en
Original Assignee
Insyde Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Insyde Software Corp filed Critical Insyde Software Corp
Priority to TW100119729A priority Critical patent/TWI467485B/en
Publication of TW201250592A publication Critical patent/TW201250592A/en
Application granted granted Critical
Publication of TWI467485B publication Critical patent/TWI467485B/en

Links

Landscapes

  • Stored Programmes (AREA)

Description

驗證基本輸入輸出系統之更新的方法、電腦可讀取之記錄媒體及電腦程式產品 Method for verifying the update of the basic input/output system, computer readable recording medium and computer program product

本發明有關於一種驗證基本輸入輸出系統之更新的方法、電腦可讀取之記錄媒體及電腦程式產品,特別有關於一種在通用可延伸式韌體介面之環境下驗證基本輸入輸出系統之更新的方法、電腦可讀取之記錄媒體及電腦程式產品。 The present invention relates to a method for verifying an update of a basic input/output system, a computer readable recording medium, and a computer program product, and more particularly to verifying an update of a basic input/output system in an environment of a universal extendable firmware interface. Method, computer readable recording medium and computer program product.

電腦具有一般熟知之基本輸入輸出系統(即BIOS,Basic Input Output System),其儲存在唯讀記憶體中,例如Flash ROM(快閃唯讀記憶體)。由於傳統的基本輸入輸出系統(Legacy BIOS)發展已到達極限,英特爾公司(Intel Corporation)已發展出一種可延伸式韌體介面(即EFI,Extensible Firmware Interface)規格,可免除傳統的基本輸入輸出系統的先天限制。 The computer has a commonly known basic input/output system (BIOS, Basic Input Output System), which is stored in read-only memory, such as Flash ROM (Flash Read-Only Memory). Since the development of the traditional basic input and output system (Legacy BIOS) has reached its limit, Intel Corporation has developed an Extensible Firmware Interface (EFI) specification that eliminates the traditional basic input and output system. Innate limitations.

此種可延伸式韌體介面容許使用標準的程式語言工具加入新元件,具有更佳的擴充性,並且其係以C語言編寫,程式容易維護、閱讀。目前,可延伸式韌體介面可支援舊有的系統,在傳統的基本輸入輸出系統上執行,並適當接管一些控制。 This extensible firmware interface allows for the addition of new components using standard programming language tools, with better scalability, and is written in C, which is easy to maintain and read. Currently, the extendable firmware interface supports legacy systems, performs on traditional basic input and output systems, and properly takes over some control.

然而,英特爾公司所發展的可延伸式韌體介面僅能使用於特定的CPU,有鑑於此,由英特爾公司與多家製造CPU的公司共同發展出一通用可延伸式韌體介面(UEFI,Universal Extensible Firmware Interface)之規格,以適用於各種不同公司所製造的CPU。 However, Intel's extended firmware interface can only be used for specific CPUs. In view of this, Intel has developed a universal extendable firmware interface with multiple CPU-making companies (UEFI, Universal). Extensible Firmware Interface) is suitable for CPUs manufactured by various companies.

圖1為習知在UEFI環境下進行韌體更新之示意圖。在圖1中,使用者欲更新UEFI環境之BIOS韌體,藉由作業系統10之應用程式從儲存媒體(如硬碟、隨身碟、光碟或非揮發性記憶體等)12讀取要被更新BIOS韌體之檔案資料,並儲存於記憶體14中。 FIG. 1 is a schematic diagram of a conventional firmware update in a UEFI environment. In FIG. 1, the user wants to update the BIOS firmware of the UEFI environment, and the application of the operating system 10 reads from the storage medium (such as a hard disk, a flash drive, a compact disc, or a non-volatile memory) 12 to be updated. The file of the BIOS firmware is stored in the memory 14.

此時,作業系統10呼叫並進入UEFI環境之BIOS 16。BIOS 16從記憶體14中讀取要被更新BIOS韌體之檔案資料。在BIOS 16執行更新韌體驅動程式時,BIOS 16將所讀取之要被更新BIOS韌體之檔案資料寫入Flash ROM 18中。在電腦重新開機時,即由新BIOS韌體開啟。 At this point, the operating system 10 calls and enters the BIOS 16 of the UEFI environment. The BIOS 16 reads the file data of the BIOS firmware to be updated from the memory 14. When the BIOS 16 executes the update firmware driver, the BIOS 16 writes the file data of the BIOS firmware to be read into the Flash ROM 18. When the computer is rebooted, it is opened by the new BIOS firmware.

習知的方法可以完成BIOS韌體的更新,但遇到駭客想趁更新過程時竄改BIOS韌體是容易達成的。因為在更新過程中,並未驗證韌體更新程式或預備更新之BIOS韌體是否遭到變更,如果遭到駭客變更,這可能成為駭客的BIOS的韌體更新應用程式,並將Flash ROM 18內的BIOS韌體輕易竄改。 The conventional method can complete the update of the BIOS firmware, but it is easy to tamper with the BIOS firmware when the hacker wants to update the process. Because during the update process, the firmware update program or the firmware update of the update is not verified, if it is changed by the hacker, this may become the firmware update application of the hacker's BIOS, and the Flash ROM will be The BIOS firmware in 18 is easily tampering.

為了預防上述問題,提出利用「checksum(總和檢查)」方法來驗證韌體更新應用程式及要被更新BIOS韌體。所謂「checksum」是將要被更新BIOS韌體之資料全部相加,而把其總和放入一個變數中,在將要被更新BIOS韌體傳輸至 電腦時亦將該總和傳送至電腦。當電腦接收到要被更新BIOS韌體與該總和時,電腦以利用checksum方法再次將要被更新BIOS韌體之資料相加以產生驗證用總和,然後判斷所接收之總和與驗證用總和是否相同,以驗證要被更新BIOS韌體使否被竄改。但是使用checksum方法來作為驗證之用,對於駭客而言仍然容易破解而輕易地竄改該要被更新BIOS韌體。 In order to prevent the above problems, it is proposed to use the "checksum" method to verify the firmware update application and to update the BIOS firmware. The so-called "checksum" is to add all the data of the BIOS firmware to be updated, and put the sum into a variable, which will be transmitted to the BIOS firmware to be updated. The computer also transmits the sum to the computer. When the computer receives the firmware to be updated and the sum, the computer uses the checksum method to add the data of the firmware to be updated again to generate the sum of the verification, and then judges whether the sum of the received and the sum of the verification are the same, Verify that the BIOS firmware is being updated to be tampered with. However, using the checksum method for verification purposes, it is still easy for the hacker to crack and easily tamper with the BIOS firmware to be updated.

本發明提供一種驗證基本輸入輸出系統之更新的方法、電腦可讀取之記錄媒體及電腦程式產品,其藉由一演算法所產生之一驗證結果,來驗證UEFI BIOS更新韌體程式(UEFI BIOS Flash Utility)與新BIOS韌體在更新前都未遭到竄改,利用此演算法之驗證方式不易被駭客破解,以防止不合法及非完整之BIOS韌體被寫入Flash ROM中。 The present invention provides a method for verifying an update of a basic input/output system, a computer readable recording medium, and a computer program product, which verify the UEFI BIOS update firmware (UEFI BIOS) by one of the verification results generated by an algorithm. Flash Utility) and the new BIOS firmware have not been tampered with before the update. The verification method using this algorithm is not easy to be cracked by hackers to prevent illegal and incomplete BIOS firmware from being written into the Flash ROM.

本發明提供一種驗證基本輸入輸出系統之更新的方法,在一電腦中實施該方法,在一通用可延伸式韌體介面之環境下執行一執行檔,該方法包含下列步驟:由一作業系統從一儲存媒體讀取該執行檔,並儲存於一記憶體中,該執行檔係為該通用可延伸式韌體介面之檔案格式,該執行檔包含一韌體更新程式及嵌入於該韌體更新程式之至少一檔案、一數位憑證及一簽章,該至少一檔案係供該執行程式參考使用; 由該作業系統呼叫並進入該通用可延伸式韌體介面之一基本輸入輸出系統;以一公鑰及一演算法依據該數位憑證計算該執行檔之該韌體更新程式與該至少一檔案,以產生一驗證用簽章;驗證該執行檔之該簽章與該驗證用簽章為相同時,解除一唯讀記憶體寫入鎖;以及執行該執行檔中之該韌體更新程式,以將該至少一檔案之資料寫入一唯讀記憶體中。 The present invention provides a method of verifying an update of a basic input/output system, the method being implemented in a computer, executing an executable file in an environment of a universal extendable firmware interface, the method comprising the steps of: The storage file is read by the storage medium and stored in a memory file. The executable file is a file format of the universal extendable firmware interface, and the executable file includes a firmware update program and is embedded in the firmware update. At least one file, one digital certificate and one signature of the program, the at least one file is for reference by the execution program; Calling from the operating system and entering a basic input/output system of the universal extendable firmware interface; calculating, by the public key and an algorithm, the firmware update program and the at least one file according to the digital certificate To generate a verification signature; when verifying that the signature of the execution file is the same as the verification signature, releasing a read-only memory write lock; and executing the firmware update program in the executable file to The data of the at least one file is written into a read-only memory.

根據本發明之方法,進一步包含下列步驟:由一輸入介面輸入該執行檔之名稱;以及從該記憶體中讀取該執行檔。 According to the method of the present invention, the method further includes the steps of: inputting the name of the execution file from an input interface; and reading the execution file from the memory.

根據本發明之方法,進一步包含下列步驟:由該輸入介面輸入該韌體更新程式之名稱、該至少一檔案之名稱及該數位憑證之名稱;從該儲存媒體中讀取該韌體更新程式、該韌體更新程式所參考使用之該至少一檔案與該數位憑證,並暫存於一暫存區中;將該至少一檔案嵌入於該韌體更新程式下;以一私鑰及該演算法依據該數位憑證計算該韌體更新程式與所嵌入之該至少一檔案來產生該簽章;將該數位憑證及該簽章嵌入於該韌體更新程式下以成為該執行檔,並暫存於該暫存區;以及 將該暫存區中之該執行檔儲存到該儲存媒體中。 The method according to the present invention further includes the steps of: inputting, by the input interface, a name of the firmware update program, a name of the at least one file, and a name of the digital certificate; reading the firmware update program from the storage medium, The at least one file and the digital certificate referenced by the firmware update program are temporarily stored in a temporary storage area; the at least one file is embedded in the firmware update program; a private key and the algorithm are used Calculating the firmware update program and the embedded at least one file to generate the signature according to the digital certificate; embedding the digital certificate and the signature in the firmware update program to become the execution file, and temporarily storing the signature The staging area; The execution file in the temporary storage area is stored in the storage medium.

根據本發明之方法,其中,該輸入介面係一鍵盤、一滑鼠及一觸控面板之其中一者。 According to the method of the present invention, the input interface is one of a keyboard, a mouse and a touch panel.

根據本發明之方法,其中,該儲存媒體係一硬碟、一隨身碟、一光碟及一非揮發性記憶體之其中一者。 According to the method of the present invention, the storage medium is one of a hard disk, a flash drive, a compact disc and a non-volatile memory.

根據本發明之方法,其中,該暫存區係一記憶體。 According to the method of the present invention, the temporary storage area is a memory.

本發明提供一種內儲一程式之電腦可讀取之記錄媒體,當一電腦由該記錄媒體載入該程式並執行後,可完成上述驗證基本輸入輸出系統之更新的方法。 The present invention provides a computer readable recording medium storing a program. When a computer is loaded into the program by the recording medium and executed, the method for verifying the update of the basic input/output system can be completed.

本發明提供一種內儲一程式之電腦程式產品,當一電腦由電腦程式產品載入該程式並執行後,可完成驗證基本輸入輸出系統之更新的方法。 The invention provides a computer program product for storing a program. When a computer is loaded into the program by a computer program product and executed, the method for verifying the update of the basic input/output system can be completed.

參考以下附圖以說明本發明之驗證基本輸入輸出系統之更新之方法的較佳實施例。 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to the following drawings, a preferred embodiment of the method of verifying an update of a basic input/output system of the present invention will be described.

圖2為本發明之執行程式附掛檔案成為執行檔之示意圖,圖3為本發明之執行程式附掛檔案成為執行檔之流程圖。在圖2及3中,由一電腦執行一簽章程式,以一演算法依據一數位憑證實施UEFI更新韌體程式(即執行程式)、更新韌體功能設定及新BIOS韌體等檔案之計算,以產生一簽章,並將更新韌體功能設定、新BIOS韌體、數位憑證及簽章嵌入於UEFI更新韌體程式。其中,在UEFI環境下執行 UEFI更新韌體程式,而作為UEFI更新韌體程式所參考使用之更新韌體功能設定及新BIOS韌體等檔案可以不是UEFI的檔案格式。本實施例以附掛兩個檔案為例,但並非侷限用以本發明,在其他的實施例可以僅是附掛一個檔案或兩個以上檔案。 2 is a schematic diagram of an executable file attached to the executable file of the present invention, and FIG. 3 is a flow chart of the executable file attached to the executable file of the present invention. In Figures 2 and 3, a computer executes a signing style, and an algorithm implements UEFI update firmware (ie, execution program), update firmware function setting, and calculation of new BIOS firmware according to a digital certificate. To generate a signature and embed firmware firmware settings, new BIOS firmware, digital credentials and signatures in the UEFI update firmware. Among them, executed in the UEFI environment UEFI updates the firmware program, and the file such as the updated firmware function and the new BIOS firmware used as the reference for the UEFI update firmware may not be the file format of UEFI. This embodiment is exemplified by attaching two files, but is not limited to the present invention. In other embodiments, only one file or two or more files may be attached.

使用者可在作業系統之環境藉由電腦之一輸入介面(如鍵盤、滑鼠或觸控面板等)輸入UEFI更新韌體程式、更新韌體功能設定、新BIOS韌體及數位憑證等檔案之名稱(步驟S20)。 Users can enter the UEFI update firmware, update firmware settings, new BIOS firmware and digital credentials in one of the computer's input interfaces (such as keyboard, mouse or touch panel) in the operating system environment. Name (step S20).

電腦從一儲存媒體(如硬碟、隨身碟及光碟等)中讀取UEFI更新韌體程式、更新韌體功能設定、新BIOS韌體及數位憑證等檔案,並暫存於暫存區(如記憶體)中(步驟S22)。 The computer reads the UEFI update firmware, updated firmware settings, new BIOS firmware and digital credentials from a storage medium (such as hard drive, flash drive, CD-ROM, etc.) and temporarily stores it in the temporary storage area (such as In the memory) (step S22).

電腦將更新韌體功能設定及新BIOS韌體等檔案嵌入於UEFI更新韌體程式下(步驟S24)。 The computer embeds the firmware firmware setting and the new BIOS firmware into the UEFI update firmware (step S24).

電腦利用所熟知之RSA加密演算法及公鑰(Public Key)加密標準,除了對UEFI更新韌體程式、更新韌體功能設定及新BIOS韌體等檔案進行加密之外,並且依據所熟知之X.509數位憑證計算UEFI更新韌體程式、更新韌體功能設定及新BIOS韌體等檔案以產生對應於該等檔案之簽章(步驟S26)。 The computer utilizes the well-known RSA encryption algorithm and the public key (Public Key) encryption standard, in addition to encrypting files such as UEFI update firmware, updated firmware settings, and new BIOS firmware, and is based on the well-known X. The .509 digital certificate calculates a UEFI update firmware program, updates the firmware function settings, and a new BIOS firmware to generate a signature corresponding to the files (step S26).

接著,電腦將更數位憑證及簽章嵌入於UEFI更新韌體程式下(包含已嵌入之新韌體功能設定及新BIOS韌體等檔案) 以產生新的一執行檔,並將該執行檔暫存於該暫存區(步驟S28)。其中,該執行檔為UEFI之檔案格式。 Then, the computer embeds the digital certificate and signature in the UEFI update firmware (including the embedded new firmware function settings and new BIOS firmware files). A new execution file is generated, and the execution file is temporarily stored in the temporary storage area (step S28). The execution file is a file format of UEFI.

電腦將暫存區中之執行檔儲存到儲存媒體中(步驟S30)。在實施上述各步驟以完成檔案嵌入於執行程式下而成為執行檔之方法。 The computer stores the execution file in the temporary storage area in the storage medium (step S30). The method of implementing the above steps to complete the archiving of the file into the execution program becomes the execution file.

圖4為本發明在UEFI環境下進行韌體更新之示意圖,圖5為本發明在UEFI環境下進行韌體更新之流程圖。圖4之元件與圖1之元件相同者係以相同元件符號表示。 4 is a schematic diagram of performing firmware update in a UEFI environment according to the present invention, and FIG. 5 is a flowchart of performing firmware update in a UEFI environment according to the present invention. The elements of FIG. 4 are the same as those of FIG. 1 and are denoted by the same reference numerals.

使用者可在作業系統10之環境藉由電腦之輸入介面(未圖示)輸入執行檔之名稱(步驟S40)。電腦之作業系統10從儲存媒體12讀取執行檔,並將執行檔儲存於記憶體14中(步驟S42)。其中,執行檔包含UEFI更新韌體程式與嵌入於UEFI更新韌體程式之更新韌體功能設定、新BIOS韌體、數位憑證及簽章。 The user can input the name of the execution file in the environment of the work system 10 via the input interface (not shown) of the computer (step S40). The computer operating system 10 reads the execution file from the storage medium 12 and stores the execution file in the memory 14 (step S42). The executable file includes the UEFI update firmware program and the updated firmware function settings, new BIOS firmware, digital certificate and signature embedded in the UEFI update firmware program.

當要對BIOS 16之韌體進行更新時,由作業系統10呼叫並進入UEFI環境之BIOS 16(步驟S44)。在UEFI環境下,由BIOS 16從記憶體14中讀取執行檔(亦即讀取執行檔所包含之UEFI更新韌體程式、更新韌體功能設定、新BIOS韌體、數位憑證及簽章)(步驟S46)。 When the firmware of the BIOS 16 is to be updated, the operating system 10 calls and enters the BIOS 16 of the UEFI environment (step S44). In the UEFI environment, the BIOS 16 reads the executable file from the memory 14 (ie, reads the UEFI update firmware program included in the executable file, updates the firmware function settings, the new BIOS firmware, the digital certificate, and the signature). (Step S46).

BIOS 16利用所熟知之RSA加密演算法及私鑰(Private Key)解密標準,除了對UEFI更新韌體程式、更新韌體功能設定及新BIOS韌體等檔案進行解密之外,並且依據所熟知 之X.509數位憑證計算UEFI更新韌體程式、更新韌體功能設定及新BIOS韌體等以產生對應於該等檔案之驗證用簽章(步驟S48)。 BIOS 16 utilizes the well-known RSA encryption algorithm and private key (Private Key) decryption standard, in addition to decrypting files such as UEFI update firmware, updated firmware settings, and new BIOS firmware, and is well known. The X.509 digital certificate calculates the UEFI update firmware, updates the firmware function settings, and the new BIOS firmware to generate a verification signature corresponding to the files (step S48).

BIOS 16驗證執行檔中之簽章與驗證用簽章是否相同(步驟S50)。若驗證執行檔中之簽章與驗證用簽章不相同,表示欲寫入至Flash ROM 18之更新韌體功能設定及新BIOS韌體等係不合法或非完整,則電腦發出警示訊息告知操作者,以終止此次之BIOS韌體的更新(步驟S52)。 The BIOS 16 verifies whether the signature in the execution file is the same as the signature for verification (step S50). If the signature in the verification execution file is different from the verification signature, indicating that the update firmware function setting and the new BIOS firmware to be written to the Flash ROM 18 are illegal or incomplete, the computer issues a warning message to inform the operation. To terminate the update of the BIOS firmware (step S52).

若驗證執行檔中之簽章與驗證用簽章相同,則BIOS 16解除一Flash ROM寫入鎖(步驟S54),使得BIOS韌體更新之資料可寫入Flash ROM 18中。 If the signature in the verification execution file is the same as the verification signature, the BIOS 16 releases a Flash ROM write lock (step S54), so that the BIOS firmware update data can be written into the Flash ROM 18.

BIOS 16執行該執行檔中之UEFI更新韌體程式,UEFI更新韌體程式在執行時會將更新韌體功能設定與新BIOS韌體等之資料寫入Flash ROM 18中(步驟S56)。 The BIOS 16 executes the UEFI update firmware in the executable file, and the UEFI update firmware program writes information such as the updated firmware function setting and the new BIOS firmware to the Flash ROM 18 during execution (step S56).

在上述各步驟中,在BIOS 16執行BIOS韌體之更新前,在UEFI環境下必須符合安全驗證的考量,藉由熟知之RSA加密演算法、公鑰加密標準及私鑰解密標準,來對傳輸至電腦前與後之UEFI更新韌體程式、更新韌體功能設定與新BIOS韌體依據X.509數位憑證來產生之簽章進行驗證,以確保欲更新BIOS韌體之資料未被駭客竄改變更。 In the above steps, before the BIOS 16 performs the update of the BIOS firmware, it must comply with the security verification consideration in the UEFI environment, and the transmission is performed by the well-known RSA encryption algorithm, the public key encryption standard, and the private key decryption standard. The UEFI update firmware program before and after the computer, the firmware update function settings and the new BIOS firmware are verified according to the signature generated by the X.509 digital certificate to ensure that the data to update the BIOS firmware has not been modified by the customer. change.

本發明之上述驗證基本輸入輸出系統之更新之方法可以一程式型態來撰寫完成,並可將該程式儲存於一電腦可讀取 之記錄媒體,當電腦從該電腦可讀取之記錄媒體載入該程式並執行後,便可完成如上述說明及圖式中所示之方法步驟。 The above method for verifying the update of the basic input/output system of the present invention can be completed in a program state, and the program can be stored in a computer readable The recording medium, when the computer loads the program from the computer-readable recording medium and executes it, the method steps as shown in the above description and the drawings can be completed.

同樣地,本發明之上述驗證基本輸入輸出系統之更新之方法可以一電腦程式產品來完成,當電腦例如從網路下載該電腦程式產品並執行後,便可完成如上述說明及圖式中所示之方法步驟。 Similarly, the method for verifying the update of the basic input/output system of the present invention can be implemented by a computer program product. After the computer downloads the computer program product from the network, for example, the following description and drawings can be completed. Show method steps.

本發明之優點係提供一種驗證基本輸入輸出系統之更新的方法、電腦可讀取之記錄媒體及電腦程式產品,其藉由RSA加密演算法、公鑰加密標準及私鑰解密標依據X.509數位憑證所產生之簽章,來驗證UEFI BIOS更新韌體程式與新BIOS韌體在更新前都未遭到竄改,利用此種驗證方式不易被駭客破解,以防止不合法及非完整之BIOS韌體被寫入Flash ROM中。 The advantage of the present invention is to provide a method for verifying the update of a basic input/output system, a computer readable recording medium and a computer program product, which are based on an RSA encryption algorithm, a public key encryption standard, and a private key decryption standard according to X.509. The signature generated by the digital certificate verifies that the UEFI BIOS update firmware and the new BIOS firmware have not been tampered with before the update. This verification method is not easily cracked by the hacker to prevent illegal and incomplete BIOS. The firmware is written to the Flash ROM.

雖然本發明已參照較佳具體例及舉例性附圖敘述如上,惟其應不被視為係限制性者。熟悉本技藝者對其形態及具體例之內容做各種修改、省略及變化,均不離開本發明之申請專利範圍之所主張範圍。 The present invention has been described above with reference to the preferred embodiments and the accompanying drawings, and should not be considered as limiting. Various modifications, omissions and changes may be made without departing from the scope of the invention.

10‧‧‧作業系統 10‧‧‧Operating system

12‧‧‧儲存媒體 12‧‧‧ Storage media

14‧‧‧記憶體 14‧‧‧ memory

16‧‧‧BIOS 16‧‧‧BIOS

18‧‧‧Flash ROM 18‧‧‧Flash ROM

圖1為習知在UEFI環境下進行韌體更新之示意圖;圖2為本發明之執行程式附掛檔案成為執行檔之示意圖;圖3為本發明之執行程式附掛檔案成為執行檔之流程圖;圖4為本發明在UEFI環境下進行韌體更新之示意圖;以 及圖5為本發明在UEFI環境下進行韌體更新之流程圖。 1 is a schematic diagram of firmware update in a UEFI environment; FIG. 2 is a schematic diagram of an executable file attached to an executable file of the present invention; FIG. 3 is a flowchart of an executable file attached to an executable file of the present invention. FIG. 4 is a schematic diagram of performing firmware update in a UEFI environment according to the present invention; FIG. 5 is a flowchart of performing firmware update in a UEFI environment according to the present invention.

Claims (8)

一種驗證基本輸入輸出系統之更新的方法,在一電腦中實施該方法,在一通用可延伸式韌體介面之環境下執行一執行檔,該方法包含下列步驟:由一作業系統從一儲存媒體讀取該執行檔,並儲存於一記憶體中,該執行檔係為該通用可延伸式韌體介面之檔案格式,該執行檔包含一基本輸入輸出系統韌體更新程式及嵌入於該基本輸入輸出系統韌體更新程式之至少一檔案、一數位憑證及一簽章,該至少一檔案係供該執行程式參考使用;由該作業系統呼叫並進入該通用可延伸式韌體介面之一基本輸入輸出系統;以一公鑰及一演算法依據該數位憑證計算該執行檔之該基本輸入輸出系統韌體更新程式與該至少一檔案,以產生一驗證用簽章;驗證該執行檔之該簽章與該驗證用簽章為相同時,解除一唯讀記憶體寫入鎖;以及執行該執行檔中之該基本輸入輸出系統韌體更新程式,以將該至少一檔案之資料寫入一唯讀記憶體中。 A method of verifying an update of a basic input/output system, the method being implemented in a computer, executing an executable file in an environment of a universal extendable firmware interface, the method comprising the steps of: from a storage system from a storage system Reading the executable file and storing it in a memory file, the executable file is a file format of the universal extendable firmware interface, the executable file includes a basic input and output system firmware update program and is embedded in the basic input Outputting at least one file, a digital certificate and a signature of the system firmware update program, wherein the at least one file is for reference by the execution program; the operating system calls and enters one of the basic input of the universal extendable firmware interface Outputting a system; calculating, by the public key and an algorithm, the basic input/output system firmware update program of the executable file and the at least one file to generate a verification signature; verifying the signature of the execution file When the chapter is the same as the verification signature, the read-only memory write lock is released; and the basic input/output system in the execution file is tough. To upgrade the program to the at least one file of data written to a read-only memory. 如申請專利範圍第1項之方法,進一步包含下列步驟:由一輸入介面輸入該執行檔之名稱;以及從該記憶體中讀取該執行檔。 The method of claim 1, further comprising the steps of: inputting the name of the execution file by an input interface; and reading the execution file from the memory. 如申請專利範圍第2項之方法,進一步包含下列步驟:由該輸入介面輸入該基本輸入輸出系統韌體更新程式之名稱、該至少一檔案之名稱及該數位憑證之名稱;從該儲存媒體中讀取該基本輸入輸出系統韌體更新程式、該基本輸入輸出系統韌體更新程式所參考使用之該至少一檔案與該數位憑證,並暫存於一暫存區中;將該至少一檔案嵌入於該基本輸入輸出系統韌體更新程式下;以一私鑰及該演算法依據該數位憑證計算該基本輸入輸出系統韌體更新程式與所嵌入之該至少一檔案來產生該簽章;將該數位憑證及該簽章嵌入於該基本輸入輸出系統韌體更新程式下以成為該執行檔,並暫存於該暫存區;以及將該暫存區中之該執行檔儲存到該儲存媒體中。 The method of claim 2, further comprising the steps of: inputting, by the input interface, a name of the basic input/output system firmware update program, a name of the at least one file, and a name of the digital certificate; from the storage medium Reading the basic input/output system firmware update program, the at least one file and the digital certificate referenced by the basic input/output system firmware update program, and temporarily storing the digital certificate in a temporary storage area; embedding the at least one file The basic input/output system firmware update program is configured to generate the signature by using a private key and the algorithm to calculate the basic input/output system firmware update program and the embedded at least one file according to the digital certificate; The digital certificate and the signature are embedded in the basic input/output system firmware update program to be the executable file and temporarily stored in the temporary storage area; and the execution file in the temporary storage area is stored in the storage medium . 如申請專利範圍第2或3項之方法,其中,該輸入介面係一鍵盤、一滑鼠及一觸控面板之其中一者。 The method of claim 2, wherein the input interface is one of a keyboard, a mouse, and a touch panel. 如申請專利範圍第1或3項之方法,其中,該儲存媒體係一硬碟、一隨身碟、一光碟及一非揮發性記憶體之其中一者。 The method of claim 1 or 3, wherein the storage medium is one of a hard disk, a flash drive, a compact disc, and a non-volatile memory. 如申請專利範圍第3項之方法,其中,該暫存區係一記憶體。 The method of claim 3, wherein the temporary storage area is a memory. 一種內儲一程式之電腦可讀取之記錄媒體,當一電腦由該記錄媒體載入該程式並執行後,可完成如申請專利範圍第1至6項中任一項之方法。 A computer readable recording medium storing a program, and when a computer is loaded into the program by the recording medium and executed, the method of any one of claims 1 to 6 can be completed. 一種內儲一程式之電腦程式產品,當一電腦由電腦程式產品載入該程式並執行後,可完成如申請專利範圍第1至6項中任一項之方法。 A computer program product that stores a program, and when a computer is loaded into the program by a computer program product and executed, the method of any one of claims 1 to 6 can be completed.
TW100119729A 2011-06-07 2011-06-07 Verification of the basic input and output system update method, the computer can read the recording media and computer program products TWI467485B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW100119729A TWI467485B (en) 2011-06-07 2011-06-07 Verification of the basic input and output system update method, the computer can read the recording media and computer program products

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW100119729A TWI467485B (en) 2011-06-07 2011-06-07 Verification of the basic input and output system update method, the computer can read the recording media and computer program products

Publications (2)

Publication Number Publication Date
TW201250592A TW201250592A (en) 2012-12-16
TWI467485B true TWI467485B (en) 2015-01-01

Family

ID=48139301

Family Applications (1)

Application Number Title Priority Date Filing Date
TW100119729A TWI467485B (en) 2011-06-07 2011-06-07 Verification of the basic input and output system update method, the computer can read the recording media and computer program products

Country Status (1)

Country Link
TW (1) TWI467485B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI715926B (en) * 2018-02-08 2021-01-11 美商美光科技公司 Firmware update in a storage backed memory package

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201619866A (en) 2014-11-20 2016-06-01 萬國商業機器公司 Method of customizing appliances
TWI617946B (en) * 2015-05-25 2018-03-11 Insyde Software Corp Device and method for safely starting embedded controller
US9875113B2 (en) * 2015-12-09 2018-01-23 Quanta Computer Inc. System and method for managing BIOS setting configurations

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200411451A (en) * 2002-12-18 2004-07-01 Inventec Corp File management method and system thereof
TW200711432A (en) * 2005-06-30 2007-03-16 Advanced Micro Devices Inc Anti-hack protection to restrict installation of operating systems and other software
US20070204114A1 (en) * 2001-09-27 2007-08-30 International Business Machines Corporation Configurable Hardware Scheduler Calendar Search Algorithm
TW201109969A (en) * 2009-08-11 2011-03-16 Silver Spring Networks Inc Method and system for securely updating field upgradeable units

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070204114A1 (en) * 2001-09-27 2007-08-30 International Business Machines Corporation Configurable Hardware Scheduler Calendar Search Algorithm
TW200411451A (en) * 2002-12-18 2004-07-01 Inventec Corp File management method and system thereof
TW200711432A (en) * 2005-06-30 2007-03-16 Advanced Micro Devices Inc Anti-hack protection to restrict installation of operating systems and other software
TW201109969A (en) * 2009-08-11 2011-03-16 Silver Spring Networks Inc Method and system for securely updating field upgradeable units

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI715926B (en) * 2018-02-08 2021-01-11 美商美光科技公司 Firmware update in a storage backed memory package

Also Published As

Publication number Publication date
TW201250592A (en) 2012-12-16

Similar Documents

Publication Publication Date Title
JP5265662B2 (en) Trusted component update system and trusted component update method
TWI376634B (en) Computing system, method, computer-readable medium and patch data structure product for augmenting software
JP4837985B2 (en) System and method for securely booting a computer having a trusted processing module
US8375437B2 (en) Hardware supported virtualized cryptographic service
JP6595822B2 (en) Information processing apparatus and control method thereof
JP5992457B2 (en) Protecting operating system configuration values
JP5510550B2 (en) Hardware trust anchor
KR101190479B1 (en) Ticket authorized secure installation and boot
US20050021968A1 (en) Method for performing a trusted firmware/bios update
JP5191043B2 (en) System and method for preventing unauthorized start of program
JP6073320B2 (en) Authority-dependent platform secret to digitally sign
JP2008537224A (en) Safe starting method and system
JP2006216048A (en) System and method for reducing memory capacity required for firmware and for providing safe update and storage area for firmware
JP2006172376A (en) Information processing system, program, information processing method
JP5466645B2 (en) Storage device, information processing device, and program
TWI467485B (en) Verification of the basic input and output system update method, the computer can read the recording media and computer program products
US11397815B2 (en) Secure data protection
JP2009187247A (en) Image file distribution system and image file distribution method
JP2007316944A (en) Data processor, data processing method and data processing program
JP5465738B2 (en) System firmware update method and computer
JP4655613B2 (en) Program execution apparatus and program execution method
CN115509587A (en) Firmware upgrading method and device, electronic equipment and computer readable storage medium
JP2012216222A (en) Information processor and program
JP2011164858A (en) System and method for setting of license
WO2020027159A1 (en) Information processing device, verification method and verification program