CN103810443B - The apparatus and method for of protection basic input output system - Google Patents
The apparatus and method for of protection basic input output system Download PDFInfo
- Publication number
- CN103810443B CN103810443B CN201410085132.9A CN201410085132A CN103810443B CN 103810443 B CN103810443 B CN 103810443B CN 201410085132 A CN201410085132 A CN 201410085132A CN 103810443 B CN103810443 B CN 103810443B
- Authority
- CN
- China
- Prior art keywords
- mentioned
- output system
- basic input
- input output
- message digest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The present invention discloses a kind of apparatus and method for of protection basic input output system.One read only memory includes multiple subregions and multiple encrypted digest.Each subregion is to save as readable text.Each encrypted digest includes the encryption version of the first digest and corresponding subregion.One selector is to select one or more subregions in response to interruption.One detector is, in response to this interruption, above-mentioned subregion and corresponding above-mentioned encrypted digest are entered with line access, and indicates that a microprocessor produces corresponding to one or more second digests corresponding to above-mentioned subregion and corresponding to the one or more deciphering digests corresponding to above-mentioned encrypted digest using for producing the first digest algorithm identical with encrypted digest and key.More above-mentioned second digest of selector and above-mentioned deciphering digest, and when above-mentioned second digest and above-mentioned deciphering digest are not identical in pairs, prevent the operation of this microprocessor.
Description
Technical field
The present invention relates to a kind of microelectronics, basic input/output in computing system more particularly to can be protected
(Basic input/output system, BIOS)Apparatus and method.
Background technology
Calculating platform has various forms and size, for example:Desktop PC, mobile computer, tablet PC, individual
Personal digital assistant(PDA)And smart mobile phone.In the calculating platform of these multi-forms, only minority can adopt very powerful
Instrument.
After calculating platform is opened, the calculating platform of nearly all form is shared identical basic structure or joins
Put.It is a CPU in its core(Typically microprocessor), for storing the memorizer of program(With hard disc or solid
The form of state hard disc), the faster memorizer of configuration processor(It is usually random access memory)And the basic input of storage/defeated
Go out system(Basic input/output system, BIOS)Memorizer.
For these platforms, BIOS is the bottom of layering programming, and it can start the operating system of standard and application journey
Sequence, and the hardware being configured using specific calculation platform is executing operation.BIOS is generally and hardware interface has substantial amounts of relatedness,
So when platform configuration has change, the program of higher-order layer does not need modification can accommodate these changes.Certainly, when there being change
When, BIOS would generally be upgraded, here it is why the storage of BIOS is generally and the storage of operating system and application program is point
From.
BIOS not only includes the basic operation of calculating platform, and it also includes configuration data and secure data(For example calculate
Whether system is authorized to execute specific application program etc.).Because BIOS contains secure data, it is typically hacker
Etc target.For example, by the BIOS of modification system, undelegated user just can execute unwarranted program.Therefore,
To system designer it is extremely important that, when system does not work BIOS operates when, the effectiveness of BIOS and complete performance
Protected and ensured.
Therefore, in order to be able to support upgrading and/or reprogramming to support the change of system configuration, on the one hand to wish system
BIOS can easily enter line access.And on the other hand, it is critically important for protect or limit the content to BIOS entering line access, to keep away
Exempt from distorting without permission.
Some trials realizing one or two above-mentioned target can lead to framework to be limited.For example, the BIOS of mobile storage
To on the same chip of the microprocessor of similar system to prevent BIOS to be tampered, but run counter to easily scalable mesh completely
, because BIOS is no longer entity access.Other technologies emphasize the encryption of BIOS content, and from the viewpoint of protection, this is favourable
, but this can cut down the performance of system.Because each need using the operation to unacceptable quantity come to BIOS content
It is decrypted.
Accordingly, it would be desirable to a kind of accessibility of BIOS content that can support computing system and upgrading, BIOS also can be protected
Content exempts from the innovative techniques distorted without permission.
Content of the invention
The present invention provides preferably technology, in order to solve the above problems and to meet other problems and shortcoming and prior art
Limited.
The invention provides a kind of outstanding technology, the BIOS for protecting computing system avoids attacking.In an embodiment
In, there is provided a kind of equipment, in order to protect the basic input output system in a computing system.It is basic that the said equipment includes one
Input-output system read only memory, a partition selector and a tamper detector.Above-mentioned basic input output system is read-only to deposit
Reservoir includes multiple content of basic input output system subregions and multiple scrambled message digest.Each above-mentioned basic input and output
System for content subregion is to save as readable text, and each above-mentioned scrambled message digest includes the one of one first message digest and adds
Close version and corresponding above-mentioned content of basic input output system subregion.In response to the normal behaviour interrupting above-mentioned computing system
The basic input output system inspection made is interrupted, and above-mentioned partition selector selects one or more above-mentioned basic input and output systems
System content partition.Above-mentioned tamper detector is coupled to above-mentioned ROM of BIOS and above-mentioned subregion selects
Device.Interrupt in response to above-mentioned basic input output system inspection, above-mentioned tamper detector is to one or more above-mentioned basic inputs
Output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, and indicate a microprocessor
Device using for produce above-mentioned first message digest and the identical algorithm of above-mentioned scrambled message digest produce with key corresponding
One or more second message digests corresponding in one or more above-mentioned content of basic input output system subregions and
Corresponding to the one or more deciphering message digests corresponding to one or more above-mentioned scrambled message digests.Above-mentioned Tamper Detection
The more above-mentioned second message digest of device and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and
When one or more above-mentioned deciphering message digests are not identical in pairs, prevent the operation of above-mentioned microprocessor.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On
The equipment of stating includes a ROM of BIOS and a microprocessor is coupled to above-mentioned basic input and output system
System read only memory.Above-mentioned ROM of BIOS includes:Multiple content of basic input output system subregions,
Each of which above-mentioned content of basic input output system subregion is to save as readable text;And multiple scrambled message digest, its
In each above-mentioned scrambled message digest include an encryption version of one first message digest and corresponding above-mentioned basic input
Output system content partition.Above-mentioned microprocessor includes a partition selector and a tamper detector.Above-mentioned in response to interrupting
One basic input output system inspection of the normal operating of computing system is interrupted, and above-mentioned partition selector selects on one or more
State content of basic input output system subregion.Above-mentioned tamper detector is coupled to the read-only storage of above-mentioned basic input output system
Device and above-mentioned partition selector.Interrupt in response to above-mentioned basic input output system inspection, above-mentioned tamper detector is to one
Or multiple above-mentioned content of basic input output system and corresponding one or more above-mentioned scrambled message digest enter line access,
And indicate above-mentioned microprocessor using for producing the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest
To produce with key corresponding to one or more corresponding to one or more above-mentioned content of basic input output system subregions
Second message digest and the corresponding one or more deciphering messages corresponding to one or more above-mentioned scrambled message digests
Digest.The above-mentioned more above-mentioned second message digest of tamper detector and above-mentioned deciphering message digest, and on one or more
State the second message digest and when one or more above-mentioned deciphering message digest is not identical in pairs, prevent above-mentioned microprocessor
Operation.
Furthermore, the present invention provides a kind of method, in order to protect the basic input output system in a computing system.Storage
Multiple content of basic input output system subregions and multiple scrambled message digest are to the read-only storage of a basic input output system
Device, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned scrambled message
Digest includes an encryption version of one first message digest and corresponding above-mentioned content of basic input output system subregion.Return
Should interrupt in a basic input output system inspection of the normal operating interrupting above-mentioned computing system, select one or more above-mentioned
Content of basic input output system subregion.Interrupt in response to above-mentioned basic input output system inspection, to one or more above-mentioned
Content of basic input output system and corresponding one or more above-mentioned scrambled message digest enter line access, and using use
Come to produce the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest and key to produce corresponding to one or
Corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregions and correspond to one
Corresponding one or more deciphering message digests of individual or multiple above-mentioned scrambled message digest.Relatively above-mentioned second message digest
With above-mentioned deciphering message digest.And work as one or more above-mentioned second message digests and one or more above-mentioned deciphering message
When digest is not identical in pairs, prevent the operation of a microprocessor.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On
The equipment of stating includes:One ROM of BIOS, including:Multiple content of basic input output system subregions, its
In each above-mentioned content of basic input output system subregion be to save as readable text;And multiple scrambled message digest, wherein
Each above-mentioned scrambled message digest includes an encryption version of one first message digest and corresponding above-mentioned basic input is defeated
Go out system for content subregion;One partition selector, in order to substantially to input in response to the one of the normal operating interrupting above-mentioned computing system
Output system inspection is interrupted, and selects one or more above-mentioned content of basic input output system subregions;And a tamper detector,
It is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector, in order in time interval and event
One occurring combines and produces above-mentioned basic input output system inspection and interrupt, in response to above-mentioned basic input output system inspection
Interrupt and to one or more above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned encryption
Message digest enters line access, instruction one microprocessor using for producing above-mentioned first message digest and above-mentioned scrambled message digest
Identical algorithm and key producing corresponding to corresponding to one or more above-mentioned content of basic input output system subregions
One or more second message digests and corresponding to one or more above-mentioned scrambled message digests corresponding one or
Multiple deciphering message digests, the above-mentioned second message digest of comparison and above-mentioned deciphering message digest, and when one or more above-mentioned
When second message digest and one or more above-mentioned deciphering message digest are not identical in pairs, prevent the behaviour of above-mentioned microprocessor
Make.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On
The equipment of stating includes:One ROM of BIOS, including:Multiple content of basic input output system subregions, its
In each above-mentioned content of basic input output system subregion be to save as readable text;And multiple scrambled message digest, wherein
Each above-mentioned scrambled message digest includes an encryption version of one first message digest and corresponding above-mentioned basic input is defeated
Go out system for content subregion;One microprocessor, is coupled to above-mentioned ROM of BIOS, including:One subregion choosing
Select device, interrupt in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system, select one
Individual or multiple above-mentioned content of basic input output system subregions;And a tamper detector, it is coupled to above-mentioned basic input and output
System rom and above-mentioned partition selector, produce above-mentioned in order to the combination occurring in time interval and event
Basic input output system inspection interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned
Content of basic input output system subregion and corresponding one or more above-mentioned scrambled message digest enter line access, in instruction
State microprocessor to come with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest
Produce corresponding to one or more second messages corresponding to one or more above-mentioned content of basic input output system subregions
Digest and corresponding to one or more above-mentioned scrambled message digests corresponding one or more deciphering message digests, compare
Above-mentioned second message digest and above-mentioned deciphering message digest, and as one or more above-mentioned second message digests and one or
When multiple above-mentioned deciphering message digests are not identical in pairs, prevent the operation of above-mentioned microprocessor.
Furthermore, the present invention provides another kind of method, in order to protect the basic input output system in a computing system.Storage
Deposit multiple content of basic input output system subregions and multiple scrambled message digest is deposited to a basic input output system is read-only
Reservoir, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned encryption news
Breath digest includes an encryption version of one first message digest and corresponding above-mentioned content of basic input output system subregion.
A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects on one or more
State content of basic input output system subregion.Produce above-mentioned basic input in a combination of time interval and event generation defeated
Go out systems inspection to interrupt.Interrupt in response to above-mentioned basic input output system inspection, defeated to one or more above-mentioned basic inputs
Go out system for content and corresponding one or more above-mentioned scrambled message digest enters line access, and using above-mentioned for producing
First message digest to be produced corresponding to one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest
Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more
State corresponding one or more deciphering message digests of scrambled message digest.Relatively above-mentioned second message digest and above-mentioned deciphering
Message digest.And when one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest do not become
To identical when, prevent the operation of a microprocessor.
For industrial application, invention can be implemented in microprocessor, it is to be usable in general or specific use
Computing device.
Brief description
Fig. 1 is to show the block diagram being arranged on the solid element of the motherboard of computing system now;
Fig. 2 is the interconnective block diagram of each element in display Fig. 1, substantially defeated in order to illustrate how computing system configures
Enter/output system;
Fig. 3 is the block diagram showing the framework according to one embodiment of the invention, in order to protect the basic of computing system
Input/output;
Fig. 4 is the block diagram showing the periodicity framework according to one embodiment of the invention, in order to protect computing system
Basic input/output;
Fig. 5 is the block diagram based on event framework showing according to one embodiment of the invention, calculates system in order to protect
The basic input/output of system;
Fig. 6 is the block diagram based on driving framework showing according to one embodiment of the invention, calculates system in order to protect
The basic input/output of system;And
Fig. 7 is to show that the safe basic input/output according to one embodiment of the invention alters protection architecture
Block diagram.
Specific embodiment
Above and other purpose, feature and advantage for enabling the present invention become apparent, and cited below particularly go out preferably to implement
Example, and it is described with reference to the accompanying drawings as follows.
The embodiment of the demonstration of the present invention and explanation is described as follows.For the sake of clarity, not actual enforcement is all
Feature is all described in this.For it will be understood to those of skill in the art that any this practical embodiments exploitation, many specific
All reach specific objective in the decision-making realized, for example, meet constraint related to system and that business is related, can be from an embodiment party
Formula changes over another embodiment.Addition, it will be understood that this development is probably complicated and time-consuming, but for tool
The those skilled in the art having the advantage of the present invention remains routine mission.To those skilled in the art, preferably implement
The various modifications of example are it will be apparent that and may apply to other embodiments in General Principle defined in this.Therefore, originally
Invention is not intended to be limited to shown and specific embodiments described herein, but it is consistent to be endowed scope the widest
Principle and the disclosed present invention novel feature.
The present invention will describe according to drawings below.Describe different structure in the accompanying drawings, system and device to be only used as
Bright, those skilled in the art can't be made to indigestion of the present invention.But, drawings below is used to narration and explains this
The demonstration example of invention.Should be appreciated that using word in this and phrase and be understood as to be understood with those skilled in the art
The word meaning consistent with phrase.Term or phrase particularly do not define, it is, with usual and those skilled in the art
The meaning of the different definition of the meaning of convention that member is understood is to mean that here uses consistent title or phrase.Arrive title
Or the phrase meaning is the degree having special meaning, it is, meaning is different from what those skilled in the art was understood, such
Especially definition by be explicitly recited in directly with clearly provide in the definition mode especially defining to this title or phrase
In detailed description.
Integrated circuit(Integrated Circuit, IC)It is to manufacture in a fritter semi-conducting material(Typically silicon)Interior
One group of electronic circuit.Integrated circuit is also referred to as chip, microchip or crystal grain(die).
CPU(Central Processing Unit, CPU)It is carried out computer program(It is also called and " calculate
Machine is applied " or " application ")Instruction electronic circuit(Such as " hardware "), wherein electronic circuit is that data execution is included calculating
The computings such as art computing, logical operationss and input/output operations.
Microprocessor is the electronic component as the CPU in single IC for both.Microprocessor can receive number
Digital data is using as input, according to from a memorizer(Either in chip or outside chip)The instruction read is processing this number
According to, and produce to be come as output by the operation result of instruction defined.General microprocessor can be using type meter on the table
Calculation machine, mobile phone or tablet PC, and carry out such as calculating, document editor, multimedia display and browse making of the Internet
With.Microprocessor also may be provided at embedded system, to control various devices, including equipment, mobile phone, intelligent
Mobile phone and industrial control device.
Multi-core processor is also called multiple core microprocessor, and multi-core processor is that have manufacture in single IC for both
Multiple CPU microprocessor.
Instruction set architecture(Instruction Set Architecture, ISA)Or instruction set is the meter with regard to programming
Calculate a part for frame structure, including data type, instruction, depositor, addressing mode, memory architecture, interruption and exception management
And input/output.Instruction set architecture includes the one group of operation code implemented by specific central processing unit(Opcode, i.e. machine
Device sound instruction)And the specification of the machine order.
The compatible microprocessor of x86- is the microprocessor that can execute computer utility, and wherein this computer utility is basis
X86 instruction set architecture is programmed.
Microcode(microcode)It is multiple microcommand.Microcommand(It is also called " native instructions ")It is by the son of microprocessor
A kind of instruction performed by unit.Exemplary subelement includes integer unit, floating-point(floating point)Unit, MMX
Unit and loading/storage element.For example, microcommand can be directly by Reduced Instruction Set Computer(reduced instruction
Set computer, RISC)Performed by microprocessor.To complex instruction set computer (CISC)(complex instruction set
Computer, CISC)For microprocessor, the compatible microprocessor of such as x86-, x86 instruction can be translated(translate)Become
Related microcommand, and the microcommand of correlation is directly by a subelement in CISC microprocessor or multiple subelement institute
Execution.
Fuse is a kind of conduction framework, is typically arranged into filament.By applying a voltage to filament and/or filament can be flowed through
Electric current and to blow filament in selected position.Using existing manufacturing technology, fuse can be set on crystal grain, so that whole
Programmable region is configuring filament.After the fabrication, fuse framework is blown(Or do not blow), it is provided that and be arranged on crystal grain
The sequencing required for counter element.
In view of in prior art with regard to protection key procedure and data in computing system trusty, and now
Detecting and/or to prevent these programs and data are altered, FIG. 1 below-Fig. 2 will describe present-day systems to technology in system
In BIOS.Subsequently, the present invention will be described in Fig. 3-Fig. 7.
With reference to Fig. 1, square frame Figure 100 is the motherboard 102 showing and being arranged on computing system now(It is also called system board)'s
Solid element.The element of motherboard 102 includes microprocessor 104(It is also called CPU, processor, processor chips
Deng), volatile memory 106(It is also called random access memory, RAM), chipset 108(It is also called Memory Controller, deposit
Memory hub, input/output wire collector or bridge chip(Such as north bridge or south emigrant)), be usually inserted to the base of socket 112
This input-output system(Basic input/output system, BIOS)Read only memory(Read only memory,
ROM)110 and hard-disk interface 114.Motherboard 102 is generally with completing the other elements needed for certain computer configuration(Such as electricity
Source supply)It is installed in computer housing(Such as desktop PC or notebook type computer casing, mobile phone
Box casing on shell, tablet PC casing, machine).As it is known to those skilled in the art, also having many extra elements and part
(Such as clock generator, fan, adapter, graphic process unit etc.)It is installed on motherboard 102, and in order to simplify description,
These extra elements and part will not show.Additionally, the element 104,106,114,108,110 shown by Fig. 1 is permissible with 112
Multi-form is arranged on motherboard 102, and it should be noted that shown element 104,106,114,108,110 with
112 is the title recognized with reference to them.In this embodiment, microprocessor 104 is to connect via the entity on motherboard 102 plate
Mouthful(Do not show)And it is coupled to element 106,114,108,110 and 112, usually metal routing(trace).Noticeable
It is, because BIOS ROM 110 is subject to quite frequently change in factory and/or field, therefore by socket
112 are arranged on motherboard 102.
With reference to Fig. 2, square frame Figure 200 is to show that the element 104,106,114,108,110 of Fig. 1 is interconnective with 112 to show
It is intended to, in order to illustrate how computing system configures basic input/output(Basic Input/Output System,
BIOS).Square frame Figure 200 is display microprocessor 204, and wherein microprocessor 204 is included in chip(on-chip)High speed cache is deposited
Reservoir 230.Microprocessor 204 is to be coupled to low speed random access memory 206 via memory bus 216.Microprocessor
204 are also coupled to chipset 208 via system bus 218, and chipset 208 respectively via hard-disk interface bus 224 and
Read only memory bus 220 and be coupled to hard-disk interface 214 and BIOS ROM(ROM)210.BIOS ROM
210 can program bus 222 via BIOS and be coupled to optional BIOS DLL(Do not show).As those skilled in the art
Known, the change of the configuration shown by Fig. 2 may include chipset 208, its also provide for interface arrived by system bus 218 with
Machine accesses memorizer 206, rather than direct memory bus 216, and can provide other kinds of bus(Do not show), for even
Connect microprocessor 204 and arrive other kinds of perimeter interface(For example quick perimeter component interconnection(PCI Express), graphics process
Device).
Operationally, as it is known to those skilled in the art, application program 234(Such as MicrosoftIt is previously stored hard disk(Or solid-state disk)On(Do not show), it is via hard disk
Interface 214 is accessed.Because the hard disk slow device that is comparison, application program 234 is before being executed it will usually be passed
Deliver to the random access memory 206 of outside.Then, the application program 234 of part can be cached so that microprocessor 204 is at it
Execution in internal memory cache 230.When the command request microprocessor 204 of application program 234 carrys out execution system level
Operation(For example store files are to hard disk)When, from the instruction of operating system software 232(Such as storage request)Can be by microprocessor
Performed by device 204, the instruction being wherein derived from operating system software 232 is also loaded into random access memory 206 simultaneously from hard disk
Cache is stored in the memory cache 230 of inside.Operating system software 232 provides a kind of more general interface, can enable application
Program 234 carrys out the function of execution system level, without specific known default.Operating system software 232 also considers
Multiple application programs 234 can be executed to microprocessor 204 simultaneously, and also execute background operation and be deposited with effective management random access memory
The use of reservoir 206.
However, operating system 232 is in fact the intermediate level of software in computing system now.In order to be physically connected to
The hardware of computing system(Such as hard disk), operating system 232 has to carry out and is stored in BIOS ROM 210
The instruction of BIOS236.BIOS236 is usually many small routines, and it is the software of the lowest hierarchical level as computing system, is used in combination
Hardware with attended operation system 232 to computing system.Similar in appearance to operating system 232, BIOS236 can provide general-purpose interface to meter
Calculation machine hardware, to allow operating system 232 energy access hardware without specific Interface design.BIOS236 can make system set
Meter person can change the hardware of computing system(Such as hard disk, chipset 208, random access memory 206), without being altered to
Operating system 232 or application program 234.However, when default changes, BIOS236 must be updated, and here it is being
What socket 112 and/or BIOS programming bus 222 are necessarily placed at motherboard 102, and it will make BIOS ROM 210
Can be easily replaced or again be programmed.In some defaults, directly can weigh via BIOS ROM bus 220
New program BIOS ROM 210.Therefore, in order to change to BIOS236, almost all computing system now has
Framework above is provided.BIOS ROM 210 is an independent element, easily to carry out reprogramming or more
Change.
In whole computing system sets, BIOS236 is very important characteristic, because its instruction can be applied with enable
Program 234 and operating system 232 are being directly connected to hardware.In addition to being provided that and connecting to system hardware, BIOS236 can hold
Necessary normal function in some other system of row.For example, after system boot, self detection program of the start in BIOS236
(Power-on self test, POST)Can be performed, to carry out hardware testing, and the correct setting to system and operation
Verified.BIOS236 also includes program and can identify that simultaneously delegation system resource is to the new device installed.BIOS236 also includes journey
Sequence from hard disk down operation system 232 to random access memory 206, and system control can be sent to operating system 232.?
Afterwards, BIOS236 includes program and can detect and prevent distorting of computing system(tampering).
Because BIOS236 is important in the safety of computing system and operation, therefore usually becomes and illegally invaded
Enter(hack)And the main target distorted with other unwarranted forms.For example, many well known behaviour
Have by equipment manufacturers according to the given regulation of the BIOS236 in computing system as system, therefore allow manufacturer can buy to resell
Sell the computing system with preassembled operating system.Generally, manufacturer can be by labelling(Or " mark ")It is programmed into BIOS236
Ad-hoc location, and when starting operating system, labelling can be read out from the ad-hoc location of BIOS236, be to award to confirm
Started shooting in the system of power.If labelling does not exist or incorrect, operating system will be unable to start shooting.
Above example is to program one of different types of security feature of many of BIOS236 now, and provides BIOS
The thoroughly discussing of security function.It should be noted that for system designer, in system, BIOS236 is the main target distorted,
Therefore the protection of BIOS236 is the item of major concern.In the above example, hacker edits(Or reprogramming)BIOS236
Purpose be in order to by computing system be rendered as authoring system give shielded operating system, or modification BIOS so that operation
System thinks that it is running on authoring system, but is not actually.
As described previously, great majority BIOS ROM 110 now is the individual component on motherboard 102, and
It is installed in socket 112, conveniently to be changed when system hardware changes and needs and change BIOS236.Therefore, exist
In the case of lacking other security architectures, as previously described forcible entry is possible to.
Therefore, system designer have been developed over many different technology come to system and running in system should
Detected with program 234 and/or operating system 232 and prevented from altering(tamper).For example, in U.S. Patent Publication No.
In 2005/0015749, Mittal proposes to come to program by the logic of offer security memory section and inclusion encryption technology
And data is encrypted and deciphers, to protect software will not be tampered.However, BIOS is previously stored independently depositing of systems soft ware
Memory space, therefore it is impossible to prevent any type of altering in the case that mobile BIOS is to the identical chips of such as microprocessor.
Then, can easily BIOS be updated by changing chip.
In U.S. Patent Bulletin number 7, in 831,839, Hatakeyama disclose a kind of safety opening terminal read only memory and
Processor, wherein safety opening terminal read only memory include encrypting boot code(Such as BIOS)And processor includes hardware decryption list
Unit.When processor is started shooting, the BIOS of encryption can be read to the internal storage of processor, and decryption unit can be to BIOS
It is decrypted and certification.BIOS if it succeeds, processor can enter safe handling pattern and whole can be from after requiring
Internal storage is performed.Although Hatakeyama provides the framework to protect BIOS via the encryption of oneself content, in order to
Can effectively execute it is necessary to store the BIOS of deciphering using local storage in chip.As it is known to those skilled in the art,
Bios program now(Including default data)Size be megabyte(megabytes).Because providing and can storing million
In the chip of byte data, local storage can increase size and the power consumption of microprocessor, and it will reduce the reliability of element
And increasing entirely secondary cost, the therefore BIOS guard method of Hatakeyama is unfavorable.
The other technologies having been developed over are that whole or a part of BIOS content is encrypted, when carrying out every time
When BIOS requires, need to be decrypted.Therefore, such technology can reduce the performance of computing system, particularly in start, because
It is even with the encryption hardware in chip, deciphering is substantially or slow process.Therefore, from performance, encryption
BIOS content is undesired.
Therefore, all above-mentioned technology(Labelling, divide safe storage, local BIOS memory in chip, in encryption BIOS
Hold)It is not easy to enter line access to system bios read only memory, and performance impact can be reduced simultaneously.Therefore, the present invention provides newly
Being applied to BIOS ROM, to overcome these restrictions, the BIOS that wherein these are arranged on socket read-only deposits the technology of grain husk
Reservoir is easily upgraded.Then, provide unencryption(For example readable text)BIOS content(For example instruct and/or set number
According to).Then, after powering, initial altering can be detected, without the obvious performance reducing system.The present invention will be described in figure
The in figure of 3- Fig. 7.
With reference to Fig. 3, Fig. 3 is the block diagram 300 showing the framework according to one embodiment of the invention, in order to protect calculating
The BIOS of system.Block diagram 300 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard(Example
As processor, CPU etc.), as described previously.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute
The all instructions of x86 instruction set.In another embodiment, microprocessor is provided in the multi-core processor of one chip.?
In another embodiment, microprocessor is virtual processing core, and it represents operation system in the logical gate that can be used in conjunction with processor
The entity handles device of system.In order to describe the present invention, after the necessary element of microprocessor will be described in, wherein as the technology of this area
Many other elements known to personnel(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extracting(fetch)Logic 302, it is coupled to transfer interpreter via bus 324
(translator)304.Transfer interpreter 304 is coupled to execution logic 306 via bus 326.Execution logic 306 includes cipher machine
(crypto)/ hashing unit(hash unit)308, it is coupled to key storage 310 via bus 322.Microprocessor is also
Including EBI 318, in order to connect microprocessor to chipset.EBI 318 is coupled to replacement control via bus 328
Device 312 processed.Reset controller 312 can receive reset signal RESET, and produces off signal SHUTDOWN.Reset controller 312
Including tamper detector 314, wherein tamper detector 314 is coupled to start loader 316 via bus NOBOOT.Reset control
Device 312 processed is coupled to execution logic 306 via altering bus TBUS.
Operationally, extraction logic 302 instructs in order to extraction procedure(In application program, operating system and memorizer
Institute's cache BIOS)To execute.Programmed instruction can provide to transfer interpreter 304 via bus 324.Transfer interpreter 304 can be by journey
Sequence instruction translation is one or more microcommands, and wherein microcommand can be executed by the one or more elements in execution logic 306,
So that the operation specified by execute program instructions.Microcommand(It is also called microcode or firmware)It is specific to microprocessor, and
Cannot be in encapsulation level(package level)It is accessed.
Under normal operation, after power-up, BIOS instruction and setting data can be recorded and be taken at void soon
Intend memorizer, and carry out being extracted for executing by extraction logic 302.However, the normal operating of microprocessor is to occur in success
Replacement and power-up sequence after.Reset controller 312 receives reset signal RESET, and indicates execution logic 306 to execute
Microcode, to execute selftest and activation system.In order to detect BIOS alter and prevent from being provided with microprocessor be
The uncommitted operation of system, before being initiated, reset controller 312 can extract via EBI 318 that BIOS is read-only to be deposited
Reservoir(Do not show)Full content, and to provide extracted content to execution logic 306 via altering bus TBUS.One
In embodiment, the content of BIOS ROM includes digital signature(Digital signature)(It is also called hash(hash)Or message
Digest(digest)), it is stored in the ad-hoc location of BIOS ROM.As it is known to those skilled in the art, according to
The specific hash operations being used, corresponding to BIOS ROM(A size of 4 megabytes)The digital signature of hash exist
It is very little in size(Such as 256), and the certain content institute by BIOS ROM is exclusive.Then, if read-only
The content of memorizer is changed, then the hash of the content being changed will lead to different digital signatures.
Before storage is to BIOS ROM, the manufacturer of microprocessor can use key(cryptographic
key)Digital signature is encrypted, wherein key is to be provided by BIOS manufacturer.In the manufacture process of microprocessor,
Key can be programmed to key storage 310, can enter line access via programmed instruction afterwards.In one embodiment, key
Be microprocessor exclusive.In one embodiment, the content of key storage 310 is only being altered by cipher machine/hashing unit 308
Line access is entered under the control changing detection microcode.Tamper Detection microcode can indicate reset controller 312 to extract the read-only storage of BIOS
The content of device, wherein content include the digital signature of encryption, and the content extracted can carry via altering bus TBUS
It is supplied to execution logic 306.Simultaneously, Tamper Detection microcode can indicate cipher machine/hashing unit 308 according to hashing algorithm
The hash of execution BIOS, wherein BIOS manufacturer is to produce digital signature using hashing algorithm.In one embodiment, hash
Algorithm can be hash(Secure Hash)Algorithm(Such as SHA-0, SHA-1 etc.).Other embodiment be using any
The message summary known(message digest)Algorithm.Tamper Detection microcode also can indicate cipher machine/hashing unit 308 to make
With being stored in the key of key storage 310, the digital signature of encryption extracting from BIOS ROM is carried out
Deciphering.In one embodiment, cipher machine/hashing unit 308 is to use digital encryption standard(Digital Encryption
Standard, DES)Algorithm key is decrypted.In another embodiment, cipher machine/hashing unit 308 is to use
Rank encryption standard(Advanced Encryption Standard, AES)Algorithm.Other embodiment is using any of
Password algorithm.The digital signature of digital signature and deciphering produced by cipher machine/hashing unit 308 can be total via altering
Line TBUS is provided to tamper detector 314, and the encryption version of the wherein digital signature of deciphering is previously stored the read-only storage of BIOS
The ad-hoc location of device.
Tamper detector 314 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection
Device 314 can indicate that start loader 316 via bus NOBOOT, can proceed by the normal boot sequence of microprocessor
(boot sequence).If two digital signatures are different, tamper detector 314 can provide off signal SHUTDOWN,
And indicate start loader 316 to stop boot sequence.Off signal SHUTDOWN can indicate remaining element in microprocessor
Prevent to cut off the electricity supply or to enter(preclude)The normal pattern run.
According to embodiments of the invention, each microprocessor is reset it is only necessary to being stored in BIOS ROM
The scrambled message digest of ad-hoc location is decrypted, and 256 bit strings is decrypted, rather than 4 megabyte strings.Additionally, this
Inventive embodiment allows using the readable text being stored in the accessible configuration of entity(plaintext)BIOS instruction/number
According to the configuration as described by Fig. 1-Fig. 2.BIOS is easily updated, and systematic function will not reduce.Do not need to use for storing up
Deposit the inside local memorizer of the costliness deciphering BIOS.Additionally, being stored in BIOS ROM and for message literary composition
The key plucking encryption cannot be accessed by programmed instruction.Key is only capable of being directly accessed by cipher machine/hashing unit 308.
With reference to Fig. 4, Fig. 4 is the block diagram 400 showing the periodicity framework according to one embodiment of the invention, in order to protect
The BIOS of shield computing system.The framework of Fig. 3 is on startup the BIOS of system to be protected, but works as systems in operation
When, BIOS is possible to be tampered.Therefore, system during the operation with electricity when it would be desirable to be able to protect BIOS illegally not invaded
Enter.Therefore, it is proposed to periodic framework is completing this purpose.
Block diagram 400 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first
Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set.
In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor
It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch
State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art
Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 402, and it is to be coupled to transfer interpreter 404 via bus 424.Transfer interpreter 404 is
It is coupled to execution logic 406 via bus 426.Execution logic 406 includes cipher machine/hashing unit 408, and it is via bus
422 and be coupled to key storage 410.Execution logic 406 also includes random number generator 430.Microprocessor also includes bus and connects
Mouth 418, in order to connect microprocessor to chipset.EBI 418 is coupled to reset controller 412 via bus 428.Weight
Put controller 412 and can receive reset signal RESET, and produce off signal SHUTDOWN.Reset controller 412 includes altering inspection
Survey device 414, wherein tamper detector 414 is coupled to start loader 416 via bus NOBOOT.Tamper detector 414 wraps
Include and alter timer 432.Reset controller 412 is coupled to execution logic via altering bus TBUS and random number bus RBUS
406.
Operationally, the mode performed by framework interior element of Fig. 4 is generally similar to the same name in the framework of Fig. 3
Element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 4 also includes periodically examining
Look into Tamper Detection microcode and the element of BIOS, to judge whether computing system BIOS in operation is tampered.For key,
Alter timer 432 to be accessed by programmed instruction, but specially deposited by tamper detector 414 and Tamper Detection microcode
Take.In one embodiment, alter the normal operating to system in a time interval for the timer 432 to interrupt, the wherein time
Interval is set by Tamper Detection microcode.In one embodiment, time interval is 1 millisecond, and it is enough time to detect
Attacked by the entity of BIOS ROM to be replaced in the BIOS ROM of illegal invasion.1 millisecond of time interval is also
To detect the attack being intended to that existing BIOS ROM is carried out with reprogramming enough.When time interval is interrupted, reset
Controller 412 can extract BIOS ROM via EBI 418(Do not show)Full content, and total via altering
Line TBUS and provide extracted content to execution logic 406.Tamper Detection microcode can indicate reset controller 412 to extract
The content of BIOS ROM, wherein content include the digital signature of encryption, and the content extracted can be via altering
Bus TBUS and provide to execution logic 406.Simultaneously, Tamper Detection microcode can indicate cipher machine/hashing unit 408 basis
Hashing algorithm and execute the hash of BIOS, wherein BIOS manufacturer is to produce digital signature using hashing algorithm.Alter
Detection microcode also indicates that cipher machine/hashing unit 408 can be using being stored in the key of key storage 410 come to read-only from BIOS
The digital signature of encryption that memorizer extracts is decrypted.Digital signature produced by cipher machine/hashing unit 408 and
The digital signature of deciphering can provide to tamper detector 414 via altering bus TBUS, wherein the digital signature of deciphering
Encryption version is previously stored the ad-hoc location of BIOS ROM.
Tamper detector 414 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection
The time point that device 414 can interrupt when occurring in timer to recover the control of microprocessor.If two digital signatures are different,
Then tamper detector 414 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate remaining in microprocessor
Element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, altering timer 432 is not to use fixed time interval.In execution cycle property
The inspection of BIOS illegal invasion, producing random number, it inputs to altering timer Tamper Detection microcode instruction random number generator 430
432, to produce the next time interval that BIOS illegal invasion next time checks.In the manner, execution invasion check when
Between cannot expect with expect.
Similar in appearance to the framework of Fig. 3, according to embodiments of the invention, the periodicity framework execution operation of Fig. 4 only needs to storage
The scrambled message digest that there is the ad-hoc location of BIOS ROM is decrypted, and 256 bit strings is decrypted, rather than
4 megabyte strings.Additionally, during the normal operating of system, periodic framework can protect security system non-away from BIOS
Method is invaded.
With reference to Fig. 5, Fig. 5 be show according to one embodiment of the invention based on event(event-based)Framework
Block diagram 500, in order to protect the BIOS of computing system.When computing system is in normal operating, the framework of Fig. 4 can be used as another reality
Apply example and carry out protection system BIOS, but one of them is the generation based on event, and atemporal passage.These events may include
(But it is not limited to):Harddisk access(Or the input/output access of other forms), change to virtual memory mappings
(mapping)(This framework is usable in the default of virtual processing system), change to speed and usually occur in now
The other kinds of event of computing system.Therefore it provides this purpose is completed based on event framework.
Block diagram 500 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first
Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set.
In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor
It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch
State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art
Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 502, and wherein extraction logic 502 is coupled to transfer interpreter 504 via bus 524.
Transfer interpreter 504 is to be coupled to execution logic 506 via bus 526.Execution logic 506 includes cipher machine/hashing unit 508,
It is to be coupled to key storage 510 via bus 522.Execution logic 506 also includes random number generator 530.Microprocessor
Also include EBI 518, in order to connect microprocessor to chipset.EBI 518 is to be coupled to weight via bus 528
Put controller 512.Reset controller 512 receives reset signal RESET, and produces off signal SHUTDOWN.Reset controller
512 include tamper detector 514, and it is to be coupled to start loader 516 via bus NOBOOT.Tamper detector 514 wraps
Include event detector 542, its receives input/output access signal I/O ACCESS, virtual memory mappings change signal
VMMAP, processor speed change signal SPEED and other event signals OTHER.Reset controller 512 is total via altering
Line TBUS and random number bus RBUS and be coupled to execution logic 506.
Operationally, the mode performed by framework interior element of Fig. 5 is generally similar to the phase in Fig. 3 and the framework of Fig. 4
Word element of the same name.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 4 also includes checking
The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective
Property inspection is the generation according to event, rather than according to the time.Applicant have observed that in computing system now, microprocessor meeting
Execution certain law ground event, such as I/O accesses(I.e. hard disk, the interconnection of quick perimeter component(PCI Express)), core
Heart clock speed changes, operating system calls, system mode changes etc..Therefore, event detector 542 received signal is only
Individual example, being not limited in block diagram 500 can be for triggering the type of the event of BIOS inspection.
Similar in appearance to key it is impossible to enter line access to event detector 542 via execute program instructions, and event detector
542 are only capable of being accessed by tamper detector 514 and Tamper Detection microcode.In one embodiment, when one of above-mentioned event is sent out
When raw, event detector 542 can interrupt the normal operating of system, i.e. signal I/O ACCESS, VMMAP, SPEED and OTHER
In the presence of one.In another embodiment, when one of multiple above-mentioned events occur, event detector 542 can interrupt system
Normal operating.In another embodiment, when multiple events occur(Such as I/O access and core clock rapid change),
Event detector 542 can interrupt the normal operating of system.The number of times of selected event and generation is by Tamper Detection microcode
Set.When an interrupt occurs, reset controller 512 can extract BIOS ROM via EBI 518(Do not show
Show)Full content, and provide extracted content via altering bus TBUS to execution logic 506.Tamper Detection microcode
Can indicate that reset controller 512 includes the digital signature of encryption extracting the content of BIOS ROM, wherein content, with
And the content extracted can provide to execution logic 506 via altering bus TBUS.Tamper Detection microcode can indicate cipher machine/
Hashing unit 508 executes the hash of BIOS according to hashing algorithm, and wherein BIOS manufacturer is using hashing algorithm
Produce digital signature.Tamper Detection microcode also indicates cipher machine/hashing unit 508, using being stored in the close of key storage 510
Key the digital signature of encryption extracting from BIOS ROM is decrypted.Cipher machine/hashing unit 508 is produced
The digital signature of raw digital signature and deciphering can provide to tamper detector 514 via altering bus TBUS, wherein
The encryption version of the digital signature of deciphering is previously stored the ad-hoc location of BIOS ROM.
Tamper detector 514 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection
The time point that device 514 can interrupt when occurring in event triggering to recover the control of microprocessor.If two digital signatures are different
, then tamper detector 514 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate remaining in microprocessor
Element cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator
530 producing random number, rather than the number of times being occurred using event.Random number can be input to event detector 542, set to send out
Raw in execution once BIOS trespass the quantity checking the event that continues before setting.In this embodiment, trigger illegally
The quantity invading the event checking cannot be predicted and expected via the secret application performed by microprocessor.In another embodiment
In, random number is used to change the type of the event that triggering BIOS forcible entry next time checks.
Similar in appearance to the framework of Fig. 3 and Fig. 4, according to embodiments of the invention, the event-triggered architecture execution operation of Fig. 5 only needs
The scrambled message digest of the ad-hoc location being stored in BIOS ROM is decrypted, that is, to 256 bit strings(Encrypt
Message digest)It is decrypted, rather than 4 megabyte strings(I.e. whole BIOS).Additionally, the normal operating phase in system
Between, event-triggered architecture can protect security system away from the illegal invasion of BIOS, the event that wherein triggering illegal invasion checks
Quantity and type cannot be determined and force.
With reference to Fig. 6, Fig. 6 be show according to one embodiment of the invention based on subregion(partition-based)Frame
The block diagram 600 of structure, in order to protect the BIOS of computing system.When computing system is in normal operating, the framework of Fig. 6 can be used as separately
One embodiment carrys out protection system BIOS, but one of them is to work as to alter timer interruption(The embodiment of such as Fig. 3)Or be
System event is triggered(The embodiment of such as Fig. 4)When, the only subset to BIOS(subset)Checked.Therefore, based on subregion
It is quite crucial setting for performance that mechanism provides a kind of, because tested in each trigger point only some BIOS
Look into, then the impact to systematic function is less.
In the embodiment in fig 6, BIOS space is divided into multiple subregions, and each of which subregion has corresponding message literary composition
Pluck, wherein message digest is to have encrypted and be stored in corresponding position in BIOS ROM.In one embodiment, to many
For each subregion of individual subregion, partitions sizes are identicals.In another embodiment, multiple subregions are of different sizes.
In one embodiment, check triggering in response to BIOS(The timer that for example event occurs interrupts), only one in multiple subregions
Subregion can be examined.Check triggering in response to BIOS, the multiple subregions in multiple subregions can be examined.In another embodiment,
Check triggering in response to BIOS, can checked number of partitions be to be determined by Tamper Detection microcode in multiple subregions(Such as one
The cycle 1-3-1-2 of individual repetition).
Block diagram 600 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first
Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set.
In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor
It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch
State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art
Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 602, and wherein extraction logic 602 is to be coupled to transfer interpreter via bus 624
604.Transfer interpreter 604 is to be coupled to execution logic 606 via bus 626.Execution logic 606 includes cipher machine/hashing unit
608, it is to be coupled to key storage 610 via bus 622.Execution logic 606 also includes random number generator 630.Micro- place
Reason device also includes EBI 618, in order to connect microprocessor to chipset.EBI 618 is to couple via bus 628
In reset controller 612.Reset controller 612 receives reset signal RESET, and produces off signal SHUTDOWN.Reset control
Device 612 processed includes tamper detector 614, and it is to be coupled to start loader 616 via bus NOBOOT.Tamper detector
614 include partition selector 652.Reset controller 612 is to be coupled to via altering bus TBUS and random number bus RBUS
Execution logic 606.
Operationally, the mode performed by framework interior element of Fig. 6 be generally similar to identical in the framework of Fig. 3-Fig. 5
Name element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 6 also includes checking
The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective
Property inspection be generation according to triggering as described earlier.According to the generation of triggering, partition selector 652 can select effectively
One or more subregions of BIOS are being checked.
Similar in appearance to key it is impossible to enter line access to partition selector 652 via execute program instructions, and partition selector
652 are only capable of being accessed by tamper detector 614 and Tamper Detection microcode.When BIOS checks that triggering occurs, computing system
Normal operating is interrupted, and partition selector 652 can indicate controller 612 and to extract via EBI 618 that BIOS is read-only to be deposited
Reservoir(Do not show)One or more subregions content, and provide via altering bus TBUS extracted content to execute
Logic 606.Including one or more corresponding encryptions digital signature content can via alter bus TBUS provide to
Execution logic 606.Tamper Detection microcode can indicate cipher machine/hashing unit 608 executed according to hashing algorithm one or
The hash of multiple subregions, wherein BIOS manufacturer are to produce one or more digital signatures using hashing algorithm.Alter inspection
Micrometer code also indicates cipher machine/hashing unit 608, using being stored in the key of key storage 610 come to depositing from BIOS is read-only
Corresponding one or more digital signatures of having encrypted that reservoir extracts are decrypted.Cipher machine/hashing unit 608 is produced
One or more digital signatures of raw one or more digital signatures and deciphering can via alter bus TBUS provide to
Tamper detector 614, the encryption version of wherein one or more digital signatures of deciphering is previously stored BIOS ROM
One or more ad-hoc locations.
Tamper detector 614 can be compared to one or more pairs of digital signatures.If whole is relatively identical,
The time point that then tamper detector 614 can interrupt when occurring in event triggering to recover the control of microprocessor.If numeral is signed
Chapter is different, then tamper detector 614 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate microprocessor
In device, remaining element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator
630 producing random number, rather than checks fixing or circulation numeral multiple subregions.Random number can be input to partition selector
652, so as to set occur execution on once BIOS trespass check set before the event that continues quantity.Here is implemented
In example, in checkpoint trigger, the quantity of effective subregion cannot be predicted via the secret application performed by microprocessor and in advance
Phase.In different embodiments, random number is used to indicate next subregion of the multiple subregions to be checked.
With reference to Fig. 7 figure, Fig. 7 is to show that the BIOS according to one embodiment of the invention alters the block diagram of protection architecture
700.The embodiment of Fig. 7 provides complete configuration, not only start when and reset when execution computing system BIOS complete
Face checks, and is combining the operation being used with reference to the technology of Fig. 4-Fig. 6, also the BIOS of system can be provided and comprehensively protect
Shield.
Block diagram 700 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first
Front described.In one embodiment, microprocessor is compatible to x86 framework, and can execute all instructions of x86 instruction set.?
In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor is
Virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to describe
The present invention, after the necessary element of microprocessor will be described in, wherein many other elements as known to persons skilled in the art
(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 702, and wherein extraction logic 702 is coupled to transfer interpreter 704 via bus 724.
Transfer interpreter 704 is coupled to execution logic 706 via bus 726.Execution logic 706 includes cipher machine/hashing unit 708, its
It is to be coupled to key storage 710 via bus 722.Execution logic 706 also includes random number generator 730.Microprocessor is also
Including EBI 718, in order to connect microprocessor to chipset.EBI 718 is coupled to replacement control via bus 728
Device 712 processed.Reset controller 712 receives reset signal RESET, and produces off signal SHUTDOWN.Reset controller 712 wraps
Include tamper detector 714, it is coupled to start loader 716 via bus NOBOOT.Tamper detector 714 includes altering meter
When device 732, event detector 742 and partition selector 752.Event detector 742 receives inputs/output access signal I/O
ACCESS, virtual memory mappings change signal VMMAP, processor speed changes signal SPEED and other event signals
OTHER.Reset controller 712 is coupled to execution logic 706 via altering bus TBUS and random number bus RBUS.
Operationally, the mode performed by framework interior element of Fig. 7 be generally similar to identical in the framework of Fig. 3-Fig. 6
Name element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 7 also includes checking
The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective
Property inspection be according to interrupt from the timer altering timer 732 and event as described in Figure 5 triggering generation.According to
Timer interrupts or the generation of event triggering, and partition selector 752 can select one or more subregions of BIOS effectively
Check, as depicted in fig. 6.
Alter timer 732, event detector 742 and partition selector 752 to enter via execute program instructions
Line access, and partition selector 752 is only capable of being accessed by tamper detector 714 and Tamper Detection microcode.When timer interrupts
Or during event triggering generation, the normal operating of computing system is interrupted, and partition selector 752 can indicate controller 712 warp
BIOS ROM is extracted by EBI 718(Do not show)One or more subregions content, and total via altering
Line TBUS and provide extracted content to execution logic 706.Digital signature including one or more corresponding encryptions
Content can provide to execution logic 706 via altering bus TBUS.Tamper Detection microcode can indicate cipher machine/hashing unit
708 hash executing one or more subregions according to hashing algorithm, wherein BIOS manufacturer is using hashing algorithm
Produce one or more digital signatures.Tamper Detection microcode also indicates cipher machine/hashing unit 708, is stored up using being stored in key
The key of storage 710 the one or more digital signatures of having encrypted corresponding to extracting from BIOS ROM are entered
Row deciphering.One or more numerals of one or more digital signatures produced by cipher machine/hashing unit 708 and deciphering
Stamped signature can provide to tamper detector 714 via altering bus TBUS, wherein one or more digital signatures of deciphering plus
Close version is previously stored one or more ad-hoc locations of BIOS ROM.
Tamper detector 714 can be compared to one or multipair digital signature.If whole is relatively identical,
The time point that then tamper detector 714 can interrupt when occurring in event triggering to recover the control of microprocessor.If numeral is signed
Chapter is different, then tamper detector 714 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate microprocessor
In device, remaining element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In one embodiment, timer interrupts and the built-up sequence of event triggering is to be determined by Tamper Detection microcode.
In another embodiment, by random number generator 730, at the end of BIOS inspection, produced random number can indicate whether next BIOS
Inspection can be interrupted according to timer or event triggers and starts.As shown in Fig. 4-Fig. 5, in some embodiments, random number is produced
Raw device 730 can randomly change the quantity of time interval and/or event type and event.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator
730 producing random number, rather than checks fixing or circulation numeral multiple subregions.Random number can be input to partition selector
752, to be set in the next quantity that BIOS next time trespasses the subregion to be checked during checking.In this embodiment
In, in checkpoint trigger, the quantity of effective subregion cannot be predicted via the secret application performed by microprocessor and in advance
Phase.In different embodiments, random number is used to indicate next subregion of the multiple subregions to be checked.
According to embodiments of the present invention, the element of microprocessor is configured to carry out previously described function and operation.
Element includes logic, circuit, equipment or microcode(I.e. microcommand or native instructions)Or a combination thereof, or it is used to execute basis
Function of the present invention and the equivalence element operating.In microprocessor using come complete function and the element operating can with micro-
Share for executing other circuit, microcode of other functions and/or operation etc. in processor.Application according to the present invention, microcode
It is used to indicate that one or more microcommands.Microcommand(It is also called native instructions)It is the instruction performed by a unit.Example
As microcommand can be directly by Reduced Instruction Set Computer(RISC)Performed by microprocessor.For complex instruction set computer (CISC)
(CISC)For microprocessor, the compatible microprocessor of such as x86-, x86 instruction can be translated into the microcommand of correlation, and related
Microcommand can be performed by one or more of direct CISC microprocessor unit.
Software that the present invention and corresponding narrating content are provided or algorithm and symbol are to represent a Computer Storage
The operation of the data bit in device.These contents and accompanying drawing can make those skilled in the art effectively express related content and give ability
Other technical staff in domain.The use of above-mentioned algorithm is to express the order of self self-consistentency.These steps need thing
The physical level operation of reason amount.In general, these physical quantitys are probably light, electricity or magnetic signal, it can be stored, change, whole
Close, compare and other operation.Some for convenience, these signals can be referred to as position, value, element, symbol, characteristic, project, quantity
Or other related content.
It is to be noted, however, that these similar terms are relevant with physical quantity, and simply in order to convenient, these are described
Physical quantity.Unless stated otherwise, not so above-mentioned term(As related in process, estimation, calculating, judgement, display or other
Term)Refer to a computer system, the action of a microprocessor, a CPU or similar Electronic Accounting Machine Unit
And process, its operation simultaneously change data, it represents the quantity of physical property, the depositor of computer system and memorizer, in order to
Physics to the memorizer, depositor or other similar information accumulation device or display device of other alike computer systems
The data of amount.
Should be noted, the method that the present invention realizes software is the transmission in program storage media or other similar kenel
Encoded on media.Program storage media is probably electronic type(As read only memory, flash ROM, electronics erasing
Formula read only memory), random access memory magnetic devices(As floppy disk or hard disk)Or optical profile type(As compact disc-ROM CD
ROM), and other read-only or random access memory element.Similarly, transmission media are probably plain conductor, twisted-pair feeder, coaxial electrical
Cable, optical fiber or other known similar transmission media.The present invention is not limited in these embodiments.
Although the present invention is disclosed as above with preferred embodiment, so it is not limited to the present invention, the technology of this area
Personnel, under the premise without departing from the spirit and scope of the present invention, can make a little change and retouching, the therefore protection of the present invention
Scope is to be defined by the claim of the present invention.
Claims (42)
1. a kind of equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as
Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with
And corresponding above-mentioned content of basic input output system subregion;
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system
Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases
The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy
Enough access this partition selector, in order in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned bases
This input-output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, indicate that one is micro-
Processor is produced with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest
Corresponding to the one or more second message digests corresponding to one or more above-mentioned content of basic input output system subregions
And it is above-mentioned corresponding to corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, comparison
Second message digest and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and one or more
When above-mentioned deciphering message digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
2. equipment as claimed in claim 1, wherein above-mentioned basic input output system inspection is interrupted being periodically for the moment
Between interval produce.
3. equipment as claimed in claim 1, wherein above-mentioned basic input output system inspection is interrupted being sending out according to an event
Give birth to and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
4. equipment as claimed in claim 1, wherein above-mentioned microprocessor be produced using a Secure Hash Algorithm above-mentioned
Second message digest.
5. equipment as claimed in claim 1, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm
Above-mentioned deciphering message digest.
6. equipment as claimed in claim 1, wherein above-mentioned microprocessor include the cipher machine that is arranged in an execution logic/
Hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be to be produced by above-mentioned cipher machine/hashing unit
Raw, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
7. equipment as claimed in claim 6, wherein above-mentioned microprocessor also includes the unrest being arranged in above-mentioned execution logic
Number producer, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces a random number,
Wherein above-mentioned partition selector is randomly to be set in during next basic input output system checks using above-mentioned random number
The quantity of the above-mentioned content of basic input output system subregion to be checked.
8. a kind of equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as
Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with
And corresponding above-mentioned content of basic input output system subregion;And
One microprocessor, is coupled to above-mentioned ROM of BIOS, including:
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system
Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases
The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy
Enough access this partition selector, in order in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned bases
It is above-mentioned that this input-output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction
Microprocessor is produced with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest
Raw civilian corresponding to one or more second messages corresponding to one or more above-mentioned content of basic input output system subregions
Pluck and corresponding in corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, comparison
State the second message digest and above-mentioned deciphering message digest, and work as one or more above-mentioned second message digests and one or many
When individual above-mentioned deciphering message digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
9. equipment as claimed in claim 8, wherein above-mentioned basic input output system inspection is interrupted being periodically for the moment
Between interval produce.
10. equipment as claimed in claim 8, wherein above-mentioned basic input output system inspection is interrupted being sending out according to an event
Give birth to and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
11. equipment as claimed in claim 8, wherein above-mentioned microprocessor be produced using a Secure Hash Algorithm above-mentioned
Second message digest.
12. equipment as claimed in claim 8, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm
Above-mentioned deciphering message digest.
13. equipment as claimed in claim 8, wherein above-mentioned microprocessor also includes:
One cipher machine/hashing unit, is arranged in an execution logic, in order to produce above-mentioned second message digest and above-mentioned deciphering
Message digest, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
14. equipment as claimed in claim 13, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection
Afterwards, produce a random number,
Wherein above-mentioned partition selector is randomly to be set in next basic input output system inspection using above-mentioned random number
The quantity of the above-mentioned content of basic input output system subregion that period to be checked.
A kind of 15. methods in order to protect the basic input output system in a computing system, including:
Store multiple content of basic input output system subregions and multiple scrambled message digest to a basic input output system
Read only memory, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned
Scrambled message digest is included in an encryption version and the corresponding above-mentioned basic input output system of one first message digest
Hold subregion;
A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects one or many
Individual above-mentioned content of basic input output system subregion, wherein selected one or more above-mentioned content of basic input output system
The quantity of subregion is to be determined by a Tamper Detection microcode;
Interrupt in response to above-mentioned basic input output system inspection, one or more above-mentioned content of basic input output system are divided
Area and corresponding one or more above-mentioned scrambled message digest enter line access, and using for producing above-mentioned first message
Digest to be produced corresponding to selected one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest
Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more
State corresponding one or more deciphering message digests of scrambled message digest;
Relatively above-mentioned second message digest and above-mentioned deciphering message digest;And
And when one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest are not paired phases
Meanwhile, prevent the operation of a microprocessor.
16. methods as claimed in claim 15, wherein above-mentioned basic input output system inspection is interrupted being periodically one
Time interval produces.
17. methods as claimed in claim 15, wherein above-mentioned basic input output system inspection is interrupted being according to an event
Occur and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
18. methods as claimed in claim 15, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one
Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter
The step of line access also includes:
Produce above-mentioned second message digest using a Secure Hash Algorithm.
19. methods as claimed in claim 15, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one
Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter
The step of line access also includes:
Produce above-mentioned deciphering message digest using an advanced encryption standard algorithm.
20. methods as claimed in claim 15, wherein above-mentioned microprocessor includes the password being arranged in an execution logic
Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute
Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
21. methods as claimed in claim 20, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one
Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly
Number, wherein above-mentioned subregion select to be randomly to be set in during next basic input output system checks using above-mentioned random number
The quantity of the above-mentioned content of basic input output system subregion to be checked.
A kind of 22. equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as
Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with
And corresponding above-mentioned content of basic input output system subregion;
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system
Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases
The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy
Enough access this partition selector, produce above-mentioned basic input and output system in order to the combination occurring in time interval and event
System check interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned basic input and output systems
System content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction one microprocessor using use
Come to produce the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest and key to produce corresponding to one or
Corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregions and correspond to one
Corresponding one or more deciphering message digests of individual or multiple above-mentioned scrambled message digest, the above-mentioned second message digest of comparison
With above-mentioned deciphering message digest, and work as one or more above-mentioned second message digests and one or more above-mentioned deciphering message
When digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
23. equipment as claimed in claim 22, wherein above-mentioned microprocessor be using a Secure Hash Algorithm to produce on
State the second message digest.
24. equipment as claimed in claim 22, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm
Raw above-mentioned deciphering message digest.
The combinations thereof that 25. equipment as claimed in claim 22, wherein time interval and event occur includes time interval
And the programmed order that event occurs.
26. equipment as claimed in claim 22, wherein above-mentioned microprocessor includes the password being arranged in an execution logic
Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute
Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
27. equipment as claimed in claim 26, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one
Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly
Number, wherein when the time interval that an event occurs is overdue, altering timer is randomly to set next using above-mentioned random number
Whether individual basic input output system inspection is interrupted setting up.
28. equipment as claimed in claim 26, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one
Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly
Number, wherein above-mentioned partition selector is randomly to be set in next basic input output system using above-mentioned random number to check the phase
Between the quantity of above-mentioned content of basic input output system subregion to be checked.
A kind of 29. equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as
Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with
And corresponding above-mentioned content of basic input output system subregion;
One microprocessor, is coupled to above-mentioned ROM of BIOS, including:
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system
Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases
The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy
Enough access this partition selector, produce above-mentioned basic input and output system in order to the combination occurring in time interval and event
System check interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned basic input and output systems
System content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction above-mentioned microprocessor use
It is used for producing above-mentioned first message digest to produce corresponding to one with key with the identical algorithm of above-mentioned scrambled message digest
Or corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregion and corresponding to
Corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, the above-mentioned second message literary composition of comparison
Pluck and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and one or more above-mentioned deciphering news
When breath digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
30. equipment as claimed in claim 29, wherein above-mentioned microprocessor be using a Secure Hash Algorithm to produce on
State the second message digest.
31. equipment as claimed in claim 29, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm
Raw above-mentioned deciphering message digest.
The combinations thereof that 32. equipment as claimed in claim 29, wherein time interval and event occur includes time interval
And the programmed order that event occurs.
33. equipment as claimed in claim 29, wherein above-mentioned microprocessor also includes:
One cipher machine/hashing unit, is arranged in an execution logic, in order to produce above-mentioned second message digest and above-mentioned deciphering
Message digest, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
34. equipment as claimed in claim 33, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection
Afterwards, produce a random number, wherein when one event occur time interval overdue when, alter timer be using above-mentioned random number come with
Machine ground sets next basic input output system inspection is interrupted whether setting up.
35. equipment as claimed in claim 33, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection
Afterwards, produce a random number, wherein above-mentioned partition selector is randomly to be set in next basic input using above-mentioned random number
The quantity of the above-mentioned content of basic input output system subregion to be checked during output system inspection.
A kind of 36. methods in order to protect the basic input output system in a computing system, including:
Store multiple content of basic input output system subregions and multiple scrambled message digest to a basic input output system
Read only memory, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned
Scrambled message digest is included in an encryption version and the corresponding above-mentioned basic input output system of one first message digest
Hold subregion;
A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects one or many
Individual above-mentioned content of basic input output system subregion, wherein selected one or more above-mentioned content of basic input output system
The quantity of subregion is to be determined by a Tamper Detection microcode;
Produce above-mentioned basic input output system inspection and interrupt in a combination of time interval and event generation;
Interrupt in response to above-mentioned basic input output system inspection, one or more above-mentioned content of basic input output system are divided
Area and corresponding one or more above-mentioned scrambled message digest enter line access, and using for producing above-mentioned first message
Digest to be produced corresponding to selected one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest
Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more
State corresponding one or more deciphering message digests of scrambled message digest;
Relatively above-mentioned second message digest and above-mentioned deciphering message digest;And
When one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest are not identical in pairs,
Prevent the operation of a microprocessor.
37. methods as claimed in claim 36, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one
Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter
The step of line access also includes:
Produce above-mentioned second message digest using a Secure Hash Algorithm.
38. methods as claimed in claim 36, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one
Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter
The step of line access also includes:
Produce above-mentioned deciphering message digest using an advanced encryption standard algorithm.
The combinations thereof that 39. methods as claimed in claim 36, wherein time interval and event occur includes time interval
And the programmed order that event occurs.
40. methods as claimed in claim 36, wherein above-mentioned microprocessor includes the password being arranged in an execution logic
Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute
Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
41. methods as claimed in claim 40, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one
Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly
Number, wherein when the time interval that an event occurs is overdue, altering timer is randomly to set next using above-mentioned random number
Whether individual basic input output system inspection is interrupted setting up.
42. methods as claimed in claim 40, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one
Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly
Number, wherein subregion select be randomly to be set in next basic input output system inspection using above-mentioned random number during be intended to examine
The quantity of the above-mentioned content of basic input output system subregion looked into.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/079,299 US9183394B2 (en) | 2013-11-13 | 2013-11-13 | Secure BIOS tamper protection mechanism |
US14/079,299 | 2013-11-13 | ||
US14/079,226 US9129113B2 (en) | 2013-11-13 | 2013-11-13 | Partition-based apparatus and method for securing bios in a trusted computing system during execution |
US14/079,226 | 2013-11-13 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103810443A CN103810443A (en) | 2014-05-21 |
CN103810443B true CN103810443B (en) | 2017-03-01 |
Family
ID=50707192
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410085132.9A Active CN103810443B (en) | 2013-11-13 | 2014-03-10 | The apparatus and method for of protection basic input output system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103810443B (en) |
TW (1) | TWI520001B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112908392B (en) * | 2021-02-09 | 2023-09-15 | 东芯半导体股份有限公司 | Control method for controlling parameters of nonvolatile memory |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5802592A (en) * | 1996-05-31 | 1998-09-01 | International Business Machines Corporation | System and method for protecting integrity of alterable ROM using digital signatures |
CN1231787A (en) * | 1996-09-30 | 1999-10-13 | 英特尔公司 | Secure BIOS |
CN1591362A (en) * | 2003-08-25 | 2005-03-09 | 联想(北京)有限公司 | Safety chip information processing apparatus and starting method based on chip |
CN101421739A (en) * | 2006-04-13 | 2009-04-29 | 惠普开发有限公司 | Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS |
CN103038745A (en) * | 2010-05-21 | 2013-04-10 | 惠普发展公司,有限责任合伙企业 | Extending an integrity measurement |
-
2014
- 2014-02-27 TW TW103106704A patent/TWI520001B/en active
- 2014-03-10 CN CN201410085132.9A patent/CN103810443B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5802592A (en) * | 1996-05-31 | 1998-09-01 | International Business Machines Corporation | System and method for protecting integrity of alterable ROM using digital signatures |
CN1231787A (en) * | 1996-09-30 | 1999-10-13 | 英特尔公司 | Secure BIOS |
CN1591362A (en) * | 2003-08-25 | 2005-03-09 | 联想(北京)有限公司 | Safety chip information processing apparatus and starting method based on chip |
CN101421739A (en) * | 2006-04-13 | 2009-04-29 | 惠普开发有限公司 | Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS |
CN103038745A (en) * | 2010-05-21 | 2013-04-10 | 惠普发展公司,有限责任合伙企业 | Extending an integrity measurement |
Also Published As
Publication number | Publication date |
---|---|
TW201518987A (en) | 2015-05-16 |
CN103810443A (en) | 2014-05-21 |
TWI520001B (en) | 2016-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10089470B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
US9183394B2 (en) | Secure BIOS tamper protection mechanism | |
EP2874091B1 (en) | Partition-based apparatus and method for securing bios in a trusted computing system during execution | |
EP2874092B1 (en) | Recurrent BIOS verification with embedded encrypted hash | |
US9367689B2 (en) | Apparatus and method for securing BIOS in a trusted computing system | |
US10049217B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
US9779242B2 (en) | Programmable secure bios mechanism in a trusted computing system | |
US9798880B2 (en) | Fuse-enabled secure bios mechanism with override feature | |
CN103810442A (en) | Equipment for protecting basic input/output system and method thereof | |
US9779243B2 (en) | Fuse-enabled secure BIOS mechanism in a trusted computing system | |
CN103810443B (en) | The apparatus and method for of protection basic input output system | |
US10055588B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
EP3316168B1 (en) | Fuse-enabled secure bios mechanism in a trusted computing system | |
TWI655555B (en) | Apparatus and method for securing bios | |
CN107273770B (en) | Protection apparatus and method for bios | |
US9767288B2 (en) | JTAG-based secure BIOS mechanism in a trusted computing system | |
US10095868B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
Shire | Microprocessors and Microcontrollers Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |