(12) United States Patent
`Galasso et al.
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006892304Bl
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,892,304 Bl
`May 10,2005
`
`(54)
`
`(75)
`
`SYSTEM AND METHOD FOR SECURELY
`UTILIZING BASIC INPUT AND OUTPUT
`SYSTEM (BIOS) SERVICES
`
`Inventors: Leonard J. Galasso, Rancho Santa
`Margarita, CA (US); Matthew E.
`Zilmer, Upland, CA (US); Quang
`Phan, Tustin, CA (US)
`
`(73) Assignee: Phoenix Technologies Ltd., Milpitas,
`CA(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 613 days.
`
`(21) Appl. No.: 09/679,450
`
`(22)
`
`Filed:
`
`Oct. 3, 2000
`
`(60)
`
`(51)
`(52)
`
`(58)
`
`(56)
`
`Related U.S. Application Data
`
`Division of application No. 09/336,889, filed on Jun. 18,
`1999, now Pat. No. 6,148,387, which is a continuation-in(cid:173)
`part of application No. 08/947,990, filed on Oct. 9, 1997,
`now abandoned.
`Int. Cl? .......................... G06F 12/14; G06F 5/177
`U.S. Cl. ........................... 713/189; 713/2; 713/179;
`709/222
`Field of Search ........................ 713/2, 200, 90-99,
`713/179; 380/30; 711!202, 206; 709/222,
`230, 213
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,563,737 A
`4,742,447 A
`4,868,738 A
`4,926,322 A
`4,928,237 A
`5,133,058 A
`5,193,161 A
`5,212,633 A
`5,255,379 A
`5,265,252 A
`
`1!1986 Nakamura et a!.
`5/1988 Duvall et a!.
`9/1989 Kish et a!.
`5/1990 Stimac et a!.
`5/1990 Bealkowski et a!.
`7/1992 Jensen
`3/1993 Bealkowski et a!.
`5/1993 Franzmeier
`10/1993 Melo
`* 11/1993 Rawson et a!. ............. 719/326
`
`5,301,287 A
`5,361,340 A
`5,388,242 A
`5,459,867 A
`5,459,869 A
`5,675,762 A
`5,696,970 A
`5,758,124 A
`5,844,986 A
`
`4/1994 Herrell et a!.
`11/1994 Kelly et a!.
`2/1995 Jewett
`10/1995 Adams eta!.
`10/1995 Spilo
`10/1997 Bodin eta!.
`12/1997 Sandage et a!.
`5/1998 Ogata et a!.
`* 12/1998 Davis ......................... 713/187
`
`OTHER PUBLICATIONS
`
`"Interface Synthesis for Embedded Applications in a CoDe(cid:173)
`sign Environment," BASU et al. IEEE 1997, p. 85-90.
`
`* cited by examiner
`
`Primary Examiner-Justin T. Darrow
`
`(57)
`
`ABSTRACT
`
`In accordance with one aspect of the current invention, the
`system comprises a memory for storing instruction
`sequences by which the processor-based system is
`processed, where the memory includes a physical memory
`and a virtual memory. The system also comprises a proces(cid:173)
`sor for executing the stored instruction sequences. The
`stored instruction sequences include process acts to cause
`the processor to: map a plurality of predetermined instruc(cid:173)
`tion sequences from the physical memory to the virtual
`memory, determine an offset to one of the plurality of
`predetermined instruction sequences in the virtual memory,
`receive an instruction to execute the one of the plurality of
`predetermined instruction sequences, transfer control to the
`one of the plurality of predetermined instruction sequences,
`and process the one of the plurality of predetermined
`instruction sequences from the virtual memory. In accor(cid:173)
`dance with another aspect of the present invention, the
`system includes an access driver to generate a service
`request to utilize BIOS services such that the service request
`contains a service request signature created using a private
`key in a cryptographic key pair. The system also includes an
`interface to verify the service request signature using a
`public key in the cryptographic key pair to ensure integrity
`of the service request.
`
`15 Claims, 19 Drawing Sheets
`
`1
`
`EX 1001
`IPR of Pat. No. 6,892,304
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 1 of 19
`
`US 6,892,304 Bl
`
`FIG. I
`
`52
`
`r
`
`54
`
`r
`
`56
`
`/"__
`
`,..-so
`r--------------------~-------,
`1 WEBSITE(S)
`1
`I
`1
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`L - - - - ~--------- ---------- ____ ...J
`
`REGISTRATION
`WEBSITE
`
`PRIMARY
`WEBSITE
`
`SECONDARY
`WEBSITE(S)
`
`r26t
`
`,r20
`
`r26M
`
`INFO
`SERVICE
`COMPUTER 1
`
`• • •
`
`INFO
`SERVICE
`COMPUTER M
`
`r24
`-......
`~
`.........
`DATABASE
`,.....,.
`"""
`
`I
`
`SERVER(S)
`
`r22
`
`t
`
`USER
`COMPUTER 1
`
`30t
`
`30N
`
`. . .
`
`t
`
`USER
`COMPUTER N
`
`/4
`
`!04
`
`\~y4o1
`
`}mn''i'';m\
`
`I I \ I
`,
`1
`
`-
`-
`
`-
`-
`
`2
`
`

`

`FIG.2
`
`100\
`
`~190
`
`6 194
`!,:sHI ..
`
`M
`
`,.~
`
`4
`
`(
`
`'
`
`~l
`- rt40- --: Lt32- ,-136i
`_L172
`VIDEO
`VIDEO 1---
`VIDEO
`I EXPANSION BUS
`~
`BIOS
`CONTROLLER
`MEt.fORY I
`CONTROLLER
`-------------.--~
`'-144
`L148
`DISPLAY
`SCREEN
`
`..
`. ~
`
`128
`
`'
`
`•
`
`~ ..
`
`1 7 5---=::::,.
`176-
`180
`184
`I ~oul I rfAsH I
`
`CPU
`104
`~ "'
`~ ,..
`
`BUS
`~-,. CONTROLLER
`,..
`112
`
`t.fE~ORY
`CONTROLLER
`116
`
`...-
`
`1io
`
`•
`..
`
`SYSTEM
`MEMORY
`124
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`~
`~
`'-<
`"""" ~=
`N c c
`
`Ul
`
`'JJ. =-~
`
`~
`N
`0 ......,
`""""
`'0
`
`e
`
`rJ'l
`0'1
`Oo
`\0
`N
`~
`Q
`~
`~
`1--"
`
`~
`
`.
`
`.,. _L152
`t.fASS
`STORAGE
`
`.
`
`rt56
`COM~UNICATION
`INTERFACE
`
`..
`,..
`"'
`..
`. "£168,
`. "L' 68N
`... 1/0
`1/0
`DEVICE
`
`DEVICE
`
`~~
`
`(
`
`NETWORK
`164
`
`J..~
`EXPANSION
`t.fE~ORY
`188
`
`3
`
`

`

`SERVER 22
`
`60-- CONTENT MODULE
`1 INITIAL CONTENT J
`1SUBSEO. CONTENT1
`
`62
`
`64
`
`A2
`
`MASS
`STORAGE
`DEVICE
`
`152
`-
`
`COPY OF INITIAL
`START-UP
`APPLICATION
`
`A3
`
`Al
`
`COPY OF INITIAL
`CONTENT
`APPLICATION 1
`
`APPLICA liON N
`DRIVER 1
`
`DRIVER M
`PAYLOAD 1
`
`PAYLOAD L
`
`. .
`. . .
`. .
`
`62a
`
`62b
`
`62c
`
`.,
`I
`I
`I
`IA4
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`L__
`
`SIGN
`
`I CONTENT I
`
`I
`I
`
`KEYS
`
`I
`
`NON-VOLATILE MEMORY
`SYSTEM FORMWARE
`SYSTEM BIOS
`I RAPI
`
`KEYS
`
`INITIAL START -UP APPLICATION
`SUBSEO.
`INITIAL
`88;;
`PAYLOAD PAYLOAD
`________ _j 8B1b
`CRYPTO
`92 ENGINE
`
`FIG.3
`
`/175
`I
`
`- -t76
`
`82
`
`84
`
`-86
`
`i-90
`
`I DISPLAY L
`
`ENGINE
`
`I
`
`94
`
`DISPLAY
`SCREEN
`148
`
`tOO
`-
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`~
`~
`'-<
`"""" ~=
`N c c
`
`Ul
`
`'JJ. =(cid:173)~
`~ .....
`
`~
`0 ......,
`""""
`'0
`
`e
`rJ'l
`-..a-..
`00
`\0
`N
`~
`Q
`~
`~
`1--"
`
`4
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 4 of 19
`
`US 6,892,304 Bl
`
`r 232
`
`APPLICATION
`PROGRAMS
`
`t
`
`OPERATING
`SYSTEM
`230
`-
`
`r 234
`
`SERVICES
`
`t
`
`r240
`CLASS DRIVER
`
`,242
`1/0 MANAGER
`
`,244
`
`KERNEL
`ACCESS 1--- -246
`DRIVER
`
`r236
`
`100/
`
`BIOS
`
`I
`
`,248
`I
`r-250
`l PHYSICAL MEMORY AND 1/0 I
`
`BIOS
`
`INTERFACE
`
`,-238
`
`SYSTEM HARDWARE
`
`FIG.4
`
`5
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 5 of 19
`
`US 6,892,304 Bl
`
`,- 250
`PHYSICAL MEMORY
`
`VIRTUAL IAEIAORY
`
`BIOS DATA
`AREA
`
`{ /
`
`:::~
`
`BIOS DATA
`AREA
`
`.-..
`264
`
`~
`
`~
`
`BIOS
`SHADOW
`AREA
`270
`
`~~
`
`:::~
`
`/
`DIRECTORY _ "' 272
`
`BIOS SERVICE
`
`BIOS FUNCTION
`
`.. ~
`T
`
`~ h
`
`T
`
`BIOS SERVICE
`DIRECTORY
`
`BIOS F'UNCTION
`
`BIOS
`SHADOW
`AREA
`260
`
`J
`
`~:::
`
`::::=::
`
`FIG. 5
`
`6
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 6 of 19
`
`US 6,892,304 Bl
`
`INITIALIZATION PROCESS
`
`START
`
`r
`
`1600
`
`r_ 610
`
`INITIALIZATION OF CALLING PROGRAM VARIABLES
`
`,
`LOAD ACCESS DRIVER; INITIALIZE ACCESS DRIVER
`VARIABLES
`
`r620
`
`POINTER INITIALIZATION
`
`r630
`
`l
`
`r640
`
`END INITIALIZATION
`
`r
`
`RETURN
`
`FIG. 6A
`
`7
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 7 of 19
`
`US 6,892,304 Bl
`
`INITIALIZATION OF CALLING PROGRAM
`
`START
`
`CALLING PROGRAM ALLOCATES MEMORY FOR A
`SPECIFIED MEMORY STRUCTURE
`IN THE SYSTEM
`BUFFER
`
`r-612
`
`1
`
`r 614
`
`CALLING PROGRAM DETERMINES LOCATION OF A
`NUMBER OF BIOS SERVICES, THEIR CORRESPONDING
`ENTRY POINTS, AND OFFSETS.
`
`RETURN
`
`FIG. 68
`
`8
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 8 of 19
`
`US 6,892,304 Bl
`
`POINTER INITIALIZATION PROCESS
`
`START
`
`rB32
`
`CALLING APPLICATION MAKES A CALL TO
`IOCTL LOCATE
`
`r-634
`
`ACCESS DRIVER RETURNS THE FOLLOWING DATA:
`
`1. THE BIOS SHADOW AREA BASE VIRTUAL ADDRESS
`
`2. THE BIOS SERVICE DIRECTORY VIRTUAL ADDRESS
`(OFFSET)
`
`3. THE BIOS DATA AREA. BASE VIRTUAL ADDRESS
`
`RETURN
`
`FIG. 6C
`
`9
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 9 of 19
`
`US 6,892,304 Bl
`
`EXECUTION PROCESS
`
`START
`
`1700
`
`1 7to
`CALLING PROGRAM CALLS A BIOS FUNCTION BY
`SPECIFYING THE ADDRESS OF THE BIOS FUNCTION
`WANTS TO BEGIN EXECUTION AT
`
`IT
`
`RECEIVES ACCESS DRIVER DISPATCH CALL TO BIOS
`FUNCTION VIA IOCTL COMMAND FROM 1/0
`MANAGER
`
`,-720
`
`CONDUCT RANGE CHECK AT ENTRY POINT ADDRESS
`
`r 730
`
`EXECUTE BIOS FUNCTION
`
`,- 740
`
`RETURN TO
`CALLING PROGRAM
`
`FIG. 7A
`
`10
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 10 of 19
`
`US 6,892,304 Bl
`
`START
`
`r742
`
`CREATE REGISTER STACK
`
`IN SYSTEM BUFFER
`
`IN REGISTER STACK WHICH
`POINTS TO LOCATION
`HOLDS ADDRESS OF THE BIOS FUNCTION TO BE
`EXECUTED
`
`r744
`
`CALL FUNCTION USING PHYSICAL ADDRESS IN VIRTUAL
`MEMORY
`
`L746
`
`RETURN)
`
`FIG. 78
`
`11
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 11 of 19
`
`US 6,892,304 Bl
`
`r 1510
`
`APPLICATION
`PROGRAMS
`
`SERVICES
`
`,tsos
`
`OPERATING SYSTEM
`,.--------~.r__,' 530
`CLASS DRIVER
`
`r1535
`.-------L.----'---,
`1/0 MANAGER
`
`r1540
`.---------L------'---,
`KERNEL
`..-------.
`ACCESS
`DRIVER
`
`/1550
`,.-------L----'--,
`RAP I
`
`rt520
`
`BIOS
`
`J
`1500
`
`PHYSICAL MEMORY
`AND 1/0
`
`( .1525
`
`SYSTEM HARDWARE
`
`FIG.B
`
`12
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 12 of 19
`
`US 6,892,304 Bl
`
`F/G.9
`
`ACCESS DRIVER
`
`t 545
`
`RAP! 1550
`
`1605
`GENERATING A SESSION REQUEST
`TO EST A BLISH A SESSION WITH RAP I
`
`I
`I
`1
`I
`1610
`I
`SENDING THE SESSION REQUEST
`TO RAPI TO ESTABLISH A SESSION~---:---:-:-----.....,
`I
`WITH RAPI
`I
`I
`I
`I
`I
`I
`I
`SENDING THE NEW AUTHORITY
`1
`I CERTIFICATE TO ACCESS DRIVER
`
`1630
`UPDATING THE CURRENT AUTHORITY
`CERTIFICATE WITH THE NEW
`AUTHORITY CERTIFICATE
`
`GENERATING A SERVICE REQUEST
`TO INVOKE A SERVICE FROM RAPI
`
`UPDATING THE CURRENT AUTHORITY
`CERTIFICATE WITH THE NEW
`AUTHORITY CERTIFICATE
`1670
`GENERATING A SIGNED SESSION
`REQUEST TO END THE CURRENT
`SESSION WITH RAPI
`
`1675
`SENDING THE SIGNED SESSION
`REQUEST TO RAPI TO END THE
`CURRENT SESSION
`
`1695
`UPDATING THE CURRENT AUTHORITY
`CERTIFICATE WITH THE NEW
`AUTHORITY CERTIFICATE FOR THE
`NEXT SESSION
`
`1700
`
`FINISHED
`
`SENDING THE NEW AUTHORITY
`CERTIF"ICATE TO ACCESS DRIVER
`
`13
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 13 of 19
`
`US 6,892,304 Bl
`
`FIG 10
`
`•
`
`START
`
`INSERTING A SESSION OPERATION
`CODE INTO A SESSION REQUEST
`
`r 1705
`
`I
`
`r 1710
`
`INSERTING A LIST OF PARAMETERS
`INTO THE SESSION REQUEST
`
`r 1715
`CONSTRUCTING A SESSION MESSAGE THAT
`INCLUDES THE SESSION OPERATION
`CODE AND THE LIST OF PARAMETERS
`
`GENERATING A HASH VALUE FOR
`THE SESSION MESSAGE
`
`r 1720
`
`r 1725
`GENERATING A SESSION REQUEST SIGNATURE
`USING THE COMPUTED HASH VALUE AND A
`PRIVATE KEY STORED
`IN AN AUTHORITY
`CERTIFICATE
`
`INSERTING THE DIGITAL SIGNATURE
`INTO THE SESSION REQUEST
`
`r 1730
`
`END
`
`14
`
`

`

`U.S. Patent
`
`May 10, 2005
`
`Sheet 14 of 19
`
`US 6,892,304 Bl
`
`805
`;
`
`PUBLIC
`KEY
`
`810
`;
`
`PRIVATE
`KEY
`
`~BOO
`
`815
`)
`
`CERTIFICATE
`SIGNATURE
`
`• • •
`
`FIG. II
`
`905
`;
`SESSION
`OPERATION
`CODE
`
`910
`;
`
`PARAMETERS
`LIST
`
`915
`;
`SESSION
`REQUEST
`SIGNATURE
`
`~900
`
`• • •
`
`FIG. 12
`
`1005
`;
`SERVICE
`OPERATION
`CODE
`
`1010
`;
`
`PARAMETERS
`LIST
`
`1015
`;
`SERVICE
`REQUEST
`SIGNATURE
`
`~1000
`
`• • •
`
`FIG. 13
`
`15
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 15 of 19
`
`US 6,892,304 Bl
`
`.FIG. 14
`
`START
`
`CONSTRUCTING A MESSAGE FROM SESSION
`OPERATION CODE ·AND LIST OF PARAMETERS .
`IN SESSION REQUEST
`
`1105
`
`COMPUTING A HASH FOR MESSAGE
`CONSTRUCTED IN BLOCK
`
`DECRYPTING SESSION REQUEST SIGNATURE
`EXTRACTED FROM SESSION REQUEST
`
`1105
`
`1115
`
`NO
`
`DOES
`COMPUTED HASH VALUE
`
`DECRYPTED SESSION
`REQUEST SIGNATURE
`? •
`
`YES
`
`1125
`
`STARTING A SESSION
`
`END
`
`16
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 16 of 19
`
`US 6,892,304 Bl
`
`FIG. 15
`
`START
`
`INSERTING A SERVICE OPERATION
`CODE
`INTO A SERVICE REQUEST
`
`,-t 205
`
`r_, 210
`
`INSERTING A LIST OF PARAMETERS
`INTO THE SERVICE REQUEST
`
`,-1 215
`r
`INCLUDES
`CONSTRUCTING A MESSAGE THAT
`THE SESSION OPERATION CODE AND THE
`LIST OF PARAMETERS
`
`GENERATING A HASH VALUE FOR THE
`CONSTRUCTED MESSAGE
`
`,-1 220
`
`,-1 225
`
`GENERATING A DIGITAL SIGNATURE
`USING THE COMPUTED HASH VALUE AND
`A PRIVATE KEY STORED IN AN AUTHORITY
`CERTIFICATE
`
`INSERTING THE DIGITAL SIGNATURE
`INTO THE SERVICE REQUEST
`
`,-t 230
`
`END
`
`17
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 17 of 19
`
`US 6,892,304 Bl
`
`FIG. 16
`
`START
`
`CONSTRUCTING A MESSAGE FROM SERVICE
`OPERATION CODE AND LIST OF PARAMETERS
`IN SERVICE REQUEST
`
`COMPUTING A HASH FOR MESSAGE
`CONSTRUCTED. IN BLOCK
`
`DECRYPTING SERVICE REQUEST SIGNATURE
`EXTRACTED FROM SERVICE REQUEST
`
`1305
`
`1305
`
`1315
`
`NO
`
`DOES
`COMPUTED HASH VALUE
`=
`DECRYPTED SERVICE
`REQUEST SIGNATURE
`? .
`
`PERFORMING REQUESTED SERVICE"
`
`1325
`
`END
`
`18
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 18 of 19
`
`US 6,892,304 Bl
`
`FIG. 17
`
`START
`
`CONSTRUCTING A MESSAGE FROM SESSION
`OPERATION CODE AND LIST OF PARAMETERS
`IN SESSION REQUEST
`
`COMPUTING A HASH FOR MESSAGE
`CONSTRUCTED IN BLOCK
`
`DECRYPTING SESSION SIGNATURE
`EXTRACTED FROM SESSION REQUEST
`
`1405
`
`1405
`
`1415
`
`NO
`
`DOES
`COMPUTED HASH VALUE
`
`DECRYPTED SESSION
`REQUEST SIGNATURE
`?
`
`YES
`
`1425
`
`TERMINATING A SESSION
`
`END
`
`19
`
`

`

`U.S. Patent
`
`May 10,2005
`
`Sheet 19 of 19
`
`US 6,892,304 Bl
`
`FIG. 18
`
`START
`
`OBTAINING FROM A CRYPTOGRAPHIC
`ENGINE A NEW KEY PAIR, INCLUDING A
`NEW PUBLIC KEY AND A NEW PRIVATE KEY
`
`r2 505
`
`_c_2 510
`
`INSERTING THE NEW PUBLIC KEY INTO
`THE AUTHORITY CERTIFICATE
`
`INSERTING THE NEW PRIVATE KEY
`THE AUTHORITY CERTIF"ICATE
`
`r2 515
`INTO
`
`r2 520
`CONSTRUCTING A CERTIFICATE MESSAGE
`THAT INCLUDES THE NEW PUBLIC KEY
`AND THE NEW PRIVATE KEY
`
`_e_2 525
`COMPUTING A HASH VALUE FOR THE
`CONSTRUCTED MESSAGE
`
`GENERATING A DIGITAL SIGNATURE
`USING THE COMPUTED HASH VALUE
`AND THE NEW PRIVATE KEY
`
`INSERTING THE DIGITAL SIGNATURE
`INTO THE AUTHORITY CERTIFICATE
`
`_e_2 530
`
`,-2 535
`
`END
`
`20
`
`

`

`US 6,892,304 Bl
`
`1
`SYSTEM AND METHOD FOR SECURELY
`UTILIZING BASIC INPUT AND OUTPUT
`SYSTEM (BIOS) SERVICES
`
`RELATED APPLICATION
`
`This application is a division of Ser. No. 09/336,889 filed
`Jun. 18, 1999 now U.S. Pat. No. 6,148,387 which is
`Continuation-In-Part of U.S. patent application Ser. No.
`08/947,990 filed on Oct. 9, 1997 now abandoned.
`
`BACKGROUND OF THE INVENTION
`
`5
`
`2
`part of an Operating System (OS), which allows the Central
`Processing Unit (CPU) to perform tasks such as
`initialization, diagnostics, loading the operating system ker(cid:173)
`nel from mass storage, and routine input/output ("110")
`functions. Upon power up, the CPU will "boot up" by
`fetching the instruction code residing in the BIOS. Without
`any security protection, the BIOS is vulnerable to attacks
`through capturing and replaying of service requests to
`invoke functions provided by the BIOS. These attacks may
`10 corrupt the BIOS and disable the computer system.
`Accordingly, there is also need to provide a system and
`method to verify the integrity of service requests to access
`or modify data in the BIOS and to enforce proper authori(cid:173)
`zation limits of those remote request messages.
`
`1. Field of the Invention
`The present invention relates to a system and method for
`securely utilizing Basic Input and Output System (BIOS) 15
`services.
`2. Description of the Related Art
`In virtual memory subsystems, "virtual" memory address(cid:173)
`ing is employed in which the memory addresses utilized in
`software programs are mapped indirectly to locations in 20
`physical memory. Translation to physical addresses is typi(cid:173)
`cally accomplished by the processor, and such physical
`addresses are inaccessible to user mode software and the
`Basic Input/Output System (BIOS).
`One example of such virtual memory subsystems is that
`used by Windows NT, which is manufactured and marketed
`by Microsoft, Inc. In particular, Windows NT incorporates a
`demand-paged virtual memory subsystem. The memory
`address space provided to a program running on the Win-
`dows NT operating system is safeguarded from other user
`mode programs just as other programs are protected from it.
`This ensures that user mode services and applications will
`not write over each other's memory, or execute each other's
`instructions. Kernel mode services and applications are
`protected in a similar way. If an attempt to access memory
`outside of a program's allocated virtual space occurs, the
`program is terminated and the user is notified. Virtual
`memory subsystems also prevent direct access by user mode
`software to physical memory addresses and to input/output
`devices that are part of a computer system.
`There is an increasing trend towards the use of input/
`output devices on a computer system which are capable of
`executing operating systems using virtual memory sub(cid:173)
`systems. In such systems, there is no means for accessing 45
`memory outside of a program's virtual memory space, such
`as BIOS functions. One approach to this problem is to install
`a device driver which reads a file containing instructions for
`a device. The driver reads the file and writes (or downloads)
`these instructions into the device's memory. However, this 50
`type of device driver permits only limited addressing capa(cid:173)
`bility for memory and input/output operations. In addition,
`it does not allow execution of the system's processor
`instructions in physical memory space.
`Accordingly, there is a need in the technology for a 55
`system and method for accessing and executing the contents
`of physical memory from a virtual memory subsystem,
`which facilitates increased addressing capability for
`memory and input/output operations, and which also allows
`execution of processor instructions directly from physical 60
`memory.
`Furthermore, data stored on computer systems or plat(cid:173)
`forms can be updated or configured. In certain cases, the data
`is extremely sensitive. A good example of configurable
`sensitive data is the Basic Input and Output System (BIOS)
`of a computer system. Typically stored in some form of
`non-volatile memory, the BIOS is machine code, usually
`
`SUMMARY OF THE INVENTION
`
`The present invention provides a system and method for
`securely utilizing Basic Input and Output System (BIOS)
`services.
`In accordance with one aspect of the current invention, the
`system comprises a memory for storing instruction
`sequences by which the processor-based system is
`processed, where the memory includes a physical memory
`and a virtual memory. The system also comprises a proces(cid:173)
`sor for executing the stored instruction sequences. The
`stored instruction sequences include process acts to cause
`the processor to: map a plurality of predetermined instruc(cid:173)
`tion sequences from the physical memory to the virtual
`memory, determine an offset to one of the plurality of
`predetermined instruction sequences in the virtual memory,
`receive an instruction to execute the one of the plurality of
`predetermined instruction sequences, transfer control to the
`one of the plurality of predetermined instruction sequences,
`and process the one of the plurality of predetermined
`instruction sequences from the virtual memory.
`Another aspect of the system includes an access driver to
`generate a service request to utilize BIOS services such that
`the service request contains a service request signature
`created using a private key in a cryptographic key pair. The
`system also includes an interface to verify the service
`request signature using a public key in the cryptographic key
`pair to ensure integrity of the service request.
`
`25
`
`30
`
`35
`
`40
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a system block diagram of one embodiment of
`an information distribution system in which the and method
`of the invention is used.
`FIG. 2 illustrates an exemplary processor system or user
`computer system which implements embodiments of the
`present invention.
`FIG. 3 illustrates a diagram of one embodiment of the
`computer system of FIG. 2, in which the system and method
`of invention is used.
`FIG. 4 is an overall functional block diagram illustrating
`the architecture of an operating system which utilizes the
`system and method of the present invention.
`FIG. 5 is a block diagram illustrating the access driver 46
`initialization process as provided in accordance with the
`principles of the present invention.
`FIG. 6Ais a flowchart illustrating one embodiment of the
`initialization process of the present invention.
`FIG. 6B is a flowchart illustrating the details of process
`65 block 610 of FIG. 6A.
`FIG. 6C is a flowchart illustrating the details of process
`block 630 of FIG. 6A.
`
`21
`
`

`

`US 6,892,304 Bl
`
`4
`System Overview
`
`3
`FIG. 7A is a flowchart illustrating the execution process
`of the present invention.
`FIG. 7B is a flowchart illustrating the details of process
`block 640 of FIG. 7A.
`FIG. 8 is another overall functional block diagram illus-
`trating the architecture of an operating system which utilizes
`the system and method of the present invention.
`FIG. 9 shows an illustrative sequence of interactive
`sequence between two system components in accordance
`with one embodiment of the current invention.
`FIG. 10 outlines the generation of a session request in
`accordance with one embodiment of the current invention.
`FIG. 11 shows an authority certificate in accordance with
`one embodiment of the current invention.
`FIG. 12 shows a session request in accordance with one
`embodiment of the current invention.
`FIG. 13 shows a service request in accordance with one
`embodiment of the current invention.
`FIG. 14 outlines the acts required to establish a work
`session in accordance with one embodiment of the current
`invention.
`FIG. 15 outlines the generation of a service request in
`accordance with one embodiment of the current invention.
`FIG. 16 shows the acts required in processing of a service
`request in accordance with one embodiment of the current
`invention.
`FIG. 17 shows the acts involved in ending the current
`work session in accordance with one embodiment of the
`current invention.
`FIG. 18 shows the process of generating an authority
`certificate in accordance with one embodiment of the current
`invention.
`
`DETAILED DESCRIPTION OF 1HE
`PREFERRED INVENTION
`
`5
`
`10
`
`A description of an exemplary system, which incorporates
`embodiments of the present invention, is hereinafter
`described.
`FIG. 1 shows a system block diagram of one embodiment
`of an information distribution system 10 in which the system
`and method of the invention is used. The system 10 relates
`to providing an infomediary. It involves the construction and
`maintenance of a secure and private repository of Internet
`user and system profiles, collected primarily from warranty
`service registrations, Internet service registrations, system
`profiles, and user preferences. Initially, this information is
`used to register the user with the manufacturers of purchased
`15 hardware and software products, and with the providers of
`on-line or other services. Over time, the user data is used to
`create a user profile and notify users of relevant software
`updates and upgrades, to encourage on-line purchases of
`related products, and to enable one-to-one customized mar-
`20 keting and other services.
`In one embodiment, two software modules are used to
`implement various embodiments of the invention. One is
`resident on a user's system, and is used to access a prede(cid:173)
`termined web site. For example, in one embodiment, the
`25 operating system and Basic Input and Output System
`(BIOS) are pre-installed on a computer system, and when
`the computer system is subsequently first powered up, an
`application, referred to for discussion purposes as the first
`software module (in one embodiment, the first software
`30 module is the initial start-up application (ISUA), which will
`be described in the following sections), will allow the
`launching of one or more executable programs in the pre(cid:173)
`boot environment. In one embodiment, the first software
`module facilitates the launching of one or more executable
`35 programs prior to the loading, booting, execution and/or
`running of the OS. In one embodiment, the user is encour(cid:173)
`aged to select the use of such a program (i.e., the use of the
`first software module), and in alternative embodiments, the
`program is automatically launched. The program(s) con-
`40 tained in the first software module enables tools and utilities
`to run at an appropriate time, and with proper user
`authorization, also allow the user to download a second
`software module that includes drivers, applications and
`additional payloads through the Internet connection on the
`PC. The programs may also provide for remote management
`of the system if the OS fails to launch successfully.
`Once the second software module has been delivered, it
`may become memory resident, and may disable the trans(cid:173)
`ferred copy of the first software module. The original copy
`of the first software module still residing in the system's
`non-volatile memory remains idle until the second software
`module fails to function, becomes corrupted or is deleted,
`upon which a copy of the original first software module is
`again transferred as described above. The second software
`module may include an application that connects the user to
`a specific server on the Internet and directs the user to a
`predetermined web site to seek authorization to down load
`further subscription material. The second software module
`may also include content that is the same or similar to the
`content of the first software module.
`In one embodiment, the system may also include an initial
`payload that is stored in Read Only Memory BIOS (ROM
`BIOS). In one embodiment, the initial payload is part of the
`first software module (e.g., the ISUA). In an alternative
`embodiment, the initial payload is stored as a module in
`ROM BIOS, separate from the first software module. In one
`embodiment, the initial payload is launched from ROM
`
`Definitions
`As discussed herein, a "computer system" is a product
`including circuitry capable of processing data. The computer
`system may include, but is not limited to, general purpose
`computer systems (e.g., server, laptop, desktop, palmtop,
`personal electronic devices, etc.), personal computers (PCs),
`hard copy equipment (e.g., printer, plotter, fax machine,
`etc.), banking equipment (e.g., an automated teller machine), 45
`and the like. An infomediary is a web site that provides
`information on behalf of producers of goods and services,
`supplying relevant information to businesses about products
`and/or services offered by suppliers and other businesses.
`Content refers to application programs, driver programs, 50
`utility programs, the payload, etc., and combinations
`thereof, as well as graphics, informational material (such as
`articles, stock quotes, etc.) and the like, either singly or in
`any combination. In addition, a "communication link" refers
`to the medium or channel of communication. The commu- 55
`nication link may include, but is not limited to, a telephone
`line, a modem connection, an Internet connection, an Inte(cid:173)
`grated Services Digital Network ("ISDN") connection, an
`Asynchronous Transfer Mode (ATM) connection, a frame
`relay connection, an Ethernet connection, a coaxial 60
`connection, a fiber optic connection, satellite connections
`(e.g. Digital Satellite Services, etc.), wireless connections,
`radio frequency (RF) links, electromagnetic links, two way
`paging connections, etc., and combinations thereof. Power
`On Self Test (POST) refers to the instructions that are 65
`executed to configure and test the system hardware prior to
`loading an OS.
`
`22
`
`

`

`US 6,892,304 Bl
`
`5
`BIOS and displayed on the screen after the Power On Self
`Test (POST) but prior to the booting, loading and/or execu(cid:173)
`tion of the OS. This may occur at a predetermined time, such
`as when the system is being manufactured, assembled and
`tested, or when the end user first activates the system. In an 5
`alternate embodiment, this initial payload is copied to a
`predetermined location (such as the system's hard disk) at a
`predetermined time, such as when the system is being
`manufactured, assembled and tested, or when the end user
`first activates the system.
`Once copied, the payload executes after POST but prior to
`operation of the OS, and may display graphics,
`advertisements, animation, Joint Photographic Experts
`Group (JPEG)/Moving Picture Experts Group (MPEG) for(cid:173)
`matted material on the screen. When additional programs 15
`and/or payloads are delivered (via the Internet or other
`outside connection), the display screen may be used to
`provide customized screens in the form of messages or
`graphics prior to and during booting of the OS. In addition,
`executable programs delivered in the first software module, 20
`as well as subsequent programs (such as the second software
`module) downloaded from the web site, may be used to
`survey the PC to determine various types of devices, drivers,
`and applications installed. In one embodiment, as described
`in co-pending U.S. patent application Ser. No. 09/336,289, 25
`entitled "Method and Apparatus for Automatically Installing
`And Configuring Software on a Computer", filed Jun. 18,
`1999, assigned to Phoenix Technologies Ltd., the contents of
`which are incorporated herein by reference, the first software
`module is used to identify and to automatically create 30
`shortcuts and/or bookmarks for the user. The programs
`downloaded from the website may include software that
`collects and maintains a user profile based on the user's
`preferences. Such information may be provided to the
`infomediary, which subsequently forwards portions of the 35
`information and/or compiled data based on the information
`to suppliers and other businesses to obtain updates or
`revisions of information provided by the suppliers and other
`businesses.
`Referring to FIG. 1, the information distribution system 40
`10 comprises a service center 20 that is connected over one
`or more communications links 30c30N to one or more user
`computer systems 401-40N ("40"). The service center 20
`includes one or more servers 22, one or more databases 24,
`and one or more computers 26c26M. The one or more 45
`computers 26c26M are capable of simultaneous access by a
`plurality of the user computer systems 401-40N. If a plurality
`of computers are used, then the computers 26 1-26M may be
`connected by a local area network (LAN) or any other
`similar connection technology. However, it is also possible 50
`for the service center 20 to have other configurations. For
`example, a smaller number of larger computers (i.e. a few
`mainframe, mini, etc. computers) with a number of internal
`programs or processes running on the larger computers
`capable of establishing communications links to the user 55
`computers.
`The service center 20 may also be connected to a remote
`network 50 (e.g., the Internet) or a remote site (e.g., a
`satellite, which is not shown in FIG. 1). The remote network
`50 or remote site allows the service center 20 to provide a 60
`wider variety of computer software, content, etc. that could
`be stored at the service center 20. The one or more databases
`24 connected to the service center computer(s), e.g., com(cid:173)
`puter 26 1 , are used to store database entries consisting of
`computer software available on the computer(s) 26. In one
`embodiment, each user computer 401-40N has its own
`secure database (not shown), that is not accessible by any
`
`6
`other computer. The communication links 301-30N allow the
`one or more user computer systems 401-40N to simulta(cid:173)
`neously connect to the computer(s) 26 1-26M. The connec(cid:173)
`tions are managed by the server 22.
`After a user computer system 40 establishes two-way
`communications with the information service computer 26,
`the content is sent to the user computer system 40 in a
`manner hereinafter described. The downloaded content
`includes an application that surveys the user and/or the user
`10 computer system's hardware and/or software to develop a
`user profile as well as a profile of the user's system. The
`information gathered from the user and/or user's computer
`system is subsequently provided to the service center 20,
`which provides additional content to the user computer 40
`based on the user and system profile. The database entries
`from the database connected to the service computer 26
`contain information about computer software, hardware, and
`third party services and products that are available to a user.
`Based on the user and/or system profile, the content is
`further sent to the user computer for display. The content
`may also include a summary of information such as the
`availability of patches and fixes for existing computer
`software, new versions of existing computer software, brand
`new computer software,