CN103810443B - The apparatus and method for of protection basic input output system - Google Patents

The apparatus and method for of protection basic input output system Download PDF

Info

Publication number
CN103810443B
CN103810443B CN201410085132.9A CN201410085132A CN103810443B CN 103810443 B CN103810443 B CN 103810443B CN 201410085132 A CN201410085132 A CN 201410085132A CN 103810443 B CN103810443 B CN 103810443B
Authority
CN
China
Prior art keywords
mentioned
output system
basic input
input output
message digest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410085132.9A
Other languages
Chinese (zh)
Other versions
CN103810443A (en
Inventor
G.G.亨利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Via Technologies Inc
Original Assignee
Via Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/079,299 external-priority patent/US9183394B2/en
Priority claimed from US14/079,226 external-priority patent/US9129113B2/en
Application filed by Via Technologies Inc filed Critical Via Technologies Inc
Publication of CN103810443A publication Critical patent/CN103810443A/en
Application granted granted Critical
Publication of CN103810443B publication Critical patent/CN103810443B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Abstract

The present invention discloses a kind of apparatus and method for of protection basic input output system.One read only memory includes multiple subregions and multiple encrypted digest.Each subregion is to save as readable text.Each encrypted digest includes the encryption version of the first digest and corresponding subregion.One selector is to select one or more subregions in response to interruption.One detector is, in response to this interruption, above-mentioned subregion and corresponding above-mentioned encrypted digest are entered with line access, and indicates that a microprocessor produces corresponding to one or more second digests corresponding to above-mentioned subregion and corresponding to the one or more deciphering digests corresponding to above-mentioned encrypted digest using for producing the first digest algorithm identical with encrypted digest and key.More above-mentioned second digest of selector and above-mentioned deciphering digest, and when above-mentioned second digest and above-mentioned deciphering digest are not identical in pairs, prevent the operation of this microprocessor.

Description

The apparatus and method for of protection basic input output system
Technical field
The present invention relates to a kind of microelectronics, basic input/output in computing system more particularly to can be protected (Basic input/output system, BIOS)Apparatus and method.
Background technology
Calculating platform has various forms and size, for example:Desktop PC, mobile computer, tablet PC, individual Personal digital assistant(PDA)And smart mobile phone.In the calculating platform of these multi-forms, only minority can adopt very powerful Instrument.
After calculating platform is opened, the calculating platform of nearly all form is shared identical basic structure or joins Put.It is a CPU in its core(Typically microprocessor), for storing the memorizer of program(With hard disc or solid The form of state hard disc), the faster memorizer of configuration processor(It is usually random access memory)And the basic input of storage/defeated Go out system(Basic input/output system, BIOS)Memorizer.
For these platforms, BIOS is the bottom of layering programming, and it can start the operating system of standard and application journey Sequence, and the hardware being configured using specific calculation platform is executing operation.BIOS is generally and hardware interface has substantial amounts of relatedness, So when platform configuration has change, the program of higher-order layer does not need modification can accommodate these changes.Certainly, when there being change When, BIOS would generally be upgraded, here it is why the storage of BIOS is generally and the storage of operating system and application program is point From.
BIOS not only includes the basic operation of calculating platform, and it also includes configuration data and secure data(For example calculate Whether system is authorized to execute specific application program etc.).Because BIOS contains secure data, it is typically hacker Etc target.For example, by the BIOS of modification system, undelegated user just can execute unwarranted program.Therefore, To system designer it is extremely important that, when system does not work BIOS operates when, the effectiveness of BIOS and complete performance Protected and ensured.
Therefore, in order to be able to support upgrading and/or reprogramming to support the change of system configuration, on the one hand to wish system BIOS can easily enter line access.And on the other hand, it is critically important for protect or limit the content to BIOS entering line access, to keep away Exempt from distorting without permission.
Some trials realizing one or two above-mentioned target can lead to framework to be limited.For example, the BIOS of mobile storage To on the same chip of the microprocessor of similar system to prevent BIOS to be tampered, but run counter to easily scalable mesh completely , because BIOS is no longer entity access.Other technologies emphasize the encryption of BIOS content, and from the viewpoint of protection, this is favourable , but this can cut down the performance of system.Because each need using the operation to unacceptable quantity come to BIOS content It is decrypted.
Accordingly, it would be desirable to a kind of accessibility of BIOS content that can support computing system and upgrading, BIOS also can be protected Content exempts from the innovative techniques distorted without permission.
Content of the invention
The present invention provides preferably technology, in order to solve the above problems and to meet other problems and shortcoming and prior art Limited.
The invention provides a kind of outstanding technology, the BIOS for protecting computing system avoids attacking.In an embodiment In, there is provided a kind of equipment, in order to protect the basic input output system in a computing system.It is basic that the said equipment includes one Input-output system read only memory, a partition selector and a tamper detector.Above-mentioned basic input output system is read-only to deposit Reservoir includes multiple content of basic input output system subregions and multiple scrambled message digest.Each above-mentioned basic input and output System for content subregion is to save as readable text, and each above-mentioned scrambled message digest includes the one of one first message digest and adds Close version and corresponding above-mentioned content of basic input output system subregion.In response to the normal behaviour interrupting above-mentioned computing system The basic input output system inspection made is interrupted, and above-mentioned partition selector selects one or more above-mentioned basic input and output systems System content partition.Above-mentioned tamper detector is coupled to above-mentioned ROM of BIOS and above-mentioned subregion selects Device.Interrupt in response to above-mentioned basic input output system inspection, above-mentioned tamper detector is to one or more above-mentioned basic inputs Output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, and indicate a microprocessor Device using for produce above-mentioned first message digest and the identical algorithm of above-mentioned scrambled message digest produce with key corresponding One or more second message digests corresponding in one or more above-mentioned content of basic input output system subregions and Corresponding to the one or more deciphering message digests corresponding to one or more above-mentioned scrambled message digests.Above-mentioned Tamper Detection The more above-mentioned second message digest of device and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and When one or more above-mentioned deciphering message digests are not identical in pairs, prevent the operation of above-mentioned microprocessor.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On The equipment of stating includes a ROM of BIOS and a microprocessor is coupled to above-mentioned basic input and output system System read only memory.Above-mentioned ROM of BIOS includes:Multiple content of basic input output system subregions, Each of which above-mentioned content of basic input output system subregion is to save as readable text;And multiple scrambled message digest, its In each above-mentioned scrambled message digest include an encryption version of one first message digest and corresponding above-mentioned basic input Output system content partition.Above-mentioned microprocessor includes a partition selector and a tamper detector.Above-mentioned in response to interrupting One basic input output system inspection of the normal operating of computing system is interrupted, and above-mentioned partition selector selects on one or more State content of basic input output system subregion.Above-mentioned tamper detector is coupled to the read-only storage of above-mentioned basic input output system Device and above-mentioned partition selector.Interrupt in response to above-mentioned basic input output system inspection, above-mentioned tamper detector is to one Or multiple above-mentioned content of basic input output system and corresponding one or more above-mentioned scrambled message digest enter line access, And indicate above-mentioned microprocessor using for producing the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest To produce with key corresponding to one or more corresponding to one or more above-mentioned content of basic input output system subregions Second message digest and the corresponding one or more deciphering messages corresponding to one or more above-mentioned scrambled message digests Digest.The above-mentioned more above-mentioned second message digest of tamper detector and above-mentioned deciphering message digest, and on one or more State the second message digest and when one or more above-mentioned deciphering message digest is not identical in pairs, prevent above-mentioned microprocessor Operation.
Furthermore, the present invention provides a kind of method, in order to protect the basic input output system in a computing system.Storage Multiple content of basic input output system subregions and multiple scrambled message digest are to the read-only storage of a basic input output system Device, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned scrambled message Digest includes an encryption version of one first message digest and corresponding above-mentioned content of basic input output system subregion.Return Should interrupt in a basic input output system inspection of the normal operating interrupting above-mentioned computing system, select one or more above-mentioned Content of basic input output system subregion.Interrupt in response to above-mentioned basic input output system inspection, to one or more above-mentioned Content of basic input output system and corresponding one or more above-mentioned scrambled message digest enter line access, and using use Come to produce the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest and key to produce corresponding to one or Corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregions and correspond to one Corresponding one or more deciphering message digests of individual or multiple above-mentioned scrambled message digest.Relatively above-mentioned second message digest With above-mentioned deciphering message digest.And work as one or more above-mentioned second message digests and one or more above-mentioned deciphering message When digest is not identical in pairs, prevent the operation of a microprocessor.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On The equipment of stating includes:One ROM of BIOS, including:Multiple content of basic input output system subregions, its In each above-mentioned content of basic input output system subregion be to save as readable text;And multiple scrambled message digest, wherein Each above-mentioned scrambled message digest includes an encryption version of one first message digest and corresponding above-mentioned basic input is defeated Go out system for content subregion;One partition selector, in order to substantially to input in response to the one of the normal operating interrupting above-mentioned computing system Output system inspection is interrupted, and selects one or more above-mentioned content of basic input output system subregions;And a tamper detector, It is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector, in order in time interval and event One occurring combines and produces above-mentioned basic input output system inspection and interrupt, in response to above-mentioned basic input output system inspection Interrupt and to one or more above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned encryption Message digest enters line access, instruction one microprocessor using for producing above-mentioned first message digest and above-mentioned scrambled message digest Identical algorithm and key producing corresponding to corresponding to one or more above-mentioned content of basic input output system subregions One or more second message digests and corresponding to one or more above-mentioned scrambled message digests corresponding one or Multiple deciphering message digests, the above-mentioned second message digest of comparison and above-mentioned deciphering message digest, and when one or more above-mentioned When second message digest and one or more above-mentioned deciphering message digest are not identical in pairs, prevent the behaviour of above-mentioned microprocessor Make.
Furthermore, the present invention provides another kind of equipment, in order to protect the basic input output system in a computing system.On The equipment of stating includes:One ROM of BIOS, including:Multiple content of basic input output system subregions, its In each above-mentioned content of basic input output system subregion be to save as readable text;And multiple scrambled message digest, wherein Each above-mentioned scrambled message digest includes an encryption version of one first message digest and corresponding above-mentioned basic input is defeated Go out system for content subregion;One microprocessor, is coupled to above-mentioned ROM of BIOS, including:One subregion choosing Select device, interrupt in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system, select one Individual or multiple above-mentioned content of basic input output system subregions;And a tamper detector, it is coupled to above-mentioned basic input and output System rom and above-mentioned partition selector, produce above-mentioned in order to the combination occurring in time interval and event Basic input output system inspection interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned Content of basic input output system subregion and corresponding one or more above-mentioned scrambled message digest enter line access, in instruction State microprocessor to come with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest Produce corresponding to one or more second messages corresponding to one or more above-mentioned content of basic input output system subregions Digest and corresponding to one or more above-mentioned scrambled message digests corresponding one or more deciphering message digests, compare Above-mentioned second message digest and above-mentioned deciphering message digest, and as one or more above-mentioned second message digests and one or When multiple above-mentioned deciphering message digests are not identical in pairs, prevent the operation of above-mentioned microprocessor.
Furthermore, the present invention provides another kind of method, in order to protect the basic input output system in a computing system.Storage Deposit multiple content of basic input output system subregions and multiple scrambled message digest is deposited to a basic input output system is read-only Reservoir, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned encryption news Breath digest includes an encryption version of one first message digest and corresponding above-mentioned content of basic input output system subregion. A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects on one or more State content of basic input output system subregion.Produce above-mentioned basic input in a combination of time interval and event generation defeated Go out systems inspection to interrupt.Interrupt in response to above-mentioned basic input output system inspection, defeated to one or more above-mentioned basic inputs Go out system for content and corresponding one or more above-mentioned scrambled message digest enters line access, and using above-mentioned for producing First message digest to be produced corresponding to one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more State corresponding one or more deciphering message digests of scrambled message digest.Relatively above-mentioned second message digest and above-mentioned deciphering Message digest.And when one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest do not become To identical when, prevent the operation of a microprocessor.
For industrial application, invention can be implemented in microprocessor, it is to be usable in general or specific use Computing device.
Brief description
Fig. 1 is to show the block diagram being arranged on the solid element of the motherboard of computing system now;
Fig. 2 is the interconnective block diagram of each element in display Fig. 1, substantially defeated in order to illustrate how computing system configures Enter/output system;
Fig. 3 is the block diagram showing the framework according to one embodiment of the invention, in order to protect the basic of computing system Input/output;
Fig. 4 is the block diagram showing the periodicity framework according to one embodiment of the invention, in order to protect computing system Basic input/output;
Fig. 5 is the block diagram based on event framework showing according to one embodiment of the invention, calculates system in order to protect The basic input/output of system;
Fig. 6 is the block diagram based on driving framework showing according to one embodiment of the invention, calculates system in order to protect The basic input/output of system;And
Fig. 7 is to show that the safe basic input/output according to one embodiment of the invention alters protection architecture Block diagram.
Specific embodiment
Above and other purpose, feature and advantage for enabling the present invention become apparent, and cited below particularly go out preferably to implement Example, and it is described with reference to the accompanying drawings as follows.
The embodiment of the demonstration of the present invention and explanation is described as follows.For the sake of clarity, not actual enforcement is all Feature is all described in this.For it will be understood to those of skill in the art that any this practical embodiments exploitation, many specific All reach specific objective in the decision-making realized, for example, meet constraint related to system and that business is related, can be from an embodiment party Formula changes over another embodiment.Addition, it will be understood that this development is probably complicated and time-consuming, but for tool The those skilled in the art having the advantage of the present invention remains routine mission.To those skilled in the art, preferably implement The various modifications of example are it will be apparent that and may apply to other embodiments in General Principle defined in this.Therefore, originally Invention is not intended to be limited to shown and specific embodiments described herein, but it is consistent to be endowed scope the widest Principle and the disclosed present invention novel feature.
The present invention will describe according to drawings below.Describe different structure in the accompanying drawings, system and device to be only used as Bright, those skilled in the art can't be made to indigestion of the present invention.But, drawings below is used to narration and explains this The demonstration example of invention.Should be appreciated that using word in this and phrase and be understood as to be understood with those skilled in the art The word meaning consistent with phrase.Term or phrase particularly do not define, it is, with usual and those skilled in the art The meaning of the different definition of the meaning of convention that member is understood is to mean that here uses consistent title or phrase.Arrive title Or the phrase meaning is the degree having special meaning, it is, meaning is different from what those skilled in the art was understood, such Especially definition by be explicitly recited in directly with clearly provide in the definition mode especially defining to this title or phrase In detailed description.
Integrated circuit(Integrated Circuit, IC)It is to manufacture in a fritter semi-conducting material(Typically silicon)Interior One group of electronic circuit.Integrated circuit is also referred to as chip, microchip or crystal grain(die).
CPU(Central Processing Unit, CPU)It is carried out computer program(It is also called and " calculate Machine is applied " or " application ")Instruction electronic circuit(Such as " hardware "), wherein electronic circuit is that data execution is included calculating The computings such as art computing, logical operationss and input/output operations.
Microprocessor is the electronic component as the CPU in single IC for both.Microprocessor can receive number Digital data is using as input, according to from a memorizer(Either in chip or outside chip)The instruction read is processing this number According to, and produce to be come as output by the operation result of instruction defined.General microprocessor can be using type meter on the table Calculation machine, mobile phone or tablet PC, and carry out such as calculating, document editor, multimedia display and browse making of the Internet With.Microprocessor also may be provided at embedded system, to control various devices, including equipment, mobile phone, intelligent Mobile phone and industrial control device.
Multi-core processor is also called multiple core microprocessor, and multi-core processor is that have manufacture in single IC for both Multiple CPU microprocessor.
Instruction set architecture(Instruction Set Architecture, ISA)Or instruction set is the meter with regard to programming Calculate a part for frame structure, including data type, instruction, depositor, addressing mode, memory architecture, interruption and exception management And input/output.Instruction set architecture includes the one group of operation code implemented by specific central processing unit(Opcode, i.e. machine Device sound instruction)And the specification of the machine order.
The compatible microprocessor of x86- is the microprocessor that can execute computer utility, and wherein this computer utility is basis X86 instruction set architecture is programmed.
Microcode(microcode)It is multiple microcommand.Microcommand(It is also called " native instructions ")It is by the son of microprocessor A kind of instruction performed by unit.Exemplary subelement includes integer unit, floating-point(floating point)Unit, MMX Unit and loading/storage element.For example, microcommand can be directly by Reduced Instruction Set Computer(reduced instruction Set computer, RISC)Performed by microprocessor.To complex instruction set computer (CISC)(complex instruction set Computer, CISC)For microprocessor, the compatible microprocessor of such as x86-, x86 instruction can be translated(translate)Become Related microcommand, and the microcommand of correlation is directly by a subelement in CISC microprocessor or multiple subelement institute Execution.
Fuse is a kind of conduction framework, is typically arranged into filament.By applying a voltage to filament and/or filament can be flowed through Electric current and to blow filament in selected position.Using existing manufacturing technology, fuse can be set on crystal grain, so that whole Programmable region is configuring filament.After the fabrication, fuse framework is blown(Or do not blow), it is provided that and be arranged on crystal grain The sequencing required for counter element.
In view of in prior art with regard to protection key procedure and data in computing system trusty, and now Detecting and/or to prevent these programs and data are altered, FIG. 1 below-Fig. 2 will describe present-day systems to technology in system In BIOS.Subsequently, the present invention will be described in Fig. 3-Fig. 7.
With reference to Fig. 1, square frame Figure 100 is the motherboard 102 showing and being arranged on computing system now(It is also called system board)'s Solid element.The element of motherboard 102 includes microprocessor 104(It is also called CPU, processor, processor chips Deng), volatile memory 106(It is also called random access memory, RAM), chipset 108(It is also called Memory Controller, deposit Memory hub, input/output wire collector or bridge chip(Such as north bridge or south emigrant)), be usually inserted to the base of socket 112 This input-output system(Basic input/output system, BIOS)Read only memory(Read only memory, ROM)110 and hard-disk interface 114.Motherboard 102 is generally with completing the other elements needed for certain computer configuration(Such as electricity Source supply)It is installed in computer housing(Such as desktop PC or notebook type computer casing, mobile phone Box casing on shell, tablet PC casing, machine).As it is known to those skilled in the art, also having many extra elements and part (Such as clock generator, fan, adapter, graphic process unit etc.)It is installed on motherboard 102, and in order to simplify description, These extra elements and part will not show.Additionally, the element 104,106,114,108,110 shown by Fig. 1 is permissible with 112 Multi-form is arranged on motherboard 102, and it should be noted that shown element 104,106,114,108,110 with 112 is the title recognized with reference to them.In this embodiment, microprocessor 104 is to connect via the entity on motherboard 102 plate Mouthful(Do not show)And it is coupled to element 106,114,108,110 and 112, usually metal routing(trace).Noticeable It is, because BIOS ROM 110 is subject to quite frequently change in factory and/or field, therefore by socket 112 are arranged on motherboard 102.
With reference to Fig. 2, square frame Figure 200 is to show that the element 104,106,114,108,110 of Fig. 1 is interconnective with 112 to show It is intended to, in order to illustrate how computing system configures basic input/output(Basic Input/Output System, BIOS).Square frame Figure 200 is display microprocessor 204, and wherein microprocessor 204 is included in chip(on-chip)High speed cache is deposited Reservoir 230.Microprocessor 204 is to be coupled to low speed random access memory 206 via memory bus 216.Microprocessor 204 are also coupled to chipset 208 via system bus 218, and chipset 208 respectively via hard-disk interface bus 224 and Read only memory bus 220 and be coupled to hard-disk interface 214 and BIOS ROM(ROM)210.BIOS ROM 210 can program bus 222 via BIOS and be coupled to optional BIOS DLL(Do not show).As those skilled in the art Known, the change of the configuration shown by Fig. 2 may include chipset 208, its also provide for interface arrived by system bus 218 with Machine accesses memorizer 206, rather than direct memory bus 216, and can provide other kinds of bus(Do not show), for even Connect microprocessor 204 and arrive other kinds of perimeter interface(For example quick perimeter component interconnection(PCI Express), graphics process Device).
Operationally, as it is known to those skilled in the art, application program 234(Such as MicrosoftIt is previously stored hard disk(Or solid-state disk)On(Do not show), it is via hard disk Interface 214 is accessed.Because the hard disk slow device that is comparison, application program 234 is before being executed it will usually be passed Deliver to the random access memory 206 of outside.Then, the application program 234 of part can be cached so that microprocessor 204 is at it Execution in internal memory cache 230.When the command request microprocessor 204 of application program 234 carrys out execution system level Operation(For example store files are to hard disk)When, from the instruction of operating system software 232(Such as storage request)Can be by microprocessor Performed by device 204, the instruction being wherein derived from operating system software 232 is also loaded into random access memory 206 simultaneously from hard disk Cache is stored in the memory cache 230 of inside.Operating system software 232 provides a kind of more general interface, can enable application Program 234 carrys out the function of execution system level, without specific known default.Operating system software 232 also considers Multiple application programs 234 can be executed to microprocessor 204 simultaneously, and also execute background operation and be deposited with effective management random access memory The use of reservoir 206.
However, operating system 232 is in fact the intermediate level of software in computing system now.In order to be physically connected to The hardware of computing system(Such as hard disk), operating system 232 has to carry out and is stored in BIOS ROM 210 The instruction of BIOS236.BIOS236 is usually many small routines, and it is the software of the lowest hierarchical level as computing system, is used in combination Hardware with attended operation system 232 to computing system.Similar in appearance to operating system 232, BIOS236 can provide general-purpose interface to meter Calculation machine hardware, to allow operating system 232 energy access hardware without specific Interface design.BIOS236 can make system set Meter person can change the hardware of computing system(Such as hard disk, chipset 208, random access memory 206), without being altered to Operating system 232 or application program 234.However, when default changes, BIOS236 must be updated, and here it is being What socket 112 and/or BIOS programming bus 222 are necessarily placed at motherboard 102, and it will make BIOS ROM 210 Can be easily replaced or again be programmed.In some defaults, directly can weigh via BIOS ROM bus 220 New program BIOS ROM 210.Therefore, in order to change to BIOS236, almost all computing system now has Framework above is provided.BIOS ROM 210 is an independent element, easily to carry out reprogramming or more Change.
In whole computing system sets, BIOS236 is very important characteristic, because its instruction can be applied with enable Program 234 and operating system 232 are being directly connected to hardware.In addition to being provided that and connecting to system hardware, BIOS236 can hold Necessary normal function in some other system of row.For example, after system boot, self detection program of the start in BIOS236 (Power-on self test, POST)Can be performed, to carry out hardware testing, and the correct setting to system and operation Verified.BIOS236 also includes program and can identify that simultaneously delegation system resource is to the new device installed.BIOS236 also includes journey Sequence from hard disk down operation system 232 to random access memory 206, and system control can be sent to operating system 232.? Afterwards, BIOS236 includes program and can detect and prevent distorting of computing system(tampering).
Because BIOS236 is important in the safety of computing system and operation, therefore usually becomes and illegally invaded Enter(hack)And the main target distorted with other unwarranted forms.For example, many well known behaviour Have by equipment manufacturers according to the given regulation of the BIOS236 in computing system as system, therefore allow manufacturer can buy to resell Sell the computing system with preassembled operating system.Generally, manufacturer can be by labelling(Or " mark ")It is programmed into BIOS236 Ad-hoc location, and when starting operating system, labelling can be read out from the ad-hoc location of BIOS236, be to award to confirm Started shooting in the system of power.If labelling does not exist or incorrect, operating system will be unable to start shooting.
Above example is to program one of different types of security feature of many of BIOS236 now, and provides BIOS The thoroughly discussing of security function.It should be noted that for system designer, in system, BIOS236 is the main target distorted, Therefore the protection of BIOS236 is the item of major concern.In the above example, hacker edits(Or reprogramming)BIOS236 Purpose be in order to by computing system be rendered as authoring system give shielded operating system, or modification BIOS so that operation System thinks that it is running on authoring system, but is not actually.
As described previously, great majority BIOS ROM 110 now is the individual component on motherboard 102, and It is installed in socket 112, conveniently to be changed when system hardware changes and needs and change BIOS236.Therefore, exist In the case of lacking other security architectures, as previously described forcible entry is possible to.
Therefore, system designer have been developed over many different technology come to system and running in system should Detected with program 234 and/or operating system 232 and prevented from altering(tamper).For example, in U.S. Patent Publication No. In 2005/0015749, Mittal proposes to come to program by the logic of offer security memory section and inclusion encryption technology And data is encrypted and deciphers, to protect software will not be tampered.However, BIOS is previously stored independently depositing of systems soft ware Memory space, therefore it is impossible to prevent any type of altering in the case that mobile BIOS is to the identical chips of such as microprocessor. Then, can easily BIOS be updated by changing chip.
In U.S. Patent Bulletin number 7, in 831,839, Hatakeyama disclose a kind of safety opening terminal read only memory and Processor, wherein safety opening terminal read only memory include encrypting boot code(Such as BIOS)And processor includes hardware decryption list Unit.When processor is started shooting, the BIOS of encryption can be read to the internal storage of processor, and decryption unit can be to BIOS It is decrypted and certification.BIOS if it succeeds, processor can enter safe handling pattern and whole can be from after requiring Internal storage is performed.Although Hatakeyama provides the framework to protect BIOS via the encryption of oneself content, in order to Can effectively execute it is necessary to store the BIOS of deciphering using local storage in chip.As it is known to those skilled in the art, Bios program now(Including default data)Size be megabyte(megabytes).Because providing and can storing million In the chip of byte data, local storage can increase size and the power consumption of microprocessor, and it will reduce the reliability of element And increasing entirely secondary cost, the therefore BIOS guard method of Hatakeyama is unfavorable.
The other technologies having been developed over are that whole or a part of BIOS content is encrypted, when carrying out every time When BIOS requires, need to be decrypted.Therefore, such technology can reduce the performance of computing system, particularly in start, because It is even with the encryption hardware in chip, deciphering is substantially or slow process.Therefore, from performance, encryption BIOS content is undesired.
Therefore, all above-mentioned technology(Labelling, divide safe storage, local BIOS memory in chip, in encryption BIOS Hold)It is not easy to enter line access to system bios read only memory, and performance impact can be reduced simultaneously.Therefore, the present invention provides newly Being applied to BIOS ROM, to overcome these restrictions, the BIOS that wherein these are arranged on socket read-only deposits the technology of grain husk Reservoir is easily upgraded.Then, provide unencryption(For example readable text)BIOS content(For example instruct and/or set number According to).Then, after powering, initial altering can be detected, without the obvious performance reducing system.The present invention will be described in figure The in figure of 3- Fig. 7.
With reference to Fig. 3, Fig. 3 is the block diagram 300 showing the framework according to one embodiment of the invention, in order to protect calculating The BIOS of system.Block diagram 300 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard(Example As processor, CPU etc.), as described previously.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute The all instructions of x86 instruction set.In another embodiment, microprocessor is provided in the multi-core processor of one chip.? In another embodiment, microprocessor is virtual processing core, and it represents operation system in the logical gate that can be used in conjunction with processor The entity handles device of system.In order to describe the present invention, after the necessary element of microprocessor will be described in, wherein as the technology of this area Many other elements known to personnel(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extracting(fetch)Logic 302, it is coupled to transfer interpreter via bus 324 (translator)304.Transfer interpreter 304 is coupled to execution logic 306 via bus 326.Execution logic 306 includes cipher machine (crypto)/ hashing unit(hash unit)308, it is coupled to key storage 310 via bus 322.Microprocessor is also Including EBI 318, in order to connect microprocessor to chipset.EBI 318 is coupled to replacement control via bus 328 Device 312 processed.Reset controller 312 can receive reset signal RESET, and produces off signal SHUTDOWN.Reset controller 312 Including tamper detector 314, wherein tamper detector 314 is coupled to start loader 316 via bus NOBOOT.Reset control Device 312 processed is coupled to execution logic 306 via altering bus TBUS.
Operationally, extraction logic 302 instructs in order to extraction procedure(In application program, operating system and memorizer Institute's cache BIOS)To execute.Programmed instruction can provide to transfer interpreter 304 via bus 324.Transfer interpreter 304 can be by journey Sequence instruction translation is one or more microcommands, and wherein microcommand can be executed by the one or more elements in execution logic 306, So that the operation specified by execute program instructions.Microcommand(It is also called microcode or firmware)It is specific to microprocessor, and Cannot be in encapsulation level(package level)It is accessed.
Under normal operation, after power-up, BIOS instruction and setting data can be recorded and be taken at void soon Intend memorizer, and carry out being extracted for executing by extraction logic 302.However, the normal operating of microprocessor is to occur in success Replacement and power-up sequence after.Reset controller 312 receives reset signal RESET, and indicates execution logic 306 to execute Microcode, to execute selftest and activation system.In order to detect BIOS alter and prevent from being provided with microprocessor be The uncommitted operation of system, before being initiated, reset controller 312 can extract via EBI 318 that BIOS is read-only to be deposited Reservoir(Do not show)Full content, and to provide extracted content to execution logic 306 via altering bus TBUS.One In embodiment, the content of BIOS ROM includes digital signature(Digital signature)(It is also called hash(hash)Or message Digest(digest)), it is stored in the ad-hoc location of BIOS ROM.As it is known to those skilled in the art, according to The specific hash operations being used, corresponding to BIOS ROM(A size of 4 megabytes)The digital signature of hash exist It is very little in size(Such as 256), and the certain content institute by BIOS ROM is exclusive.Then, if read-only The content of memorizer is changed, then the hash of the content being changed will lead to different digital signatures.
Before storage is to BIOS ROM, the manufacturer of microprocessor can use key(cryptographic key)Digital signature is encrypted, wherein key is to be provided by BIOS manufacturer.In the manufacture process of microprocessor, Key can be programmed to key storage 310, can enter line access via programmed instruction afterwards.In one embodiment, key Be microprocessor exclusive.In one embodiment, the content of key storage 310 is only being altered by cipher machine/hashing unit 308 Line access is entered under the control changing detection microcode.Tamper Detection microcode can indicate reset controller 312 to extract the read-only storage of BIOS The content of device, wherein content include the digital signature of encryption, and the content extracted can carry via altering bus TBUS It is supplied to execution logic 306.Simultaneously, Tamper Detection microcode can indicate cipher machine/hashing unit 308 according to hashing algorithm The hash of execution BIOS, wherein BIOS manufacturer is to produce digital signature using hashing algorithm.In one embodiment, hash Algorithm can be hash(Secure Hash)Algorithm(Such as SHA-0, SHA-1 etc.).Other embodiment be using any The message summary known(message digest)Algorithm.Tamper Detection microcode also can indicate cipher machine/hashing unit 308 to make With being stored in the key of key storage 310, the digital signature of encryption extracting from BIOS ROM is carried out Deciphering.In one embodiment, cipher machine/hashing unit 308 is to use digital encryption standard(Digital Encryption Standard, DES)Algorithm key is decrypted.In another embodiment, cipher machine/hashing unit 308 is to use Rank encryption standard(Advanced Encryption Standard, AES)Algorithm.Other embodiment is using any of Password algorithm.The digital signature of digital signature and deciphering produced by cipher machine/hashing unit 308 can be total via altering Line TBUS is provided to tamper detector 314, and the encryption version of the wherein digital signature of deciphering is previously stored the read-only storage of BIOS The ad-hoc location of device.
Tamper detector 314 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection Device 314 can indicate that start loader 316 via bus NOBOOT, can proceed by the normal boot sequence of microprocessor (boot sequence).If two digital signatures are different, tamper detector 314 can provide off signal SHUTDOWN, And indicate start loader 316 to stop boot sequence.Off signal SHUTDOWN can indicate remaining element in microprocessor Prevent to cut off the electricity supply or to enter(preclude)The normal pattern run.
According to embodiments of the invention, each microprocessor is reset it is only necessary to being stored in BIOS ROM The scrambled message digest of ad-hoc location is decrypted, and 256 bit strings is decrypted, rather than 4 megabyte strings.Additionally, this Inventive embodiment allows using the readable text being stored in the accessible configuration of entity(plaintext)BIOS instruction/number According to the configuration as described by Fig. 1-Fig. 2.BIOS is easily updated, and systematic function will not reduce.Do not need to use for storing up Deposit the inside local memorizer of the costliness deciphering BIOS.Additionally, being stored in BIOS ROM and for message literary composition The key plucking encryption cannot be accessed by programmed instruction.Key is only capable of being directly accessed by cipher machine/hashing unit 308.
With reference to Fig. 4, Fig. 4 is the block diagram 400 showing the periodicity framework according to one embodiment of the invention, in order to protect The BIOS of shield computing system.The framework of Fig. 3 is on startup the BIOS of system to be protected, but works as systems in operation When, BIOS is possible to be tampered.Therefore, system during the operation with electricity when it would be desirable to be able to protect BIOS illegally not invaded Enter.Therefore, it is proposed to periodic framework is completing this purpose.
Block diagram 400 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set. In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 402, and it is to be coupled to transfer interpreter 404 via bus 424.Transfer interpreter 404 is It is coupled to execution logic 406 via bus 426.Execution logic 406 includes cipher machine/hashing unit 408, and it is via bus 422 and be coupled to key storage 410.Execution logic 406 also includes random number generator 430.Microprocessor also includes bus and connects Mouth 418, in order to connect microprocessor to chipset.EBI 418 is coupled to reset controller 412 via bus 428.Weight Put controller 412 and can receive reset signal RESET, and produce off signal SHUTDOWN.Reset controller 412 includes altering inspection Survey device 414, wherein tamper detector 414 is coupled to start loader 416 via bus NOBOOT.Tamper detector 414 wraps Include and alter timer 432.Reset controller 412 is coupled to execution logic via altering bus TBUS and random number bus RBUS 406.
Operationally, the mode performed by framework interior element of Fig. 4 is generally similar to the same name in the framework of Fig. 3 Element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 4 also includes periodically examining Look into Tamper Detection microcode and the element of BIOS, to judge whether computing system BIOS in operation is tampered.For key, Alter timer 432 to be accessed by programmed instruction, but specially deposited by tamper detector 414 and Tamper Detection microcode Take.In one embodiment, alter the normal operating to system in a time interval for the timer 432 to interrupt, the wherein time Interval is set by Tamper Detection microcode.In one embodiment, time interval is 1 millisecond, and it is enough time to detect Attacked by the entity of BIOS ROM to be replaced in the BIOS ROM of illegal invasion.1 millisecond of time interval is also To detect the attack being intended to that existing BIOS ROM is carried out with reprogramming enough.When time interval is interrupted, reset Controller 412 can extract BIOS ROM via EBI 418(Do not show)Full content, and total via altering Line TBUS and provide extracted content to execution logic 406.Tamper Detection microcode can indicate reset controller 412 to extract The content of BIOS ROM, wherein content include the digital signature of encryption, and the content extracted can be via altering Bus TBUS and provide to execution logic 406.Simultaneously, Tamper Detection microcode can indicate cipher machine/hashing unit 408 basis Hashing algorithm and execute the hash of BIOS, wherein BIOS manufacturer is to produce digital signature using hashing algorithm.Alter Detection microcode also indicates that cipher machine/hashing unit 408 can be using being stored in the key of key storage 410 come to read-only from BIOS The digital signature of encryption that memorizer extracts is decrypted.Digital signature produced by cipher machine/hashing unit 408 and The digital signature of deciphering can provide to tamper detector 414 via altering bus TBUS, wherein the digital signature of deciphering Encryption version is previously stored the ad-hoc location of BIOS ROM.
Tamper detector 414 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection The time point that device 414 can interrupt when occurring in timer to recover the control of microprocessor.If two digital signatures are different, Then tamper detector 414 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate remaining in microprocessor Element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, altering timer 432 is not to use fixed time interval.In execution cycle property The inspection of BIOS illegal invasion, producing random number, it inputs to altering timer Tamper Detection microcode instruction random number generator 430 432, to produce the next time interval that BIOS illegal invasion next time checks.In the manner, execution invasion check when Between cannot expect with expect.
Similar in appearance to the framework of Fig. 3, according to embodiments of the invention, the periodicity framework execution operation of Fig. 4 only needs to storage The scrambled message digest that there is the ad-hoc location of BIOS ROM is decrypted, and 256 bit strings is decrypted, rather than 4 megabyte strings.Additionally, during the normal operating of system, periodic framework can protect security system non-away from BIOS Method is invaded.
With reference to Fig. 5, Fig. 5 be show according to one embodiment of the invention based on event(event-based)Framework Block diagram 500, in order to protect the BIOS of computing system.When computing system is in normal operating, the framework of Fig. 4 can be used as another reality Apply example and carry out protection system BIOS, but one of them is the generation based on event, and atemporal passage.These events may include (But it is not limited to):Harddisk access(Or the input/output access of other forms), change to virtual memory mappings (mapping)(This framework is usable in the default of virtual processing system), change to speed and usually occur in now The other kinds of event of computing system.Therefore it provides this purpose is completed based on event framework.
Block diagram 500 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set. In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 502, and wherein extraction logic 502 is coupled to transfer interpreter 504 via bus 524. Transfer interpreter 504 is to be coupled to execution logic 506 via bus 526.Execution logic 506 includes cipher machine/hashing unit 508, It is to be coupled to key storage 510 via bus 522.Execution logic 506 also includes random number generator 530.Microprocessor Also include EBI 518, in order to connect microprocessor to chipset.EBI 518 is to be coupled to weight via bus 528 Put controller 512.Reset controller 512 receives reset signal RESET, and produces off signal SHUTDOWN.Reset controller 512 include tamper detector 514, and it is to be coupled to start loader 516 via bus NOBOOT.Tamper detector 514 wraps Include event detector 542, its receives input/output access signal I/O ACCESS, virtual memory mappings change signal VMMAP, processor speed change signal SPEED and other event signals OTHER.Reset controller 512 is total via altering Line TBUS and random number bus RBUS and be coupled to execution logic 506.
Operationally, the mode performed by framework interior element of Fig. 5 is generally similar to the phase in Fig. 3 and the framework of Fig. 4 Word element of the same name.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 4 also includes checking The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective Property inspection is the generation according to event, rather than according to the time.Applicant have observed that in computing system now, microprocessor meeting Execution certain law ground event, such as I/O accesses(I.e. hard disk, the interconnection of quick perimeter component(PCI Express)), core Heart clock speed changes, operating system calls, system mode changes etc..Therefore, event detector 542 received signal is only Individual example, being not limited in block diagram 500 can be for triggering the type of the event of BIOS inspection.
Similar in appearance to key it is impossible to enter line access to event detector 542 via execute program instructions, and event detector 542 are only capable of being accessed by tamper detector 514 and Tamper Detection microcode.In one embodiment, when one of above-mentioned event is sent out When raw, event detector 542 can interrupt the normal operating of system, i.e. signal I/O ACCESS, VMMAP, SPEED and OTHER In the presence of one.In another embodiment, when one of multiple above-mentioned events occur, event detector 542 can interrupt system Normal operating.In another embodiment, when multiple events occur(Such as I/O access and core clock rapid change), Event detector 542 can interrupt the normal operating of system.The number of times of selected event and generation is by Tamper Detection microcode Set.When an interrupt occurs, reset controller 512 can extract BIOS ROM via EBI 518(Do not show Show)Full content, and provide extracted content via altering bus TBUS to execution logic 506.Tamper Detection microcode Can indicate that reset controller 512 includes the digital signature of encryption extracting the content of BIOS ROM, wherein content, with And the content extracted can provide to execution logic 506 via altering bus TBUS.Tamper Detection microcode can indicate cipher machine/ Hashing unit 508 executes the hash of BIOS according to hashing algorithm, and wherein BIOS manufacturer is using hashing algorithm Produce digital signature.Tamper Detection microcode also indicates cipher machine/hashing unit 508, using being stored in the close of key storage 510 Key the digital signature of encryption extracting from BIOS ROM is decrypted.Cipher machine/hashing unit 508 is produced The digital signature of raw digital signature and deciphering can provide to tamper detector 514 via altering bus TBUS, wherein The encryption version of the digital signature of deciphering is previously stored the ad-hoc location of BIOS ROM.
Tamper detector 514 can be compared to two digital signatures.If two digital signatures are identicals, Tamper Detection The time point that device 514 can interrupt when occurring in event triggering to recover the control of microprocessor.If two digital signatures are different , then tamper detector 514 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate remaining in microprocessor Element cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator 530 producing random number, rather than the number of times being occurred using event.Random number can be input to event detector 542, set to send out Raw in execution once BIOS trespass the quantity checking the event that continues before setting.In this embodiment, trigger illegally The quantity invading the event checking cannot be predicted and expected via the secret application performed by microprocessor.In another embodiment In, random number is used to change the type of the event that triggering BIOS forcible entry next time checks.
Similar in appearance to the framework of Fig. 3 and Fig. 4, according to embodiments of the invention, the event-triggered architecture execution operation of Fig. 5 only needs The scrambled message digest of the ad-hoc location being stored in BIOS ROM is decrypted, that is, to 256 bit strings(Encrypt Message digest)It is decrypted, rather than 4 megabyte strings(I.e. whole BIOS).Additionally, the normal operating phase in system Between, event-triggered architecture can protect security system away from the illegal invasion of BIOS, the event that wherein triggering illegal invasion checks Quantity and type cannot be determined and force.
With reference to Fig. 6, Fig. 6 be show according to one embodiment of the invention based on subregion(partition-based)Frame The block diagram 600 of structure, in order to protect the BIOS of computing system.When computing system is in normal operating, the framework of Fig. 6 can be used as separately One embodiment carrys out protection system BIOS, but one of them is to work as to alter timer interruption(The embodiment of such as Fig. 3)Or be System event is triggered(The embodiment of such as Fig. 4)When, the only subset to BIOS(subset)Checked.Therefore, based on subregion It is quite crucial setting for performance that mechanism provides a kind of, because tested in each trigger point only some BIOS Look into, then the impact to systematic function is less.
In the embodiment in fig 6, BIOS space is divided into multiple subregions, and each of which subregion has corresponding message literary composition Pluck, wherein message digest is to have encrypted and be stored in corresponding position in BIOS ROM.In one embodiment, to many For each subregion of individual subregion, partitions sizes are identicals.In another embodiment, multiple subregions are of different sizes. In one embodiment, check triggering in response to BIOS(The timer that for example event occurs interrupts), only one in multiple subregions Subregion can be examined.Check triggering in response to BIOS, the multiple subregions in multiple subregions can be examined.In another embodiment, Check triggering in response to BIOS, can checked number of partitions be to be determined by Tamper Detection microcode in multiple subregions(Such as one The cycle 1-3-1-2 of individual repetition).
Block diagram 600 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first Front described.In one embodiment, microprocessor is to be compatible to x86 framework, and can execute all instructions of x86 instruction set. In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor It is virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to retouch State the present invention, after the necessary element of microprocessor will be described in, wherein other yuan many as known to persons skilled in the art Part(Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 602, and wherein extraction logic 602 is to be coupled to transfer interpreter via bus 624 604.Transfer interpreter 604 is to be coupled to execution logic 606 via bus 626.Execution logic 606 includes cipher machine/hashing unit 608, it is to be coupled to key storage 610 via bus 622.Execution logic 606 also includes random number generator 630.Micro- place Reason device also includes EBI 618, in order to connect microprocessor to chipset.EBI 618 is to couple via bus 628 In reset controller 612.Reset controller 612 receives reset signal RESET, and produces off signal SHUTDOWN.Reset control Device 612 processed includes tamper detector 614, and it is to be coupled to start loader 616 via bus NOBOOT.Tamper detector 614 include partition selector 652.Reset controller 612 is to be coupled to via altering bus TBUS and random number bus RBUS Execution logic 606.
Operationally, the mode performed by framework interior element of Fig. 6 be generally similar to identical in the framework of Fig. 3-Fig. 5 Name element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 6 also includes checking The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective Property inspection be generation according to triggering as described earlier.According to the generation of triggering, partition selector 652 can select effectively One or more subregions of BIOS are being checked.
Similar in appearance to key it is impossible to enter line access to partition selector 652 via execute program instructions, and partition selector 652 are only capable of being accessed by tamper detector 614 and Tamper Detection microcode.When BIOS checks that triggering occurs, computing system Normal operating is interrupted, and partition selector 652 can indicate controller 612 and to extract via EBI 618 that BIOS is read-only to be deposited Reservoir(Do not show)One or more subregions content, and provide via altering bus TBUS extracted content to execute Logic 606.Including one or more corresponding encryptions digital signature content can via alter bus TBUS provide to Execution logic 606.Tamper Detection microcode can indicate cipher machine/hashing unit 608 executed according to hashing algorithm one or The hash of multiple subregions, wherein BIOS manufacturer are to produce one or more digital signatures using hashing algorithm.Alter inspection Micrometer code also indicates cipher machine/hashing unit 608, using being stored in the key of key storage 610 come to depositing from BIOS is read-only Corresponding one or more digital signatures of having encrypted that reservoir extracts are decrypted.Cipher machine/hashing unit 608 is produced One or more digital signatures of raw one or more digital signatures and deciphering can via alter bus TBUS provide to Tamper detector 614, the encryption version of wherein one or more digital signatures of deciphering is previously stored BIOS ROM One or more ad-hoc locations.
Tamper detector 614 can be compared to one or more pairs of digital signatures.If whole is relatively identical, The time point that then tamper detector 614 can interrupt when occurring in event triggering to recover the control of microprocessor.If numeral is signed Chapter is different, then tamper detector 614 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate microprocessor In device, remaining element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator 630 producing random number, rather than checks fixing or circulation numeral multiple subregions.Random number can be input to partition selector 652, so as to set occur execution on once BIOS trespass check set before the event that continues quantity.Here is implemented In example, in checkpoint trigger, the quantity of effective subregion cannot be predicted via the secret application performed by microprocessor and in advance Phase.In different embodiments, random number is used to indicate next subregion of the multiple subregions to be checked.
With reference to Fig. 7 figure, Fig. 7 is to show that the BIOS according to one embodiment of the invention alters the block diagram of protection architecture 700.The embodiment of Fig. 7 provides complete configuration, not only start when and reset when execution computing system BIOS complete Face checks, and is combining the operation being used with reference to the technology of Fig. 4-Fig. 6, also the BIOS of system can be provided and comprehensively protect Shield.
Block diagram 700 is that description is arranged on one chip and is packaged to the microprocessor being arranged on motherboard, such as first Front described.In one embodiment, microprocessor is compatible to x86 framework, and can execute all instructions of x86 instruction set.? In another embodiment, microprocessor is provided in the multi-core processor of one chip.In another embodiment, microprocessor is Virtual processing core, it represents the entity handles device of the logical gate internal operating system that can be used in conjunction with processor.In order to describe The present invention, after the necessary element of microprocessor will be described in, wherein many other elements as known to persons skilled in the art (Such as loading/stored logic, memory cache, sequence logic etc.)To simplify.
Microprocessor includes extraction logic 702, and wherein extraction logic 702 is coupled to transfer interpreter 704 via bus 724. Transfer interpreter 704 is coupled to execution logic 706 via bus 726.Execution logic 706 includes cipher machine/hashing unit 708, its It is to be coupled to key storage 710 via bus 722.Execution logic 706 also includes random number generator 730.Microprocessor is also Including EBI 718, in order to connect microprocessor to chipset.EBI 718 is coupled to replacement control via bus 728 Device 712 processed.Reset controller 712 receives reset signal RESET, and produces off signal SHUTDOWN.Reset controller 712 wraps Include tamper detector 714, it is coupled to start loader 716 via bus NOBOOT.Tamper detector 714 includes altering meter When device 732, event detector 742 and partition selector 752.Event detector 742 receives inputs/output access signal I/O ACCESS, virtual memory mappings change signal VMMAP, processor speed changes signal SPEED and other event signals OTHER.Reset controller 712 is coupled to execution logic 706 via altering bus TBUS and random number bus RBUS.
Operationally, the mode performed by framework interior element of Fig. 7 be generally similar to identical in the framework of Fig. 3-Fig. 6 Name element.However, except detecting altering of BIOS in the period resetting power-up sequence, the framework of Fig. 7 also includes checking The Tamper Detection microcode of BIOS and element, to judge whether BIOS is tampered when computing system is in operation.BIOS's is effective Property inspection be according to interrupt from the timer altering timer 732 and event as described in Figure 5 triggering generation.According to Timer interrupts or the generation of event triggering, and partition selector 752 can select one or more subregions of BIOS effectively Check, as depicted in fig. 6.
Alter timer 732, event detector 742 and partition selector 752 to enter via execute program instructions Line access, and partition selector 752 is only capable of being accessed by tamper detector 714 and Tamper Detection microcode.When timer interrupts Or during event triggering generation, the normal operating of computing system is interrupted, and partition selector 752 can indicate controller 712 warp BIOS ROM is extracted by EBI 718(Do not show)One or more subregions content, and total via altering Line TBUS and provide extracted content to execution logic 706.Digital signature including one or more corresponding encryptions Content can provide to execution logic 706 via altering bus TBUS.Tamper Detection microcode can indicate cipher machine/hashing unit 708 hash executing one or more subregions according to hashing algorithm, wherein BIOS manufacturer is using hashing algorithm Produce one or more digital signatures.Tamper Detection microcode also indicates cipher machine/hashing unit 708, is stored up using being stored in key The key of storage 710 the one or more digital signatures of having encrypted corresponding to extracting from BIOS ROM are entered Row deciphering.One or more numerals of one or more digital signatures produced by cipher machine/hashing unit 708 and deciphering Stamped signature can provide to tamper detector 714 via altering bus TBUS, wherein one or more digital signatures of deciphering plus Close version is previously stored one or more ad-hoc locations of BIOS ROM.
Tamper detector 714 can be compared to one or multipair digital signature.If whole is relatively identical, The time point that then tamper detector 714 can interrupt when occurring in event triggering to recover the control of microprocessor.If numeral is signed Chapter is different, then tamper detector 714 can provide off signal SHUTDOWN.Off signal SHUTDOWN can indicate microprocessor In device, remaining element is cutting off the electricity supply or to enter the pattern preventing from normally running.
In one embodiment, timer interrupts and the built-up sequence of event triggering is to be determined by Tamper Detection microcode. In another embodiment, by random number generator 730, at the end of BIOS inspection, produced random number can indicate whether next BIOS Inspection can be interrupted according to timer or event triggers and starts.As shown in Fig. 4-Fig. 5, in some embodiments, random number is produced Raw device 730 can randomly change the quantity of time interval and/or event type and event.
In another embodiment, when completing BIOS forcible entry inspection, Tamper Detection microcode can indicate random number generator 730 producing random number, rather than checks fixing or circulation numeral multiple subregions.Random number can be input to partition selector 752, to be set in the next quantity that BIOS next time trespasses the subregion to be checked during checking.In this embodiment In, in checkpoint trigger, the quantity of effective subregion cannot be predicted via the secret application performed by microprocessor and in advance Phase.In different embodiments, random number is used to indicate next subregion of the multiple subregions to be checked.
According to embodiments of the present invention, the element of microprocessor is configured to carry out previously described function and operation. Element includes logic, circuit, equipment or microcode(I.e. microcommand or native instructions)Or a combination thereof, or it is used to execute basis Function of the present invention and the equivalence element operating.In microprocessor using come complete function and the element operating can with micro- Share for executing other circuit, microcode of other functions and/or operation etc. in processor.Application according to the present invention, microcode It is used to indicate that one or more microcommands.Microcommand(It is also called native instructions)It is the instruction performed by a unit.Example As microcommand can be directly by Reduced Instruction Set Computer(RISC)Performed by microprocessor.For complex instruction set computer (CISC) (CISC)For microprocessor, the compatible microprocessor of such as x86-, x86 instruction can be translated into the microcommand of correlation, and related Microcommand can be performed by one or more of direct CISC microprocessor unit.
Software that the present invention and corresponding narrating content are provided or algorithm and symbol are to represent a Computer Storage The operation of the data bit in device.These contents and accompanying drawing can make those skilled in the art effectively express related content and give ability Other technical staff in domain.The use of above-mentioned algorithm is to express the order of self self-consistentency.These steps need thing The physical level operation of reason amount.In general, these physical quantitys are probably light, electricity or magnetic signal, it can be stored, change, whole Close, compare and other operation.Some for convenience, these signals can be referred to as position, value, element, symbol, characteristic, project, quantity Or other related content.
It is to be noted, however, that these similar terms are relevant with physical quantity, and simply in order to convenient, these are described Physical quantity.Unless stated otherwise, not so above-mentioned term(As related in process, estimation, calculating, judgement, display or other Term)Refer to a computer system, the action of a microprocessor, a CPU or similar Electronic Accounting Machine Unit And process, its operation simultaneously change data, it represents the quantity of physical property, the depositor of computer system and memorizer, in order to Physics to the memorizer, depositor or other similar information accumulation device or display device of other alike computer systems The data of amount.
Should be noted, the method that the present invention realizes software is the transmission in program storage media or other similar kenel Encoded on media.Program storage media is probably electronic type(As read only memory, flash ROM, electronics erasing Formula read only memory), random access memory magnetic devices(As floppy disk or hard disk)Or optical profile type(As compact disc-ROM CD ROM), and other read-only or random access memory element.Similarly, transmission media are probably plain conductor, twisted-pair feeder, coaxial electrical Cable, optical fiber or other known similar transmission media.The present invention is not limited in these embodiments.
Although the present invention is disclosed as above with preferred embodiment, so it is not limited to the present invention, the technology of this area Personnel, under the premise without departing from the spirit and scope of the present invention, can make a little change and retouching, the therefore protection of the present invention Scope is to be defined by the claim of the present invention.

Claims (42)

1. a kind of equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with And corresponding above-mentioned content of basic input output system subregion;
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy Enough access this partition selector, in order in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned bases This input-output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, indicate that one is micro- Processor is produced with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest Corresponding to the one or more second message digests corresponding to one or more above-mentioned content of basic input output system subregions And it is above-mentioned corresponding to corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, comparison Second message digest and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and one or more When above-mentioned deciphering message digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
2. equipment as claimed in claim 1, wherein above-mentioned basic input output system inspection is interrupted being periodically for the moment Between interval produce.
3. equipment as claimed in claim 1, wherein above-mentioned basic input output system inspection is interrupted being sending out according to an event Give birth to and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
4. equipment as claimed in claim 1, wherein above-mentioned microprocessor be produced using a Secure Hash Algorithm above-mentioned Second message digest.
5. equipment as claimed in claim 1, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm Above-mentioned deciphering message digest.
6. equipment as claimed in claim 1, wherein above-mentioned microprocessor include the cipher machine that is arranged in an execution logic/ Hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be to be produced by above-mentioned cipher machine/hashing unit Raw, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
7. equipment as claimed in claim 6, wherein above-mentioned microprocessor also includes the unrest being arranged in above-mentioned execution logic Number producer, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces a random number, Wherein above-mentioned partition selector is randomly to be set in during next basic input output system checks using above-mentioned random number The quantity of the above-mentioned content of basic input output system subregion to be checked.
8. a kind of equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with And corresponding above-mentioned content of basic input output system subregion;And
One microprocessor, is coupled to above-mentioned ROM of BIOS, including:
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy Enough access this partition selector, in order in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned bases It is above-mentioned that this input-output system content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction Microprocessor is produced with key with the identical algorithm of above-mentioned scrambled message digest using for producing above-mentioned first message digest Raw civilian corresponding to one or more second messages corresponding to one or more above-mentioned content of basic input output system subregions Pluck and corresponding in corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, comparison State the second message digest and above-mentioned deciphering message digest, and work as one or more above-mentioned second message digests and one or many When individual above-mentioned deciphering message digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
9. equipment as claimed in claim 8, wherein above-mentioned basic input output system inspection is interrupted being periodically for the moment Between interval produce.
10. equipment as claimed in claim 8, wherein above-mentioned basic input output system inspection is interrupted being sending out according to an event Give birth to and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
11. equipment as claimed in claim 8, wherein above-mentioned microprocessor be produced using a Secure Hash Algorithm above-mentioned Second message digest.
12. equipment as claimed in claim 8, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm Above-mentioned deciphering message digest.
13. equipment as claimed in claim 8, wherein above-mentioned microprocessor also includes:
One cipher machine/hashing unit, is arranged in an execution logic, in order to produce above-mentioned second message digest and above-mentioned deciphering Message digest, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
14. equipment as claimed in claim 13, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection Afterwards, produce a random number,
Wherein above-mentioned partition selector is randomly to be set in next basic input output system inspection using above-mentioned random number The quantity of the above-mentioned content of basic input output system subregion that period to be checked.
A kind of 15. methods in order to protect the basic input output system in a computing system, including:
Store multiple content of basic input output system subregions and multiple scrambled message digest to a basic input output system Read only memory, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned Scrambled message digest is included in an encryption version and the corresponding above-mentioned basic input output system of one first message digest Hold subregion;
A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects one or many Individual above-mentioned content of basic input output system subregion, wherein selected one or more above-mentioned content of basic input output system The quantity of subregion is to be determined by a Tamper Detection microcode;
Interrupt in response to above-mentioned basic input output system inspection, one or more above-mentioned content of basic input output system are divided Area and corresponding one or more above-mentioned scrambled message digest enter line access, and using for producing above-mentioned first message Digest to be produced corresponding to selected one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more State corresponding one or more deciphering message digests of scrambled message digest;
Relatively above-mentioned second message digest and above-mentioned deciphering message digest;And
And when one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest are not paired phases Meanwhile, prevent the operation of a microprocessor.
16. methods as claimed in claim 15, wherein above-mentioned basic input output system inspection is interrupted being periodically one Time interval produces.
17. methods as claimed in claim 15, wherein above-mentioned basic input output system inspection is interrupted being according to an event Occur and produce, wherein above-mentioned event includes the one or more generations selected from one of following event:
One input/output access;
The change of one processor speed;And
The change of one virtual memory mappings.
18. methods as claimed in claim 15, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter The step of line access also includes:
Produce above-mentioned second message digest using a Secure Hash Algorithm.
19. methods as claimed in claim 15, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter The step of line access also includes:
Produce above-mentioned deciphering message digest using an advanced encryption standard algorithm.
20. methods as claimed in claim 15, wherein above-mentioned microprocessor includes the password being arranged in an execution logic Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
21. methods as claimed in claim 20, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly Number, wherein above-mentioned subregion select to be randomly to be set in during next basic input output system checks using above-mentioned random number The quantity of the above-mentioned content of basic input output system subregion to be checked.
A kind of 22. equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with And corresponding above-mentioned content of basic input output system subregion;
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy Enough access this partition selector, produce above-mentioned basic input and output system in order to the combination occurring in time interval and event System check interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned basic input and output systems System content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction one microprocessor using use Come to produce the identical algorithm of above-mentioned first message digest and above-mentioned scrambled message digest and key to produce corresponding to one or Corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregions and correspond to one Corresponding one or more deciphering message digests of individual or multiple above-mentioned scrambled message digest, the above-mentioned second message digest of comparison With above-mentioned deciphering message digest, and work as one or more above-mentioned second message digests and one or more above-mentioned deciphering message When digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
23. equipment as claimed in claim 22, wherein above-mentioned microprocessor be using a Secure Hash Algorithm to produce on State the second message digest.
24. equipment as claimed in claim 22, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm Raw above-mentioned deciphering message digest.
The combinations thereof that 25. equipment as claimed in claim 22, wherein time interval and event occur includes time interval And the programmed order that event occurs.
26. equipment as claimed in claim 22, wherein above-mentioned microprocessor includes the password being arranged in an execution logic Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
27. equipment as claimed in claim 26, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly Number, wherein when the time interval that an event occurs is overdue, altering timer is randomly to set next using above-mentioned random number Whether individual basic input output system inspection is interrupted setting up.
28. equipment as claimed in claim 26, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly Number, wherein above-mentioned partition selector is randomly to be set in next basic input output system using above-mentioned random number to check the phase Between the quantity of above-mentioned content of basic input output system subregion to be checked.
A kind of 29. equipment in order to protect the basic input output system in a computing system, including:
One ROM of BIOS, including:
Multiple content of basic input output system subregions, each of which above-mentioned content of basic input output system subregion is to save as Readable text;And
Multiple scrambled message digests, each of which above-mentioned scrambled message digest include an encryption version of one first message digest with And corresponding above-mentioned content of basic input output system subregion;
One microprocessor, is coupled to above-mentioned ROM of BIOS, including:
One partition selector, in order to the basic input output system inspection in response to the normal operating interrupting above-mentioned computing system Interrupt, select one or more above-mentioned content of basic input output system subregions, wherein selected one or more above-mentioned bases The quantity of this input-output system content partition is to be determined by a Tamper Detection microcode;And
One tamper detector, is coupled to above-mentioned ROM of BIOS and above-mentioned partition selector and energy Enough access this partition selector, produce above-mentioned basic input and output system in order to the combination occurring in time interval and event System check interrupt, in response to above-mentioned basic input output system inspection interrupt and to one or more above-mentioned basic input and output systems System content partition and corresponding one or more above-mentioned scrambled message digest enter line access, instruction above-mentioned microprocessor use It is used for producing above-mentioned first message digest to produce corresponding to one with key with the identical algorithm of above-mentioned scrambled message digest Or corresponding one or more second message digests of multiple above-mentioned content of basic input output system subregion and corresponding to Corresponding one or more deciphering message digests of one or more above-mentioned scrambled message digests, the above-mentioned second message literary composition of comparison Pluck and above-mentioned deciphering message digest, and when one or more above-mentioned second message digests and one or more above-mentioned deciphering news When breath digest is not identical in pairs, prevent the operation of above-mentioned microprocessor.
30. equipment as claimed in claim 29, wherein above-mentioned microprocessor be using a Secure Hash Algorithm to produce on State the second message digest.
31. equipment as claimed in claim 29, wherein above-mentioned microprocessor is to be produced using an advanced encryption standard algorithm Raw above-mentioned deciphering message digest.
The combinations thereof that 32. equipment as claimed in claim 29, wherein time interval and event occur includes time interval And the programmed order that event occurs.
33. equipment as claimed in claim 29, wherein above-mentioned microprocessor also includes:
One cipher machine/hashing unit, is arranged in an execution logic, in order to produce above-mentioned second message digest and above-mentioned deciphering Message digest, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
34. equipment as claimed in claim 33, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection Afterwards, produce a random number, wherein when one event occur time interval overdue when, alter timer be using above-mentioned random number come with Machine ground sets next basic input output system inspection is interrupted whether setting up.
35. equipment as claimed in claim 33, wherein above-mentioned microprocessor also includes:
One random number generator, is arranged in above-mentioned execution logic, in order to complete a current basic input output system inspection Afterwards, produce a random number, wherein above-mentioned partition selector is randomly to be set in next basic input using above-mentioned random number The quantity of the above-mentioned content of basic input output system subregion to be checked during output system inspection.
A kind of 36. methods in order to protect the basic input output system in a computing system, including:
Store multiple content of basic input output system subregions and multiple scrambled message digest to a basic input output system Read only memory, each of which above-mentioned content of basic input output system subregion is to save as readable text, and each above-mentioned Scrambled message digest is included in an encryption version and the corresponding above-mentioned basic input output system of one first message digest Hold subregion;
A basic input output system inspection in response to the normal operating interrupting above-mentioned computing system is interrupted, and selects one or many Individual above-mentioned content of basic input output system subregion, wherein selected one or more above-mentioned content of basic input output system The quantity of subregion is to be determined by a Tamper Detection microcode;
Produce above-mentioned basic input output system inspection and interrupt in a combination of time interval and event generation;
Interrupt in response to above-mentioned basic input output system inspection, one or more above-mentioned content of basic input output system are divided Area and corresponding one or more above-mentioned scrambled message digest enter line access, and using for producing above-mentioned first message Digest to be produced corresponding to selected one or more above-mentioned bases with key with the identical algorithm of above-mentioned scrambled message digest Corresponding one or more second message digests of this input-output system content partition and corresponding on one or more State corresponding one or more deciphering message digests of scrambled message digest;
Relatively above-mentioned second message digest and above-mentioned deciphering message digest;And
When one or more above-mentioned second message digests and one or more above-mentioned deciphering message digest are not identical in pairs, Prevent the operation of a microprocessor.
37. methods as claimed in claim 36, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter The step of line access also includes:
Produce above-mentioned second message digest using a Secure Hash Algorithm.
38. methods as claimed in claim 36, wherein above-mentioned in response to above-mentioned basic input output system inspection interrupt, to one Individual or multiple above-mentioned content of basic input output system subregions and corresponding one or more above-mentioned scrambled message digest enter The step of line access also includes:
Produce above-mentioned deciphering message digest using an advanced encryption standard algorithm.
The combinations thereof that 39. methods as claimed in claim 36, wherein time interval and event occur includes time interval And the programmed order that event occurs.
40. methods as claimed in claim 36, wherein above-mentioned microprocessor includes the password being arranged in an execution logic Machine/hashing unit, and above-mentioned second message digest and above-mentioned deciphering message digest be by above-mentioned cipher machine/hashing unit institute Produce, wherein above-mentioned key is only capable of entering line access by above-mentioned cipher machine/hashing unit.
41. methods as claimed in claim 40, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly Number, wherein when the time interval that an event occurs is overdue, altering timer is randomly to set next using above-mentioned random number Whether individual basic input output system inspection is interrupted setting up.
42. methods as claimed in claim 40, wherein above-mentioned microprocessor also includes be arranged in above-mentioned execution logic one Random number generator, wherein after completing a current basic input output system and checking, above-mentioned random number generator produces one disorderly Number, wherein subregion select be randomly to be set in next basic input output system inspection using above-mentioned random number during be intended to examine The quantity of the above-mentioned content of basic input output system subregion looked into.
CN201410085132.9A 2013-11-13 2014-03-10 The apparatus and method for of protection basic input output system Active CN103810443B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14/079,299 US9183394B2 (en) 2013-11-13 2013-11-13 Secure BIOS tamper protection mechanism
US14/079,299 2013-11-13
US14/079,226 US9129113B2 (en) 2013-11-13 2013-11-13 Partition-based apparatus and method for securing bios in a trusted computing system during execution
US14/079,226 2013-11-13

Publications (2)

Publication Number Publication Date
CN103810443A CN103810443A (en) 2014-05-21
CN103810443B true CN103810443B (en) 2017-03-01

Family

ID=50707192

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410085132.9A Active CN103810443B (en) 2013-11-13 2014-03-10 The apparatus and method for of protection basic input output system

Country Status (2)

Country Link
CN (1) CN103810443B (en)
TW (1) TWI520001B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112908392B (en) * 2021-02-09 2023-09-15 东芯半导体股份有限公司 Control method for controlling parameters of nonvolatile memory

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5802592A (en) * 1996-05-31 1998-09-01 International Business Machines Corporation System and method for protecting integrity of alterable ROM using digital signatures
CN1231787A (en) * 1996-09-30 1999-10-13 英特尔公司 Secure BIOS
CN1591362A (en) * 2003-08-25 2005-03-09 联想(北京)有限公司 Safety chip information processing apparatus and starting method based on chip
CN101421739A (en) * 2006-04-13 2009-04-29 惠普开发有限公司 Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS
CN103038745A (en) * 2010-05-21 2013-04-10 惠普发展公司,有限责任合伙企业 Extending an integrity measurement

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5802592A (en) * 1996-05-31 1998-09-01 International Business Machines Corporation System and method for protecting integrity of alterable ROM using digital signatures
CN1231787A (en) * 1996-09-30 1999-10-13 英特尔公司 Secure BIOS
CN1591362A (en) * 2003-08-25 2005-03-09 联想(北京)有限公司 Safety chip information processing apparatus and starting method based on chip
CN101421739A (en) * 2006-04-13 2009-04-29 惠普开发有限公司 Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS
CN103038745A (en) * 2010-05-21 2013-04-10 惠普发展公司,有限责任合伙企业 Extending an integrity measurement

Also Published As

Publication number Publication date
TW201518987A (en) 2015-05-16
CN103810443A (en) 2014-05-21
TWI520001B (en) 2016-02-01

Similar Documents

Publication Publication Date Title
US10089470B2 (en) Event-based apparatus and method for securing BIOS in a trusted computing system during execution
US9183394B2 (en) Secure BIOS tamper protection mechanism
EP2874091B1 (en) Partition-based apparatus and method for securing bios in a trusted computing system during execution
EP2874092B1 (en) Recurrent BIOS verification with embedded encrypted hash
US9367689B2 (en) Apparatus and method for securing BIOS in a trusted computing system
US10049217B2 (en) Event-based apparatus and method for securing bios in a trusted computing system during execution
US9779242B2 (en) Programmable secure bios mechanism in a trusted computing system
US9798880B2 (en) Fuse-enabled secure bios mechanism with override feature
CN103810442A (en) Equipment for protecting basic input/output system and method thereof
US9779243B2 (en) Fuse-enabled secure BIOS mechanism in a trusted computing system
CN103810443B (en) The apparatus and method for of protection basic input output system
US10055588B2 (en) Event-based apparatus and method for securing BIOS in a trusted computing system during execution
EP3316168B1 (en) Fuse-enabled secure bios mechanism in a trusted computing system
TWI655555B (en) Apparatus and method for securing bios
CN107273770B (en) Protection apparatus and method for bios
US9767288B2 (en) JTAG-based secure BIOS mechanism in a trusted computing system
US10095868B2 (en) Event-based apparatus and method for securing bios in a trusted computing system during execution
Shire Microprocessors and Microcontrollers Security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant