The present invention relates to computer systems. More specifically, the invention relates to systems for storing configuration information in a tamper resistant manner.
Each of Intel""s Pentium(copyright) III processors stores a value, which is intended to be statistically unique for a given processor, that is analogous to its xe2x80x9cfingerprint.xe2x80x9d That statistically unique value can be said to constitute a processor serial number (xe2x80x9cPSNxe2x80x9d) for a given processor. Invoking the CPUID instruction enables access to the PSN by loading the PSN into a general purpose register that is visible to a programmer, who may use that value for any desired purpose.
Because of this processor identifier, a remote server may identify a particular Pentium(copyright) III processor containing system by simply accessing that value. Such a feature may enable such a server to grant access to certain confidential information to authorized systems only. For example, a server that stores bank, brokerage, medical, or other confidential records, may permit access only to a remote system that has a particular PSN. When such a remote system requests access to a restricted account or record, the server can retrieve that system""s PSN, then check it against a set of previously stored PSNs, which identify systems for which access is authorized. If the remote system""s PSN does not match any of the stored PSNs, then access is denied.
Although the presence of a remotely accessible PSN on a given system may enable such a useful authentication function, the system user may not want to allow indiscriminate access to that number. Such access could, in theory, permit tracking of the user""s web surfing activity, which the user may not desire. One proposal for enabling a user to choose whether to permit or prohibit access to a system""s PSN is to provide a setup option that allows the user to activate or disable PSN access. The user""s selection is recorded as an xe2x80x9conxe2x80x9d or xe2x80x9coffxe2x80x9d state for a bit stored in CMOS memory.
For some users, however, such a mechanism for providing user control over access to the PSN may not be deemed adequate. A malicious intruder having access to the system could locate the bit in CMOS that controls the PSN disable function and program a change from the xe2x80x9coffxe2x80x9d state to the xe2x80x9conxe2x80x9d state. Such a change will reactivate remote access to the PSN without the user""s knowledge the next time the system is restarted.
Accordingly, there is a need for a method for securing CMOS configuration information. There is a need for such a method that makes it more difficult for an intruder to remotely alter CMOS settings, e.g., one disabling remote access to the PSN of a Pentium(copyright) III processor containing system.
A system and method for securing configuration information for a computer is disclosed. The method comprises saving configuration information in CMOS memory, and automatically programming that configuration information into a non-volatile memory at the same time it is saved into the CMOS memory. The configuration information is automatically programmed into the non-volatile memory in a user transparent manner without user action. The method of the present invention may further comprise storing configuration information in a non-volatile memory, and automatically writing the configuration information from the non-volatile memory to a CMOS memory every time the computer system is powered on or reset, in a user transparent manner without user action.
The system includes a processor, a CMOS memory, and a non-volatile memory. That memory, preferably a flash memory, contains computer-executable instructions for causing configuration information, when saved to the CMOS memory, to be automatically programmed into the non-volatile memory and/or for causing configuration information to be automatically retrieved from the non-volatile memory and written into the CMOS memory every time the computer system is powered on or reset.