| 发明名称 |
Secure BIOS tamper protection mechanism |
| 摘要 |
An apparatus including a ROM, a selector, and a detector. The ROM has partitions stored as plaintext, and encrypted digests, each comprising an encrypted version of a first digest associated with a corresponding one of the partitions. The selector selects one or more partitions responsive to an interrupt. The detector generates the interrupt at a combination of intervals and event occurrences, and accesses the one or more partitions and corresponding one or more encrypted digests upon assertion of the interrupt, and directs generation of one or more second digests corresponding to the one or more partitions and one or more decrypted digests corresponding to the one or more encrypted digests using the same algorithms and key used to generate the first digest and encrypted digests, and compares the second digests with the decrypted digests, and precludes the operation if the second digests and the decrypted digests are not pair wise equal. |
| 申请公布号 |
US9183394(B2) |
申请公布日期 |
2015.11.10 |
| 申请号 |
US201314079299 |
申请日期 |
2013.11.13 |
| 申请人 |
VIA TECHNOLOGIES, INC. |
发明人 |
Henry G. Glenn |
| 分类号 |
G06F11/30;G06F21/57 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
Huffman Richard K.;Huffman James W. |
| 主权项 |
1. An apparatus for protecting a basic input/output system (BIOS) in a computing system, the apparatus comprising:
a BIOS read only memory (ROM), comprising:
a plurality of BIOS content partitions, wherein each of said plurality of BIOS content partitions is stored as plaintext; anda plurality of encrypted message digests, wherein each of said plurality of encrypted message digests comprises an encrypted version of a first message digest that is associated with a corresponding one of said plurality of BIOS content partitions; a partition selector, configured to select one or more of said plurality of BIOS content partitions responsive to a BIOS check interrupt that interrupts normal operation of the computing system; and a tamper detector, operatively coupled to said BIOS ROM and said partition selector, configured to generate said BIOS check interrupt at a combination of prescribed intervals and event occurrences, and configured to access said one or more of said plurality of BIOS content partitions and corresponding one or more of said plurality of encrypted message digests upon assertion of said BIOS check interrupt, and configured to direct a microprocessor to generate corresponding one or more of a plurality of second message digests corresponding to said one or more of said plurality of BIOS content partitions and corresponding one or more of a plurality of decrypted message digests corresponding to said one or more of said plurality of encrypted message digests using the same algorithms and key that were employed to generate said first message digest and said plurality of encrypted message digests, and configured to compare said one or more of said plurality of second message digests with said one or more of said plurality of decrypted message digests, and configured to preclude said operation of said microprocessor if said one or more of said plurality of second message digests and said one or more of said plurality of decrypted message digests are not pair wise equal, and configured to allow said operation of said microprocessor if said one or more of said plurality of second message digests and said one or more of said plurality of decrypted message digests are pair wise equal. |
| 地址 |
New Taipei TW |
