`
`Europaisches Patentamt
`
`European Patent Office
`
`Office européen des brevets
`
`(11)
`
`EP 0 824 233 A2
`
`(12)
`
`EUROPEAN PATENT APPLICATION
`
`(43) Date of publication:
`18.02.1998 Bulletin 1998/08
`
`(21) Application number: 973058910
`
`(22) Date of filing: 04.08.1997
`
`(51) lntCl.6: G06F 1I00, GOGF 1/30,
`G06F 11/00
`
`(84) Designated Contracting States:
`AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC
`NL PT SE
`
`Designated Extension States:
`AL LT LV RO SI
`
`(72) Inventors:
`0 Angelo, Michael F.
`Houston, Texas 77068 (US)
`0 Miller, Craig A.
`Cedar Park, Texas 78613 (US)
`
`(30) Priority: 07.08.1996 US 693458
`
`(74) Representative: Brunner, Michael John
`GILL JENNINGS & EVERY
`
`(71) Applicant: Compaq Computer Corporation
`Houston Texas 77070 (US)
`
`Broadgate House
`7 Eldon Street
`
`London EC2M 7LH (GB)
`
`(54) Method and apparatus for secure execution of software prior to a computer system being
`powered down or entering a low energy consumption mode
`
`handler routine then generates a current modification
`detection value for each registered program. The cur-
`rent modification detection values are compared with
`the secure modification detection values. Execution of
`
`a registered program is permitted if the values match.
`After all registered programs have been executed, the
`computer system automatically powers down or enters
`an energy saving mode. The computer system thereby
`allows secure and convenient execution of programs or
`commands that would typically interfere with normal
`computer use.
`
`CACHE CTRL
`
`LZ
`HOST ADDH
`“CHE
`PAHBJ)
`B4-EIT HOST DATA
`
`HB
`
`m
`
`/ I
`I
`DA”
`BUFFERS
`HAS/I CASiI
`I
`MEM ADDR. MEMWE‘
`
`165
`ADDRlCTHL
`VII] DATA
`163
`VGA DAT ‘
`
`CONTROLLER
`
`NETWORK
`INTERFACE
`
`170
`
`155
`
`VIDEO MEMORY
`MONITOR
`“HAM
`I
`PIXEL DATA
`on
`MCINIT
`R,G,B
`RAMDAC
`30”"
`HSYNC vsvwc
`MONITORID'S 169
`125
`FILTERS!
`XFHMRS
`
`Printed by Jouve, 75001 PARIS (FR)
`
`A computer system that automatically and se-
`(57)
`curely executes registered programs immediately prior
`to a transition to a reduced energy consumption state.
`A registrar table specifying registered programs and a
`secure modification detection value for each registered
`program are maintained in system management mode
`memory or other secure memory space in the computer
`system. A system management interrupt is generated
`following a request to remove power from the computer
`system or the occurrence of an event that triggers an
`energy saving mode. The system management interrupt
`
`CACHE 81
`MEMORY
`PRUL‘ESSUHCDNTRULLER
`HDSTCTRLISTATUS
`I
`lDE
`lSABUS
`
`VDE
`
`‘
`
`gAfiP
`m E
`
`7
`
`_
`
`USGRANT
`i — CONTROLLER
`DEASSERT
`mar
`LOGIC
`’28
`122124 w CUNN
`PAHALLELPURT
`CONN
`
`EP0824233A2
`
`POWER
`SUPPLY
`
`180
`
`134
`
`ISA CONN
`
`lSA BUS (ISA ADDRIDATAICTRLI
`P;BSP A151);
`I
`I
`C
`142
`
`PCI CONN
`
`I
`
`j
`
`134 m PCIEONN
`
`142 HUM
`138
`
`136 ‘
`“Emma
`
`
`WRITE
`[ROIECT
`LOGIC
`FLOPPV CONTROLLER
`unnrs
`nmcuus
`KEYBOARD CONTROLLER
`KVBD
`MOUSE
`
`124
`132
`
`X
`x‘ausw
`
`-->
`
`_
`
`HTC EX. 1018
`HTC v. Ancora
`US Patent No. 6,411,941
`
`Page 1
`
`HTC EX. 1018
`HTC v. Ancora
`US Patent No. 6,411,941
`
`
`
`The present invention relates to computer system
`security.
`The present invention relates to a method for se-
`curely executing registered software applications in a
`computer system that is either being powered down or
`entering an energy saving mode.
`Computers are becoming increasingly important in
`many aspects of modern life, both in homes and in busi-
`nesses. Huge amounts of money are invested by com-
`panies and individuals to purchase executable software.
`Even more money and time is spent developing the in-
`formation contained in data files such as text documents
`
`and spreadsheets. Protecting these resources is there-
`fore an important concern. Security-conscious users are
`requesting that security and integrity features be incor-
`porated into their personal computers to protect access
`to critical files and to guarantee the trustworthiness of
`installed programs.
`Ideally,
`these security features
`should interfere with normal computer operation as little
`as possible.
`Two main causes of software untrustworthiness are
`
`file corruption and viruses. File corruption usually fol-
`lows a system failure occurring during a file transfer (i.
`e. the system is turned off while a file is being copied
`onto the hard disk, etc.) or similar occurrence.
`Controlling the power-down ofthe computer system
`is therefore important, particularly in computers with ad-
`vanced operating systems such as Windows 95TM and
`Windows NTTM, available from Microsoft Corp. These
`operating systems requirethe userto shut down via spe-
`cific software steps rather than by simply turning off the
`power switch. For example, in Windows 95”", the user
`should click a START button and select the SHUT
`DOWN item from the START menu. The selection of the
`
`prior to toggling the on/offpower switch.
`Another threat to software integrity is the problem
`of "malicious code", also referred to as computer virus-
`
`es. While many computer viruses are relatively benign,
`computer viruses can be hostile, clandestine and creat-
`ed to target specific types of software or hardware. They
`can be introduced into a computer in as many ways as
`the computer can communicate externally, such as
`through the floppy drive, a network connection or a mo-
`dem connection. Viruses are typically designed to rep-
`licate by secretly attaching copies of themselves to files
`or boot records so that the user is unaware of the intru-
`
`sion. It is important to note that once a virus has attached
`itself to a host program, the program must be different
`and its integrity has been violated.
`Once infected, any subsequent copies of the host
`file also contain the virus, thereby increasing the poten-
`tial for destruction. The virus is then activated when the
`
`file is executed. Consequently, a virus attached to a data
`file may remain dormant because the data file is not ex-
`ecutable.
`
`One common commercial method of assessing the
`integrity of user software is to check for viruses by run-
`ning a virus checking software program. Such programs
`rely on the characteristics of the known viruses to detect
`their presence. A new virus may not be detectable by
`the virus checking software. If a virus is present, the vi-
`rus checking software itself is susceptible because it is
`loaded from the infected hard disk and must run in mem-
`
`In addition, virus checking
`ory that could be infected.
`software can be inconvenient to execute. A thorough
`check of system resources can take several minutes,
`and the user is not able to run other applications during
`this time. Although virus checking software can be con-
`figured to execute automatically during system boot up,
`the user must again take affirmative action to execute
`or schedule a virus scan at other times.
`
`Another method of assessing a file's integrity prior
`to executing involves computing an integrity assess-
`ment code for the file and verifying that the code match-
`es a predetermined value. Checksums (a type of integ-
`rity assessment code) are adequate for detecting acci—
`dental modifications of data. However, they are an inse-
`cure defense against viruses. A well-designed virus
`aimed at bypassing normal security features can easily
`attach itself to a host program without resulting in a dif-
`ferent checksum.
`
`To address this problem, advanced modification de-
`tection codes (or MDC's) have been developed to spe-
`cifically detect deliberate corruption of data, and are su-
`perior to simple checksums. The intent of MDC's is to
`make it computationally infeasible to modify data so as
`to preserve a specific modification detection code value.
`Modification detection codes are sometimes referred to
`
`by other names, including: "cryptographic checksums",
`"cryptographic hashes", "secure hash algorithms", and
`"message digests".
`In some earlier systems, a secure hash value is cal-
`culated and stored for newly installed software. There-
`after, when the computer is turned on again, the stored
`
`Description
`
`EP 0 824 233 A2
`
`hash value is compared to a newly calculated value. If
`
`SHUT DOWN item causes a dialog box to appear on
`the screen, giving the user the options of shutting down
`completely, restarting the PC, or exiting to the disk op—
`erating system (DOS).
`the shut
`In these advanced operating systems,
`down procedure is needed because the numerous piec-
`es of status information and configuration data con-
`tained in the Windows Registry file are not updated until
`the system has been properly shut down. Further, data
`stored in the disk cache may not be flushed to the disk
`unless the user properly exits Windows 95TM or Win-
`dows NTT'V'. Network connections that are not properly
`severed can cause additional problems. Thus, the re-
`moval of power without following the proper shutdown
`procedure can corrupt the Windows Registry file and
`compromise the overall reliability ofthe computer during
`subsequent operations.
`It should be noted, however,
`that properly exiting these operating systems requires
`the user to take affirmative action via menu commands
`
`Page 2
`
`
`
`EP 0 824 233 A2
`
`a discrepancy is found, the user is alerted. A main dis-
`advantage with this method is that the integrity assess-
`ment codes must be stored on the hard disk, thus mak-
`'ng the codes themselves susceptible to attack by ma-
`icious code. Reverse-engineering a modification detec-
`ion code, while difficult,
`is not a mathematically intrac-
`able problem. Thus, software-only protective products
`can offer only limited insurance against the attack of ma—
`icious code, due mainly to architectural weakness
`present in most computer systems. A potential solution
`'s to embed the modification detection code in a perma-
`nent read-only memory device, but this can make sys-
`em reconfiguration quite difficult.
`Some degree of protection from data loss is afford-
`ed by performing regular backups to a tape drive or sim-
`'Iar storage medium. If afile becomes corrupted, an ear-
`ier, trusted version can be restored from a backup tape.
`Any changes made to the file after the backup was per-
`ormed are lost. Like virus scanning and various other
`administrative procedures, performing backup opera-
`ions usually preempts other uses of the computer. To
`circumvent this potential inconvenience,
`it is desirable
`0 schedule backups during non-working hours or at
`imes when the user is away from the machine. Sched-
`Jling and running the backups also require some sort of
`affirmative action to be taken by the user or system ad-
`ministrator.
`
`
`
`A problem can arise if backups and other operations
`are scheduled to execute at times when it is unlikely that
`the computer system will be in use. Most modern com-
`puter systems incorporate "energy saving" or "hiberna-
`tion" features. Techniques that are utilized to conserve
`energy include powering down disk drives, disabling
`monitors and reducing processor and system clock fre-
`quencies. These features are typically activated when
`the computer is not used for a predetermined period of
`time. Depending on its programming and hardware, a
`computer system may not acknowledge and execute a
`scheduled operation while the system is in an energy
`saving mode. Even if a scheduled operation is recog-
`nized, current computerarchitectures cannot ensure se-
`cure execution.
`
`Briefly, the present invention provides a computer
`system having the capability to automatically and se-
`curely execute registered commands or applications im-
`mediately prior to the computer powering down or en-
`tering a low energy consumption mode.
`Following a request to remove power from the com-
`puter system or enter a low power consumption mode,
`a system management interrupt (SMI) is generated. Ac-
`cording to the invention, a variety of methods can be
`used to generate the SMI. In one embodiment, closure
`ortoggling ofthe power supply on/off switch causes spe-
`cial interrupt circuitry to generate an interrupt service re-
`quest that instructs the processor to jump to an interrupt
`service routine which results in a power down SMI being
`asserted. Alternatively, circuitry coupled to the power
`supply on/off switch ls configured to bypass the interrupt
`
`A computer system according to the present inven-
`tion also allows automatic and secure execution of reg-
`istered applications immediately prior to the computer
`system entering a low power consumption mode. Exam-
`ples of such a low power consumption mode include "hi-
`bernation mode" and "energy saving mode". In this em-
`bodiment, an SMI is again generated in one of a number
`of ways. Special interrupt circuitry, a keyboard interrupt,
`activity timers or a software process can all be used to
`generate the SMI.
`Regardless of the manner in which it is generated,
`the power down or hibernation mode SMI places the
`computer system in system management mode, caus-
`ing an SMI handler routine to be executed. In turn, the
`SMI handler responds by executing all applications reg-
`istered with the application registrar.
`Importantly, the
`registered applications are verified and executed in a
`secure manner. Before executing a registered applica-
`tion, the SMI handler first generates a current hash val-
`ue for the program. The term "secure hash value" or
`"hash value" is used throughout the remainder of this
`specification to refer generally to a value generated by
`a modification detection code, the value being specific
`to a given software application. A "secure hash value"
`in the preferred embodiment is 160 bits of data (20
`bytes) that is essentially a mathematical representation
`of a file.
`If any bits in the file are changed, a different
`hash value will result.
`
`cured hash value for the table is maintained in SMM
`
`request and generate the power down SMI directly with-
`out the need for a standard interrupt. In yet another em-
`bodiment, toggling the power supply on/off switch initi-
`ates a software process that results in a power down
`SMI.
`
`In general, a secure hash table (or other type of in-
`tegrity assessment code) is provided that contains a se-
`cure hash value for each program that the user wants
`to execute prior to the power down or entry into hiber-
`nation mode. The hash table is stored in protected mem-
`ory that can only be accessed when the computer sys—
`tem is in system management mode. After it has gener-
`ated a current hash value for the registered application,
`the SMI handler checks this stored hash table for a se-
`
`If a hash value entry is
`cure entry for the application.
`found, it is compared with the newly-calculated hash val-
`ue for the secured application. In the event the two val-
`ues match, the integrity of the application is guaranteed
`and it is loaded into memory and executed. The process
`is repeated until all applications registered with the ap-
`plication registrar have been executed.
`If the two values do not match, the user is alerted
`to the discrepancy and may be given the option to up-
`date or override the stored hash table entry by entering
`an administrative password. For security sensitive ap-
`plications, the entire application or a portion of it is load-
`ed into system management mode memory (hereinafter
`"SMM memory") prior to application.
`In an alternate embodiment of the invention, a se-
`
`Page 3
`
`
`
`memory, with the hash table itself is stored in normal
`memory. A current table hash value is generated forthe
`hash table before a hash table entry is accessed. The
`current table hash value is then compared with the table
`hash value stored in SMM memory.
`If the values are
`equal, the integrity of the hash table is verified and the
`new hash value of the program to be executed can be
`safely compared with its original value. This embodi—
`ment ofthe invention is useful for overcoming problems
`associated with the limited size of SMM memory. Both
`of the aforementioned embodiments of the invention
`
`have the additional advantage of being operating sys-
`tem independent.
`Afterall of the registered applications have been ex-
`ecuted, the SMI handler transmits a shutdown com-
`mand to a decoder over a system bus if the SMI was
`generated as a result of a power down request. Upon
`detecting that the computer system has issued a shut-
`down command, the decoder logic causes a SHUT-
`DOWN input to the power supplyto be asserted, thereby
`disabling power tothe system. If the SMI was generated
`as a result of low power consumption mode being acti-
`vated,
`the SMI handler transmits appropriate com-
`mands to hibernation logic that controls various system
`components.
`The present invention has a wide variety of potential
`applications, including secure execution of virus detec-
`tion and removal programs and backing up files prior to
`shutting down. These and other registered applications
`are executed securely and without need for inten/ention
`by the user.
`A better understanding of the present invention can
`be obtained when the following detailed description of
`the preferred embodiment is considered in conjunction
`with the following drawings, in which:
`
`Figure 1 is a schematic block diagram of a computer
`system incorporating system management mode
`capabilities in accordance with the present inven—
`tion;
`Figure 2 is a graphical representation of System
`Management Mode memory according to the
`present invention;
`Figure 3 is a schematic block diagram of a power
`down circuitry associated with the power supply of
`the computer system of Figure 1;
`Figure 4 is a block diagram of the power supply of
`the computer system of Figure 1;
`Figure 5 is a schematic block diagram of hibernation
`circuitry according to the present invention;
`Figure 6 is a flowchart illustration of a method ac-
`cording to the present invention for securely exe-
`cuting and verifying the integrity of software appli-
`cations prior to the computer system being turned
`off or entering hibernation mode; and
`Figure 7 is a flowchart illustration of a secure meth-
`od according to the present invention for updating
`a stored hash table or stored hash value.
`
`interface of the PCI-ISA bridge 130. Tape drives, CD-
`ROM devices or other peripheral storage devices (not
`shown) can be similarly connected.
`In the disclosed embodiment, the PCI-ISA bridge
`130 also includes miscellaneous system logic. This mis-
`cellaneous system logic contains counters and activity
`timers as conventionally present in personal computer
`systems, an interrupt controller for both the PCI and ISA
`buses P and I, and power management logic. Addition-
`ally, the miscellaneous system Iogic may include circuit-
`ry for a security management system used for password
`verification and to allow access to protected resources.
`The PCI-ISA bridge 130 also includes circuitry to
`generate a "soft" SMI (System Management Interrupt),
`as well as SMI and keyboard controller interface circuit-
`ry. The miscellaneous system logic is connected to the
`
`EP 0 824 233 A2
`
`Referring first to Figure 1, a computer system 8 ac-
`cording to the present invention is shown.
`In the pre-
`ferred embodiment, the system S incorporates two pri-
`mary buses: a Peripheral Component
`Interconnect
`(PCI) bus P which includes an address/data portion and
`a control signal portion; and an Industry Standard Archi-
`tecture (ISA) bus I which includes an address portion, a
`data portion, and a control signal portion. The PCI and
`ISA buses P and I form the architectural backbone of
`
`the computer system S.
`A CPU/memory subsystem 100 is connected to the
`PCI bus P. The processor 102 is preferably the Pen-
`tium® processor from Intel Corporation, but could be an
`80486 or any number of similar or next-generation proc-
`essors. The processor 102 drives data, address, and
`control portions 116, 106, and 108 of a host bus HB. A
`level 2 (L2) or external cache memory 104 is connected
`to the host bus HB to provide additional caching capa-
`bilities that improve the overall performance of the com-
`puter system S. The L2 cache 104 may be permanently
`installed or may be removable if desired. A cache and
`memory controller 110 and a PCl-ISA bridge chip 130
`are connected to the control and address portions 108
`and 106 of the host bus HB. The cache and memory
`controller chip 110 is configured to control a series of
`data buffers 112. The data buffers 112 are preferably the
`82433LX from Intel, and are coupled to and drive the
`host data bus 116 and a MD or memory data bus 118
`that is connected to a memory array 114. A memory ad-
`dress and memory control signal bus is provided from
`the cache and memory controller 110.
`The data buffers 112, cache and memory controller
`110, and PCI-ISA bridge 130 are all connected to the
`PCI bus P. The PCI-ISA bridge 130 is used to convert
`signals between the PCI bus P and the ISA bus I. The
`PCI-ISA bridge 130 includes: the necessary address
`and data buffers, arbitration and bus master control logic
`for the PCI bus P, ISA arbitration circuitry, an ISA bus
`controller as conventionally used in ISAsystems, an IDE
`(intelligent drive electronics) interface, and a DMA con-
`troller. A hard disk drive 140 is connected to the IDE
`
`flash ROM 154through write protection logic 164. Pref-
`
`Page 4
`
`
`
`EP 0 824 233 A2
`
`erably, the PCl-ISA bridge 130 is a single integrated cir-
`cuit, but other combinations are possible.
`A series of ISA slots 134 are connected to the ISA
`
`bus I to receive ISA adapter cards. A series of PCI slots
`142 are similarly provided on the PCI bus P to receive
`PCI adapter cards.
`A video controller 165 is also connected to the PCI
`
`180 receives an AC voltage supply via an AC plug 190
`(Fig. 3).
`An additional feature of the computer system S is a
`System Management Mode (SMM), as discussed at
`length immediately below. It is also noted that Figure 1
`presents an exemplary embodiment of the computer
`system S and it is understood that numerous other ef-
`fective embodiments could readily be developed as
`known to those skilled in the art.
`
`In a typical system management mode implemen-
`
`Certain microprocessors, such as the Pentium®
`processorfrom Intel Corporation, have included a mode
`referred to as system management mode (SMM), which
`is entered upon receipt of a system management inter-
`rupt (SMI). Originally, SMIs were power management
`interrupts devised by Intel Corporation for portable sys-
`tems. Portable computers often draw power from bat-
`teries which provide a limited amount of energy. To max-
`imize battery life, an SMI is typically asserted to turn off
`or reduce the power to any system component that is
`not currently in use. Although originally meant for laptop
`computers, SMIs have become popular for desktop and
`other stationary models as well.
`SMIs are asserted by either an SMI timer, by a sys-
`tem request, or by other means. An SMI is a non-mask-
`able interrupt having almost the highest priority in the
`system. Only the reset signal R/S* and cache flush sig-
`nal FLUSH*, which can be conceptualized as interrupts,
`have a higher priority than the SMI. When an SMI is as-
`serted, a microprocessor maps a portion of memory re-
`ferred to as the system management mode memow
`("SMM memory") into the main memory space. The en-
`tire CPU state is then saved in the SMM memory (in the
`CPU register dump 210 of Fig. 2) in stack-like, last in/
`first outfashion. Afterthe initial processor state is saved,
`the processor 102 begins executing an SMI handler rou-
`tine, which is an interrupt service routine to perform spe-
`cific system management tasks such as reducing power
`to specific devices or, as in the case of the present in-
`vention, providing security services. While the routine is
`executed, other interrupt requests are not serviced, and
`are ignored until the interrupt routine is completed or the
`microprocessor is reset. When the SMI handler com-
`pletes its task, the processor state is retrieved from the
`SMM memory, and the main program continues. An SMI
`active signal referred to as the SMIACT* signal is pro-
`vided by the processor to indicate operation in SMM.
`As mentioned, following assertion of its SMI input
`(this is generally an active low signal), the processor 1 02
`calls the SMI handler, which addresses an address
`space that
`is separate from ordinary main memory.
`Thereafter, all memory accesses refer only to SMM
`memory 200. Input/output ("I/O") accesses via instruc-
`tions such as IN or OUT are still directed to the normal
`
`bus P. Video memory 166 is used to store graphics data
`and is connected to the video graphics controller 165
`and a digital/analog converter (RAMDAC) 168. The vid-
`eo graphics controller 165 controls the operation of the
`video memory 166, allowing data to be written and re-
`trieved as required. A monitor connector 169 is connect-
`ed to the RAMDAC 168 for connecting a monitor 170.
`A network interface controller (NIC) 122 is also con-
`nected to the PCI bus P. Preferably, the controller 122
`is a single integrated circuit that includes the capabilities
`necessary to act as a PCI bus master and slave, as well
`as circuitry required to act as an Ethernet interface. At-
`tachment Unit Interface (AUI) and 1 0 base-T connectors
`124 are provided in the system S, and are connected to
`the NIC 122 viafilter and transformer circuitry 126. This
`circuitry forms a network or Ethernet connection for con-
`necting the computer system S to a local area network
`(LAN).
`A combination I/O chip 136 is connected to the ISA
`bus I. The combination I/O chip 136 preferably includes
`a real time clocktwo UARTS, a floppy disk controller for
`controlling a floppy disk drive 138, and various address
`decode logic and security logic to control access to the
`CMOS memory (not shown) and power-on password
`values. A control line is provided to the read and write
`protection logic 164 to further control access to the flash
`ROM 154. Serial port connectors 146 and parallel port
`connector 132 are also connected to the combination I/
`
`0 chip 136.
`An 8042 or keyboard controller is also included in
`the combination I/O chip 136. The keyboard controller
`is of conventional design and is connected in turn to a
`keyboard connector 158 and a mouse or pointing device
`connector 160. A keyboard 159 is connected to the com-
`puter system S through the keyboard connector 158.
`A buffer 144 is connected to the ISA bus I to provide
`an additional X-bus X forvarious additional components
`of the computer system S. Aflash ROM 154 receives its
`control, address and data signals from the X-bus X.
`Preferably, the flash ROM 154 contains the BIOS infor-
`mation for the computer system and can be repro-
`grammed to allow for revisions of the BIOS.
`In the computer system S of Fig. 1, all electronic
`devices discussed above, including the processor 102,
`are powered by a regulated power supply 180. In the
`preferred embodiment,
`the regulated power supply
`(Figs. 3 and 4) has a power supply supervisory circuit
`192 that provides shutdown capability via a SH UT-
`DOWN input. The power supply 1 80 is shut-down via an
`SMI software/hardware process that is initiated by tog-
`gling the on/off switch 182 (Fig. 3). The power supply
`
`I/O address space, however. One advantageous side-
`effect of the hardwired separate address SMM area is
`that the routines stored in this space cannot be snooped
`by the cache, providing an additional layer of protection.
`
`Page 5
`
`
`
`EP 0 824 233 A2
`
`10
`
`it is intended that battery-buffered SRAM chips
`tation,
`be mapped intothe address space between 30000h and
`3ffffh by default. External hardware can use the SMI-
`ACT* signal as a chip select signal and thereby address
`either the SRAM chips (the SMIACT* signal is at a logic
`low level), or the normal main memory (the SMIACT*
`signal is at a logic high level). By using the SMIACT*
`signal, then, SMM memory 200 and normal memory can
`be strictly separated.
`The Pentium®, or P5, microprocessor is more flex-
`ible than earlier processors in that it permits the SMI
`handler starting address and the location of the SMM
`memory space to be changed by the user. Under the
`Pentium® design, the SMI starting address stored in the
`microprocessor register is initially set to the convention-
`al 30000h value. Consequently, when the first SMI is as-
`serted, the SMI handler starts at address 88000h (the
`entry point is offset from the SMM memory base). While
`the SMI handler routine is executing, however,
`it may
`provide a different area of memory to be used as the
`SMM memory. This new SMM memory may start at any
`location in the main memory space chosen by the pro-
`grammer. The SMM memory is a 64-Kbyte block begin-
`ning at the new SMM memory start address. When the
`SMI handler finishes, the new starting address replaces
`the old starting address in the microprocessor's SMI
`starting address register.
`When the next SMI is asserted, the microprocessor
`maps the new 64-Kbyte block of memory into the main
`memory space as the SMM memow, and starts the SMI
`handler at the new starting address at the midpoint of
`the new SMM memory. For example, duringthe first SMI
`service routine, the programmer may change the SMM
`memory starting point from 080000h to 100000h. When
`the SMI is next asserted, the microprocessor maps the
`SMM memory into main memory space between
`100000h and 10FFFFh. The microprocessor then refer-
`ences address 108000h for the SMI handler. This fea-
`
`ing the SMI. For example, when the on/off switch 182 is
`
`ture thus allows the programmer to choose a more con—
`venient location in the main memory.
`Referring more specifically to Fig. 2, a graphical
`representation of SMM memory 200 as configured ac-
`cording to the present invention is shown. As mentioned
`above, this address space is addressed by the proces-
`sor 102 following an SMI. Following an SMI, the state of
`the processor 102 is stored in the CPU register dump
`210. The SMI handler 201 is then called and executed
`
`by the processor 102. Importantly, the SMI handler 201
`can be written such that it performs tasks other than
`power-down operations. An SMI handler201 written ac-
`cording to the present invention is able to utilize an ap-
`plication registrar 202, stored hash entries 204, a stored
`hash table 206, and a secure hash algorithm 208 to se-
`curely register and verify the integrity of software appli-
`cations prior to execution. Because SMM memory 200
`is only addressable while the computer system is in
`SMM, storing the application registrar 202, the hash en-
`tries 204, the hash table 206 and the secure hash algo-
`
`rithm 208 in SMM memory 200 prevents malicious code
`from modifying or reading these sensitive components
`of the preferred embodiment of the invention.
`In an alternate embodiment of the invention, a se-
`cured table hash value for the hash table 206 itself is
`
`maintained in SMM memory 200, while the hash table
`206 is stored in normal, readable memory.
`In this em-
`bodiment, the integrity of the hash table 206 is verified
`before the hash value of the program to be executed is
`compared with its original value. This embodiment of the
`invention, discussed more fully below, is useful for over-
`coming problems associated with the limited size of
`SMM memory (64-Kbyte total in the disclosed embodi-
`ment). It is also contemplated that the secure hash al-
`gorithm 208 could be stored in flash ROM 154. The op-
`tional 32-Kbyte SMM RAM extension 212 can be utilized
`for secure execution of software or to store additional
`hash values.
`
`As used in this disclosure, the term "secure hash
`value" or "hash value" refers generally to a value -- gen-
`erated by an integrity assessment code -- that is specific
`to a given software application. Although the disclosed
`embodiment of the invention utilizes a hash table 206
`
`containing hash values generated by a secure hash al-
`gorithm 208, it is contemplated that many types of mod-
`ification detection codes could be utilized. Of impor-
`tance to the invention is that each piece of registered
`software has a corresponding and distinct value that
`represents the unaltered state of the software, and that
`this value be stored in a secure memow location. Note
`also that registered software is referred to generally as
`"programs" or "applications", and use of these terms is
`intended to cover software "files".
`
`Turning now to Fig. 3, circuitry is shown for power-
`ing down the computer system S and generating an SMI
`that initiates execution of registered applications. The
`interrupt controller/SMI generation logic 186 receives an
`input from a power supply on/off switch 182. One end
`of the on/off switch 182 is connected to ground, while
`the other end of the on/off switch 182 is connected to a
`
`pull-up resistor 184. The output of the on/off switch is
`connected tothe interrupt controller/SMI generation log-
`ic 186. When the power supply on/off switch 182 is
`closed -- indicating that the user desires to power the
`system down -- the input to the interrupt controller/SMI
`generation logic 186 is pulled low. While the on/off
`switch 182 is open, pull up resistor 184 pulls the input
`to a high logic level. The outputs of the interrupt control-
`ler/SMI generation logic are placed