发明名称 |
System and Method for Intercept of UEFI Block I/O Protocol Services for BIOS Based Hard Drive Encryption Support |
摘要 |
An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver. |
申请公布号 |
US2014359302(A1) |
申请公布日期 |
2014.12.04 |
申请号 |
US201313905200 |
申请日期 |
2013.05.30 |
申请人 |
Dell Products L.P. |
发明人 |
Joshi Anand Prakash;Tonry Richard M. |
分类号 |
G06F12/14 |
主分类号 |
G06F12/14 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for performing Unified Extensible Firmware Interface (UEFI) block input/output (I/O) access to storage devices that can be encrypted, the method comprising:
intercepting, by a UEFI interceptor block I/O driver, a caller-initiated block I/O command for I/O access to one or more target block addresses on a storage device; identifying whether any of the one or more target block addresses is for an encrypted storage block; in response to identifying an encrypted storage block among the one or more target block addresses, forwarding data associated with the encrypted target storage block to an encryption-decryption module to perform one of an encryption and a decryption of corresponding data; and performing final handling of the block I/O command and associated data using the block I/O driver; wherein I/O data stored within the encrypted storage block targeted by the block I/O command is first identified by the UEFI interceptor block I/O driver and processed by the encryption-decryption module before final handling of the block I/O command is performed by the block I/O driver. |
地址 |
Round Rock TX US |