Electrical computers and digital processing systems: support – Digital data processing system initialization or configuration
Reexamination Certificate
1999-01-22
2002-06-18
Butler, Dennis M. (Department: 2185)
Electrical computers and digital processing systems: support
Digital data processing system initialization or configuration
C713S100000
Reexamination Certificate
active
06408387
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the field of memory management, and more particularly to securing updates to a non-volatile memory used to store program code.
BACKGROUND OF THE INVENTION
Many computer systems include a non-volatile memory to store basic input/output system (BIOS) program code. The BIOS code is usually the lowest layer of software in a computer system and acts as an interface between system hardware and higher-layer software. For example, the BIOS typically includes routines for managing system startup and for controlling various hardware components such as a wait-state generator, hardware timers, interrupt controllers and so forth.
Because BIOS routines interact extensively with system hardware, they are often invoked at a privilege level that allows unrestricted memory and I/O access. This makes the BIOS space (i.e., the memory space allocated to the BIOS) a particularly likely candidate for malicious attack. If unauthorized code (e.g., a computer virus) is substituted for BIOS code, the unauthorized code will likely be able to access a broad range of system devices that privilege-level protections would otherwise prevent. As a result, a successful attack on the BIOS space can result in considerable damage to a computer system, including the loss of sensitive information.
In modern computer systems, flash memory devices (e.g., flash electrically-erasable, programmable read-only memory (flash EEPROM)) are often used to store BIOS code. By sending the appropriate commands, flash devices can be erased and reprogrammed. While this makes it easier to install updated BIOS software, it also opens the door to malicious attack on the BIOS space. For example, some BIOS developers post updated BIOS code on sites of the World Wide Web (“the web”) from which they can be downloaded and installed. One seeking to introduce unauthorized code into the BIOS space (i.e., an “attacker”) could modify the posted BIOS code or even intercept and modify the code during download. Alternatively an attacker might masquerade as a legitimate BIOS developer to induce a computer user to download and install unauthenticated code. For example, the attacker could post unauthenticated code on a website and represent the code as being provided by a legitimate developer.
FIG. 1
is a data flow diagram that illustrates one prior-art technique for preventing unauthorized access to the BIOS space. Initially, program code
10
is obtained in a computer system that includes a processor
22
, a system memory
11
, an updatable, non-volatile memory device
12
, a bus
20
and an interrupt generator
28
. When a data transfer program
19
is executed, write circuitry
26
within the processor
22
transfers the program code
10
across bus
20
along with commands to the flash device
12
to write the program code into a predetermined space within storage array
18
. The interrupt generator
28
snoops the signals transferred across the bus
20
and can therefore detect when a write access to the flash device
12
is being attempted. In response to detecting a write access attempt, the interrupt generator
28
asserts an interrupt
29
to interrupt the processor
22
. In response to the interrupt, the processor
22
invokes an interrupt service routine
27
(typically stored in system memory
11
) to validate the source of the data write, for example, by determining whether a predetermined value is present in the program code
10
(e.g., header or trailer information).
If the interrupt service routine (ISR)
27
determines that the attempted write access to the flash device
12
is valid, the ISR
27
is exited and transfer of the program code
10
is resumed. To prevent repeated interrupt generation after the initial validation operation, the interrupt generator
28
may be disabled until after the transfer is complete.
One disadvantage of the above-described technique is that it is relatively easy to circumvent. For example, the vector to the ISR
27
can be changed so that when the interrupt from the interrupt generator
28
is received, a substitute ISR is invoked. This substitute ISR may then disable the interrupt generator without validating the program code
10
that is attempting to write to the flash device
12
. Unauthorized program code may then be written to the flash memory device
12
. Alternatively, an attacker may access the code of ISR
27
to learn the authenticating value (or set of values) that is expected in the program code
10
and where the authenticating value is stored. The attacker can then store the authenticating value in unauthorized program code so that the ISR
27
erroneously validates the unauthorized program code. Again, the unauthorized program code may be written to the flash memory device
12
.
SUMMARY OF THE INVENTION
An apparatus and method for preventing unauthorized updates to a non-volatile memory are disclosed. A sequence of encoded values is received in a non-volatile memory device. The sequence of encoded values is decoded in a decoding circuit in the non-volatile memory device to generate a sequence of decoded values and the sequence of decoded values is stored in the non-volatile memory device.
Other features and advantages of the invention will be apparent from the accompanying drawings and from the detailed description that follows below.
REFERENCES:
patent: 4525599 (1985-06-01), Curran et al.
patent: 4562306 (1985-12-01), Chou et al.
patent: 4694412 (1987-09-01), Domenik et al.
patent: 5778070 (1998-07-01), Mattison
patent: 5835594 (1998-11-01), Albrecht et al.
patent: 5844986 (1998-12-01), Davis
patent: 6026016 (2000-02-01), Gafken
patent: 6028445 (2000-02-01), Lawman
Bruce Schneier, “Applied Cryptography, Second Edition: Protocols, Algorithms and Source Code in C”, John Wiley & Sons, Inc., 1996, pp. vii-xiv, 369-395.
Blakely , Sokoloff, Taylor & Zafman LLP
Butler Dennis M.
Intel Corporation
LandOfFree
Preventing unauthorized updates to a non-volatile memory does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Preventing unauthorized updates to a non-volatile memory, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Preventing unauthorized updates to a non-volatile memory will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2958143