`Davis
`
`US005844986A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,844,986
`Dec. 1, 1998
`
`[54] SECURE BIOS
`
`[75] Inventor: Derek L. Davis, Phoenix, AriZ.
`
`[73] AssigneeZ Intel Corporation, Santa Clara, Calif'
`
`[21] APPI- NO-I 724,176
`
`[22] Filed:
`
`Sep. 30, 1996
`
`Int. Cl.6 ...................................................... .. H04L 9/00
`[51]
`[52] US. Cl. ................................................. .. 380/4; 380/25
`[58] Field of Search .................................. .. 380/23, 25, 3,
`380/4, 49
`
`[56]
`
`_
`References Clted
`Us PATENT DOCUMENTS
`
`6/1991 Bealkowski et a1- -
`5,022,077
`9/1992 J°neS~
`571447659
`2/1994 Jones ......................................... .. 380/4
`5,289,540
`5,359,659 10/1994 Rosenthal.
`5,377,264 12/1994 Lee et a1. .
`5,386,469
`1/1996 Yearsley et a1. .......................... .. 380/3
`5,421,006
`5/1996 Jablon .
`
`8/1995 Chang ..................................... .. 380/23
`5,444,850
`9/1995 Ostrover et a1. .
`5,450,489
`5,465,299 11/1995 Matsllmoto 61 ‘IL -
`5,479,509 12/1995 Ugon .
`5,568,552 10/1996 Davis ........................................ .. 380/4
`5,584,023 12/1996 Hsu.
`5,644,636
`7/1997 Fernandez ................................. .. 380/4
`5,666,411
`9/1997 McCarty .
`
`_
`_
`_
`_
`Primary Exammer—Dav1d Cain
`Attorney, Agent, or Firm—Blakely, Sokoloff, Taylor &
`Zafman
`
`[57]
`
`ABSTRACT
`
`A subsystem prevents unauthorized modi?cation of BIOS
`program code embedded in modi?able non-volatile memory
`devices' such as ?ash memory. A cryptographic coprocessor
`containing the BIOS memory device performs authentica
`tion and validation on the BIOS upgrade based on a public/
`private key protocol. The authentication is performed by
`Verifying the digital Signature embedded in the BIOS
`
`upgrade‘
`
`43 Claims, 3 Drawing Sheets
`
`COMPUTER SYSTEM
`10
`4/
`
`30
`(
`HOST PROCESSOR
`
`( 31
`
`(32
`
`"CHIPSET"
`
`SYSTEM MEMORY
`
`SYSTEM BUS 33 \
`
`< 40
`
`( 42
`
`BUS INTERFACE
`
`( 41
`
`PROCESSING UNIT
`
`NONNOLATILE
`MEMORY
`
`( 43
`
`BIOS PROGRAM
`
`CRYPTOGRAPHIC COPROCESSOR g
`
`1
`
`EX 1004
`IPR of Pat. No. 6,892,304
`
`
`
`U.S. Patent
`
`Dec. 1, 1998
`
`Sheet 1 0f 3
`
`5,844,986
`
`COMPUTER SYSTEM
`10
`4/
`
`3O
`(
`HOST PROOEssOR
`
`( 31
`
`(32
`
`"CHIPSET"
`
`SYSTEM MEMORY
`
`SYSTEM BUS 3s \
`
`( 40
`
`( 41
`
`PROCESSING UNIT
`
`( 42
`
`MEMORY
`
`( 43
`
`BIOS PROGRAM
`
`CHYPTOGRAPHIC OOPROOEssOR g
`
`FIG. 1
`
`2
`
`
`
`U.S. Patent
`
`Dec. 1,1998
`
`Sheet 2 of3
`
`5,844,986
`
`50 (
`HOST PROCESSOR ISSUES A
`READ REQUEST FOR AN
`ADDRESS CORRESPONDING
`TO THE BIOS PROGRAM
`
`I
`
`(6°
`
`CRYPTOGRAPHIC COPROCESSOR
`DETECTS A IIBIOS" ADDRESS
`AND RESPONDS WITH THE
`ASSOCIATED BIOS INSTRUCTION
`
`I
`
`(7°
`
`HOST PROCESSOR PROCESSES
`BIOS INSTRUCTION
`
`FIG. 2
`
`3
`
`
`
`U.S. Patent
`
`Dec. 1,1998
`
`Sheet 3 of3
`
`5,844,986
`
`03b
`
`03V
`
`V
`
`
`
`CE ww>
`
`m 6E
`
`81 g
`
`31 A
`
`$1 >
`
`4
`
`
`
`1
`SECURE BIOS
`
`5,844,986
`
`BACKGROUND OF THE INVENTION
`
`1 . Field of the Invention
`This invention relates to the ?eld of security of computer
`?rmware, especially in the areas of Basic Input and Output
`System (“BIOS”) in general computing systems, such as
`personal computers (“PCs”).
`2. Description of Related Art
`One of the most critical elements in a computer system is
`the boot-up ?rmWare, such as the Basic Input and Output
`System (“BIOS”). Typically stored in some form of non
`volatile memory, the BIOS is machine code, usually part of
`an Operating System (“OS”), Which alloWs the Central
`Processing Unit (“CPU”) to perform tasks such as
`initialiZation, diagnostics, loading the operating system ker
`nel from mass storage, and routine input/output (“I/O”)
`functions.
`Upon poWer up, the CPU Will “boot up” by fetching the
`instruction code residing in the BIOS. Due to its inherent
`nature, the BIOS has tWo con?icting requirements: (1) it
`should be Well protected because if it is modi?ed or
`destroyed, the entire system Will fail, (2) it should be easily
`modi?able to alloW ?eld upgrade for feature enhancement or
`removal of softWare bugs.
`Traditionally, BIOS is implemented in Erasable Program
`mable Read Only Memory (“EPROM”). EPROM has an
`advantage of not being modi?ed in circuit. To modify the
`contents of the EPROM, the device must be ?rst erased by
`being removed from the socket and exposed to Ultraviolet
`light for a prolonged period of time. In this respect, BIOS
`implemented in EPROM is resistant to virus attack and other
`electronic sabotages. HoWever, EPROM devices do not
`support “?eld upgrades” because these devices are not
`in-circuit programmable, Which is a necessary characteristic
`for ?eld upgrades. Field upgrading alloWs customers to
`upgrade the BIOS in the ?eld to avoid costly delay and parts
`exchanges. Because of the importance for ?eld upgrading,
`virtually all BIOS ?rmWare is noW implemented using ?ash
`memories. HoWever, being ?eld modi?able, BIOS ?ash
`memories are vulnerable to virus attacks Which could cause
`devastating results in sensitive applications such as ?nancial
`transactions.
`With no security protection, conventional computer archi
`tectures implemented With BIOS ?ash memories are vul
`nerable to many kinds of intrusive attacks, such as a virus
`attack. In a typical virus attack, the virus code executes a
`code sequence to modify the BIOS ?ash memory. The code
`in BIOS ?ash memory, having no protection, is corrupted
`and the destructive effects may become effective
`immediately, When the system is booted up the next time, or
`When certain conditions or events have occurred. The
`infected code may further propagate to other areas of the
`BIOS code or the operating system kernel. Because the
`BIOS is the ?rst program code to execute When the computer
`system is “poWered up”, prior to any system or netWork
`virus scanning softWare, detection and eradication of a
`BIOS-based virus is extremely difficult. The BIOS-based
`virus can “hide its tracks” from such scanning softWare,
`effectively becoming invisible.
`The primary focus of the present invention, therefore, is
`to prevent corrupting the BIOS by a computer virus. This is
`achieved by imposing an authentication and validation pro
`cedure before the contents of the BIOS ?ash memory are
`modi?ed.
`
`1O
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`2
`The approach Which is pursued in this invention builds on
`the concept of BIOS authentication by incorporating the
`BIOS ?ash memories into existing hardWare With authenti
`cating capability such as the cryptographic coprocessor.
`Since the cryptographic coprocessor both stores the BIOS
`and enforces authentication of BIOS updates, an attacker has
`no means by Which to corrupt the BIOS contents.
`
`SUMMARY OF THE INVENTION
`
`The present invention describes a system to securely
`update an executable code. The system comprises of a ?rst
`storage element for storing a code update, a second storage
`element for storing the executable code that needs to be
`updated, an identi?cation code for identifying the ?rst
`storage element and the code update, and a security proces
`sor. The security processor is coupled to the second storage
`element to authenticate and validate the ?rst storage element
`and the code update using the device identi?cation.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The features and advantages of the present invention Will
`become apparent from the folloWing detailed description of
`the present invention in Which:
`FIG. 1 is a diagram of the present invention Where the
`BIOS ?ash memory resides inside a cryptographic copro
`cessor Which may be interfaced to the PCI bus.
`FIG. 2 is a ?oWchart of the operations that occur in the
`present invention during a normal read access to the BIOS
`program by the host processor.
`FIG. 3 is a ?oWchart of the operations that occur in the
`present invention during a ?eld upgrade of the BIOS pro
`gram.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENT
`
`The present invention provides a procedure to authenti
`cate and validate a code update, such as a BIOS upgrade for
`example, using cryptographic technology. In the folloWing
`description, some terminology is used to discuss certain
`cryptographic features. A “key” is an encoding and/or
`decoding parameter used by conventional cryptographic
`algorithms such as Rivest, Shamir and Adleman (“RSA”),
`Data Encryption Algorithm (“DEA”) as speci?ed in Data
`Encryption Standard (“DES”) and the like. A “certi?cate” is
`de?ned as any digital information (typically a public key)
`associated With an entity, encrypted by a private key held by
`another entity such as a manufacturer or a Widely published
`trusted authority (e.g., bank, governmental entity, trade
`association, etc.). A “digital signature” is similar to a cer
`ti?cate but is typically used for authenticating data. Herein,
`the term “secure” indicates that it is computationally infea
`sible for an interloper to successfully perpetuate fraud on a
`system. A security processor is an electronic device capable
`of performing security functions to provide security protec
`tion for the system.
`The authentication and validation are performed by a
`security processor Which contains the BIOS ?rmWare. One
`example of such a security processor is a cryptographic
`coprocessor. The cryptographic processor authenticates and
`validates the BIOS ?rmWare by using secret information
`such as a digital signature embedded in the BIOS upgrade.
`Referring to FIG. 1, an embodiment of a computer system
`implemented Within the present invention is shoWn. The
`computer system 10 includes a chipset 31 Which operates as
`an interface to support communications betWeen host pro
`
`5
`
`
`
`3
`cessor 30, system memory 32, and devices coupled to a
`system bus 33. System memory 32 may include, but is not
`limited to conventional memory such as various types of
`random access memory (“RAM”), e.g., DRAM, VRAM,
`SRAM, etc., as Well as memory-mapped I/O devices. Sys
`tem bus 33 may be implemented in compliance With any
`type of bus architecture including Peripheral Component
`Interconnect (“PCI”), a Universal Serial Bus (“USB”) and
`the like.
`One of the devices that may be coupled to the system bus
`33 includes a cryptographic coprocessor 34. Cryptographic
`coprocessor 34 comprises a bus interface 40, a processing
`unit 41 and a local non-volatile memory 42. The bus
`interface 40 is used to establish an electrical connection to
`system bus 33. Processing unit 41 is used as the main
`controller for the cryptographic coprocessor 34. Processing
`unit 41 interfaces to its oWn local non-volatile memory 42.
`The boot-up program 43 is stored Within non-volatile
`memory 42. It is contemplated that non-essential elements
`have not been illustrated to avoid obscuring the present
`invention. Examples of the non-essential elements that may
`be employed Within the cryptographic coprocessor 34
`include RAM, a random number generator, and various
`cryptographic algorithm accelerators. Furthermore,
`although host processor 30 is shoWn separate from crypto
`graphic coprocessor 34 in FIG. 1, cryptographic coprocessor
`34 may be part of host processor 30 in Which case host
`processor 30 accesses the BIOS program directly Without
`going through system bus 33.
`In FIG. 2, the steps associated With the “boot up” phase
`of the system are shoWn. First, in step 50, the host processor
`issues a read request for an address corresponding to the
`BIOS program. The cryptographic coprocessor responds to
`that request With the associated BIOS instruction (Step 60).
`Lastly, the host processor processes that data in step 70. To
`continue processing BIOS instructions, this sequence is
`repeated.
`In a typical ?eld BIOS upgrade, the softWare manufac
`turer (the BIOS vendor) Will send the user a diskette
`containing the neW BIOS code, and the code to perform the
`upgrade operations. It is also possible for the BIOS vendor
`to establish a bulletin board system, or a data superhighWay
`connection such as the Internet, to alloW users to doWnload
`the BIOS upgrade electronically and remotely. BIOS
`upgrading essentially involves erasing and Writing to the
`BIOS ?ash memory.
`In FIG. 3, the steps associated With a modi?cation of the
`BIOS program are shoWn. In step 110, the host processor
`issues a “replace BIOS” command to the cryptographic
`coprocessor. This command Would typically be generated by
`some type of BIOS management utility softWare, running
`either on the host processor itself or on a remote system. The
`purpose of this command is to prepare the cryptographic
`coprocessor for a neW BIOS program (step 120). In step 130,
`the cryptographic coprocessor either passively receives the
`neW BIOS program code from the host processor or actively
`retrieves it from a speci?ed source (eg system memory). In
`step 140, the neW BIOS program is stored internally or in a
`protected manner to assure that future authentication opera
`tions are performed on the speci?ed “neW BIOS program”.
`In step 150, the cryptographic coprocessor performs the
`appropriate authentication operations on this internally
`stored version of the neW BIOS program. There are many
`Ways such authentication can be performed, including the
`use of secret information knoWn only to the BIOS provider
`and the deployed cryptographic coprocessor. It is contem
`plated that public/private key cryptography may be used as
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`5,844,986
`
`4
`part of the authentication procedure, speci?cally using the
`Well-knoWn techniques of digital signatures and certi?cates
`to validate the integrity and validity of the “neW BIOS
`program”. Whatever authentication technique is used, the
`salient feature is that it is performed Within the crypto
`graphic coprocessor on the local version of the neW BIOS
`program. Once the authentication operations have been
`performed, in step 160, the cryptographic coprocessor can
`make a determination as to the validity of the neW BIOS
`program. For example, the digital signature supplied With
`the “neW BIOS program” may be valid, but the revision date
`may be inappropriate (e.g. older than the currently installed
`BIOS). If the neW BIOS is determined to be invalid, it is
`deleted by the cryptographic coprocessor and is never used
`(step 170). If the neW BIOS is valid, the neW BIOS program
`is made operational and the previous BIOS program is
`deleted (step 180). Note that at this point, it Would be normal
`to reboot the computer system to assure system-Wide con
`sistency.
`To support this digital signature-based method of BIOS
`authentication, the digital signature embedded in the distri
`bution BIOS softWare upgrade should be underWritten or
`endorsed by an industry association, or a similar organiZa
`tion or procedure. The participants in this industry associa
`tion are the BIOS vendors Who Want to be able to ?eld
`upgrade their BIOS code. One of the functions of this
`industry association is to issue digital certi?cates to its BIOS
`vendor members, essentially assigning a digital certi?cate to
`each vendor to be used in BIOS upgrade softWare. This
`association provides its public key to be used by the cryp
`tographic coprocessor during the BIOS authentication pro
`cedure. The cryptographic coprocessor Will be preloaded
`With the public key of the industry association for BIOS
`vendors so that it Will be able to verify any digital signature
`embedded in the BIOS upgrade code. Alternatively, the
`cryptographic coprocessor may be preloaded With another
`public key that may be used to authenticate a certi?cate
`chain to obtain this industry association public key. The
`BIOS upgrade code could be encrypted if necessary (to
`protect the code from being reverse engineered for
`example). Since the digital signature or the certi?cate issued
`by the industry association normally represents the authen
`ticity of a reputable or credible BIOS vendor, an intruder
`cannot corrupt the BIOS code (unless of course he or she
`somehoW obtains secret private keys used to create such
`signatures or certi?cates) either directly or indirectly by
`virus attack.
`In another embodiment (not shoWn), the cryptographic
`coprocessor is part of the host processor. The host processor
`contains both the cryptographic coprocessor and the BIOS
`program. The host processor, acting itself as the security
`processor, performs the authentication and validation on the
`BIOS upgrade in the similar fashion as described above. The
`host processor Will be preloaded With the public key of the
`industry association for BIOS vendors so that it Will be able
`to verify any digital signature embedded in the BIOS
`upgrade code.
`Yet, in another embodiment (not shoWn), the BIOS pro
`gram is located in a printed-circuit board (“PCB”) or card
`plugged into a system expansion slot. The cryptographic
`coprocessor may be located on the same PCB or card or on
`another PCB or card or even inside the host processor.
`Regardless Whether it is located in the system, as long as the
`cryptographic coprocessor is able to access the BIOS
`program, it can carry out the authentication and validation
`operations as described above.
`While this invention has been described With reference to
`illustrative embodiments, this description is not intended to
`
`6
`
`
`
`5,844,986
`
`5
`be construed in a limiting sense. Various modi?cations of the
`illustrative embodiments, as Well as other embodiments of
`the invention, Which are apparent to persons skilled in the art
`to Which the invention pertains are deemed to lie Within the
`spirit and scope of the invention.
`What is claimed is:
`1. A system for securely updating an executable code,
`comprising:
`?rst storage means for storing a code update;
`second storage means for storing said executable code;
`and
`?rst processing means for authenticating and validating
`said code update, said ?rst processing means being
`coupled to said second storage means.
`2. The system of claim 1 Wherein the executable code
`includes a Basic Input and Output System (BIOS).
`3. The system of claim 1 Wherein the ?rst storage means
`is one of a mass storage device and a ?le capable of being
`sent electronically in a computer netWork.
`4. The system of claim 1 Wherein the second storage
`means includes a modi?able non-volatile memory device.
`5. The system of claim 1 Wherein the ?rst processing
`means includes a cryptographic processor.
`6. The system of claim 1 Wherein the ?rst processing
`means uses at least one digital certi?cate to authenticate the
`code update and a digital signature to validate the code
`update.
`7. The system of claim 1 Wherein said executable code is
`encrypted to produce an encrypted code.
`8. The system of claim 1 further comprising:
`second processing means for communicating With said
`?rst processing means in order to execute said execut
`able code.
`9. The system of claim 7 Wherein said encrypted code is
`decrypted to produce a decrypted code.
`10. A system for securely updating an executable code,
`comprising:
`a ?rst storage element for containing a code update;
`a second storage element that contains said executable
`code; and
`a security processor coupled to said second storage
`element, said security processor for authenticating said
`code update based on at least one certi?cate and
`validating said code update based on a digital signature.
`11. The system of claim 10 Wherein the executable code
`includes a Basic Input and Output System (BIOS).
`12. The system of claim 10 Wherein the digital signature
`is part of the code update.
`13. The system of claim 10 Wherein the second storage
`element includes a modi?able non-volatile memory device.
`14. The system of claim 10 Wherein the security processor
`is mounted on a removable card.
`15. The system of claim 11 Wherein said at least one
`certi?cate includes an encrypted version of a public key of
`a vendor of the BIOS.
`16. The system of claim 10 Wherein said executable code
`is contained in an encrypted format.
`17. The system of claim 10 further comprising:
`a host processor for communicating With said security
`processor in order to execute said executable code.
`18. The system of claim 16 Wherein said encrypted code
`is decrypted before execution.
`19. A method for securely updating an executable code,
`the method comprising:
`providing a ?rst storage element for storing a code update;
`providing a second storage element for storing said
`executable code;
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`6
`con?guring said ?rst storage element to contain at least
`one certi?cate;
`providing a security processor for accessing said second
`storage element;
`authenticating said code update based on said at least one
`digital certi?cate by said security processor; and
`updating said executable code With said code update if
`said code update is authenticated.
`20. The method of claim 19, Wherein before said updating
`step, the method further comprises a step of validating said
`code update.
`21. The method of claim 19 Wherein the executable code
`includes a Basic Input and Output System (BIOS).
`22. The method of claim 19, Wherein said executable code
`provided in the second storage element is in an encrypted
`format.
`23. The method of claim 19 further comprising:
`providing a host processor for communicating With said
`security processor in order to execute said executable
`code.
`24. A system comprising:
`a ?rst storage element for containing a code update;
`a second storage element that contains an executable
`code; and
`a security processor coupled to said second storage
`element, the security processor for authenticating the
`code update based on at least one certi?cate.
`25. The system of claim 24 Wherein the executable code
`includes a Basic Input and Output System (BIOS).
`26. The system of claim 24 Wherein the at least one
`certi?cate includes an encrypted version of a public key of
`a vendor of the BIOS.
`27. The system of claim 24 Wherein the second storage
`element includes a modi?able non-volatile memory device.
`28. The system of claim 24 Wherein the security processor
`further validating the code update through a digital signature
`being part of the code update.
`29. The system of claim 28 Wherein the security processor
`further loading the code update into the second memory
`element after the code update has been authenticated and
`validated.
`30. The system of claim 24 Wherein the security processor
`is mounted on a removable card.
`31. The system of claim 24 Wherein the executable code
`is in an encrypted format When contained in the second
`storage element.
`32. The system of claim 24 further comprising:
`a host processor for communicating With said security
`processor in order to execute the executable code.
`33. A system comprising:
`a ?rst storage element for containing a code update;
`a second storage element that contains an executable
`code; and
`a security processor coupled to the second storage
`element, the security processor for validating said code
`update.
`34. The system of claim 33 Wherein the security processor
`substituting the code update for the executable code When
`the code update is validate.
`35. The system of claim 33 Wherein the executable code
`includes a Basic Input and Output System (BIOS).
`36. The system of claim 33 Wherein the digital signature
`is part of the code date.
`37. The system of claim 33 Wherein the second storage
`element includes a modi?able non-volatile memory device.
`
`7
`
`
`
`5,844,986
`
`7
`38. The system of claim 33 wherein the security processor
`further authenticating the code update With at least one
`certi?cate including a public key of a vendor of the BIOS.
`39. A system comprising:
`a ?rst storage element that contains information;
`a second storage element for containing update informa
`tion; and
`a security processor coupled to the ?rst storage element,
`the security processor validating the update informa
`tion to determine Whether the update information is to
`be subsequently loaded into the ?rst storage element.
`
`10
`
`8
`40. The system of claim 39, Wherein the security proces
`sor further authenticating the update information to deter
`mine that the update information originated from a prede
`terrnined source.
`41. The system of claim 40 Wherein the information
`includes an eXecutable code.
`42. The system of claim 41, Wherein the executable code
`includes Basic Input and Output Systern (BIOS).
`43. The system of claim 42, Wherein the predetermined
`source includes a selected BIOS vendor.
`
`8
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`CERTIFICATE OF CORRECTION
`
`PATENT NO.
`: 5,844,986
`DATED
`: December 1, 1998
`INVENTOR(S) : Davis
`
`Page 1 0f 1
`
`It is certified that error appears in the above-identi?ed patent and that said Letters Patent is
`hereby corrected as shown below:
`
`Column 6
`Line 65, delete "date" and insert -- update
`
`Signed and Sealed this
`
`Seventeenth Day of August, 2004
`
`“Vt/ADJ”
`
`JON W. DUDAS
`Acting Director ofthe United States Patent and Trademark O?‘ice
`
`9
`
`