Electrical computers and digital processing systems: support – Digital data processing system initialization or configuration – Loading initialization program
Reexamination Certificate
2000-02-11
2004-03-23
Butler, Dennis M. (Department: 2185)
Electrical computers and digital processing systems: support
Digital data processing system initialization or configuration
Loading initialization program
C713S152000
Reexamination Certificate
active
06711675
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention pertains generally to a boot process in a computer system. More particularly, it pertains to a protected boot process that resists tampering with the boot sequence.
2. Description of the Related Art
Before a computer system can operate, it must have an operating system (OS) in its memory that allows the computer's resources to be reached and controlled by the other software, such as the various application programs. It is desirable to have various types and versions of operating systems loadable into the same computer system hardware. To accomplish this, the computer hardware has a non-volatile, comparatively simple bootstrap program, which initializes various basic functions and then loads more complicated software from a disk. The boot sequence may have multiple levels of load programs, with each successive level loading a more complex, more capable, but also more modifiable program until the OS itself is loaded.
In a conventional system, the boot process is started with a reset function of some kind. This might be a cold start reset (power to the hardware is initially off), a warm start reset (the hardware is already powered up, but in a partially unknown logic state), or one of several other starting conditions. The type of reset affects the particular functions that must be performed in the boot sequence, but generally does not change the overall boot process.
The reset function typically generates a reset interrupt, which vectors the system to a program in non-volatile memory and begins execution from that point. This program is generally a Basic Input-Output System (BIOS) in flash memory. The BIOS enables basic input-output (IO) control, branches into an option ROM to enable the options that are active in that particular system, and then branches back into the BIOS program to complete initialization and load the OS into main memory from a disk. While most of the hardware in such a system is provided by the computer vendor, the BIOS and option ROM are typically provided by third party vendors, so the computer vendor has limited knowledge of, and control over, the specific contents of these items. In addition, both the BIOS and option ROM are typically reprogrammable while in the computer and therefore subject to tampering after the system has been installed. This presents a security issue, since there is no way to tell if the BIOS or option ROM have been tampered with. Widespread concern over sophisticated hackers and computer viruses makes this problem especially worrisome, as the system may be tampered with in unknown and possibly undetectable ways.
Computer vendors want to be able to verify that the bootstrap sequence is the one they want and expect, and that any unauthorized changes that have been made to this sequence are detectable at boot time so the boot sequence can be terminated and the problem investigated.
SUMMARY OF THE INVENTION
The invention includes a method of booting an operating system that includes initiating a reset function, executing a protected program, validating a BIOS program, and executing the BIOS program.
REFERENCES:
patent: 5022077 (1991-06-01), Bealkowski et al.
patent: 5210875 (1993-05-01), Bealkowski et al.
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5793943 (1998-08-01), Noll
patent: 5802592 (1998-09-01), Chess et al.
patent: 5805882 (1998-09-01), Cooper et al.
patent: 6018806 (2000-01-01), Cortopassi et al.
patent: 6138239 (2000-10-01), Veil
patent: 6223284 (2001-04-01), Novoa et al.
patent: 6408387 (2002-06-01), Wells
patent: 6473853 (2002-10-01), Spiegel et al.
patent: 6564317 (2003-05-01), Hale et al.
patent: 6571347 (2003-05-01), Tseng
patent: 0 149 005 (1991-03-01), None
patent: 0419005 (1991-03-01), None
PCT Notification of Transmittal of The International Search Report or The Declaration for PCT Counterpart Application No. PCT/US01/00467 Containing International Search Report (Feb. 5, 2002).
Gafken Andrew H.
Hale Robert P.
Spiegel Christopher J.
Stevens, Jr. William A.
LandOfFree
Protected boot flow does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protected boot flow, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protected boot flow will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3185408