Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
1999-03-04
2003-04-08
Peeso, Thomas R. (Department: 2134)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S188000, C713S189000, C713S190000, C713S193000
Reexamination Certificate
active
06546489
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to the field of secure boot loading of a computer system from a hard disk drive. In particular, the invention relates to a source for fast restoration of a complete operating image in computer system memory which is secure from attack by a virus or inadvertent corruption during operation of the computer.
2. Description of the Prior Art and Related Information
Most computer systems today take the form of a so-called “personal computer” or PC which has evolved into a ubiquitous tool applied in many forms. Examples include desktop systems, servers, and “embedded” systems which incorporate a PC as the engine for performing dedicated functions. Common to most of these systems is a host microprocessor and a disk drive. The host microprocessor executes program code, including operating system code and application program code, and reads or writes data in conjunction with code execution. The code and associated data is stored for execution in a volatile random access memory array. The disk drive provides non-volatile secondary storage for the code and data. The extent of disk drive storage is orders of magnitude greater than the memory array, allowing numerous application programs, and potentially a plurality of operating systems, to reside on the disk drive for recall according to dynamic configurations of the machine.
The memory array is initially loaded during a bootstrap (boot) loading process which begins with the host microprocessor executing a relatively small BIOS program stored in a ROM. The BIOS program reads a default area of the disk which stores a boot program, known as a boot record, and stores the program in the memory array. The host microprocessor then executes the boot program to load an operating system core which may then complete the process of establishing an operating image in memory.
Unfortunately, the PC is susceptible to problems during this process. Computer viruses are rampant, many of which plant themselves in the boot record or in the operating system code on the disk so that they may be activated during operation of the machine. Other forms of computer viruses simply corrupt or destroy code on the disk which prevents the machine from booting up at all. Aside from virus attacks, it is possible that inadvertent corruption of disk data can prevent a proper boot of the computer system. This can be caused by user mistakes or by rogue applications which fail to abide by conventions or operating system safeguards.
Many tactics have been employed to defend the data on the disk drive from virus attack. One method was to provide BIOS code which monitored disk drive write commands to look for attempted boot record modification. This and similar BIOS-based methods depend on virus software employing BIOS calls to access the disk and therefore may be ineffective when a virus bypasses BIOS. Another known method employs bus snooping hardware which monitors the I/O bus to trap disk write operations to protected areas. All these methods are prone to defeat because the host processor is required to access the data and may be controlled by a virus.
In another aspect, it is known in the art to provide an abridged version of BIOS in ROM and use the ROM BIOS to load the full BIOS from the disk drive or some other alterable memory. Since the BIOS itself is susceptible to attack or corruption in these implementations, there have been efforts to provide protection. One such a system is disclosed in U.S. Pat. No. 5,022,077 to Bealkowski et al. Bealkowski discloses having the host processor send a command to the disk drive after a BIOS is loaded to establish a maximum block address. The BIOS code is stored on the disk at addresses which are higher than the maximum block address and are therefore inaccessible until the maximum block address is reset. This method also presents the requirement that the host processor controls the protection scheme and the protection method can be easily defeated.
A more complex BIOS protection scheme is disclosed in U.S. Pat. No. 5,844,986 to Davis. The Davis patent discloses a cryptographic coprocessor which acts as a gatekeeper to BIOS stored in a flash memory. The cryptographic coprocessor responds to BIOS addresses presented by the host microprocessor during BIOS reads and requires decoding an encrypted code to process updates to the BIOS. The Davis patent provides a solution to BIOS security but adds cost from flash memory and an additional processor, and does not address potential contamination of operating system code. Further, Davis admits that an intruder can corrupt the code if the secret key is obtained.
Yet another problem experienced by PC users is the time required to perform the boot load process. The operating system code on the disk drive is a complex arrangement of linked blocks which are loaded in many stages with considerable processing required. In addition, most complex operating systems require a previous orderly shut-down to achieve an efficient start-up. Unfortunately, the orderly shut-down is sometimes as lengthy as the boot process. One known solution to the boot load delay, sometimes known as “resume from disk” or “hibernation,” has been to store the system memory image in special partition on the disk drive. A subsequent start-up operation retrieves the image and resumes at the prior state of the machine. This solution is advantageous when starting the machine, but still presents a significant shut-down delay. Further, the image on disk is susceptible to virus attack or corruption as noted above.
There is a continuing need, therefore, for a computer system boot process which is fast and secure from virus attack or inadvertent corruption.
SUMMARY OF THE INVENTION
This invention can be regarded as a computer system comprising a host computer, a disk drive, and means defining a host interface between the host computer and the disk drive. The host computer comprises a host microprocessor having an inactive state and an active state. The host microprocessor has an input for receiving a state-control signal and while the state-control signal is asserted remains in the inactive state, and while the state-control signal is de-asserted remains in the active state. While in the active state, the host microprocessor executes host-executable code including operating system and application program code. The host computer further comprises a memory array for storing the host-executable code and data, means coupled between the memory array and the host interface for reading from and writing to the memory array; and means responsive to a signal on the host interface for asserting and de-asserting the state-control signal.
The disk drive comprises a disk having disk addresses for storing and retrieving data including data defining a host computer memory image source, means for storing and retrieving drive-executable code including code defining a boot control program, and a drive microprocessor for executing the drive-executable code including the boot control program.
The host computer memory image source is stored at disk addresses which are accessible by the drive microprocessor when executing the boot control program and which are protected from access by the host computer. The host computer memory image source further comprises an address pointer to establish an address in the memory array for storing at least a portion of the memory image source.
The computer system further comprises means for transferring the host computer memory image source to the memory array via the host interface while the drive microprocessor is executing the boot control program means controlled by the drive microprocessor for causing the state-control signal to be asserted.
The invention may be used with a host interface which is either a memory referenced interface or an I/O interface.
In another aspect, the invention may be viewed as a method for providing a secure boot load image in a computer system comprising a disk drive and a host computer. The method comprises the steps of
Frank, Jr. Charles W.
Hanan Thomas D.
Mobarhan, Esq. Ramin
Myers Dawes & Andras
Peeso Thomas R.
Shara, Esq. Milad G.
Western Digital Ventures, Inc.
LandOfFree
Disk drive which provides a secure boot of a host computer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Disk drive which provides a secure boot of a host computer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Disk drive which provides a secure boot of a host computer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3081245