Firmware authentication

摘要

Firmware authentication in Information Handling Systems (IHSs) are disclosed. In some embodiments, an IHS may include a controller having a memory, the memory configured to store a plurality of firmware volumes, each of the plurality of firmware volumes including a plurality of firmware files. The IHS may also include a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files within a given one of the plurality of firmware volumes using a single digital signature. In another embodiment, a method may include creating a firmware volume, adding a plurality of firmware files to the firmware volume, and creating a digital signature based upon at least one of the plurality of firmware files, where the digital signature, upon being authenticated, allows a BIOS to load any of the plurality of firmware files.

主权项

1. An Information Handling System (IHS), comprising:
a controller including a memory configured to store a plurality of firmware volumes, wherein each of the plurality of firmware volumes includes a plurality of firmware files, wherein all of the plurality of firmware volumes are encapsulated into a header file, wherein the header file includes a table that lists a plurality of digital signatures, wherein the table associates each digital signature with a different set of firmware file(s) within each firmware volume, and wherein each set of firmware file(s) can be authenticated its associated digital signature; and a Basic Input/Output System (BIOS) operably coupled to the controller, the BIOS having program instructions stored thereon that, upon execution, cause the BIOS to authenticate two or more firmware files using a single digital signature, wherein a first one of the two or more firmware files belongs to a first firmware volume and a second one of the two of more firmware files belongs to a second firmware volume distinct from the first firmware volume, and wherein at least one of the first or second firmware volumes includes at least one firmware file that cannot be authenticated using the digital signature.