1. Field of the Invention
This invention relates to the field of security of computer firmware, especially in the areas of boot-up firmware including Operating System ("OS") and Basic Input and Output System ("BIOS") in general computing systems, in particular personal computers ("PCs").
2. Description of Related Art
One of the most critical elements in a computer system is boot-up firmware. The boot-up firmware may be an Operating System ("OS"), a portion of the OS, or the Basic Input and Output System ("BIOS"). The boot-up firmware is essentially the machine code typically stored in some form of non-volatile memory to allow a Central Processing Unit ("CPU") to perform tasks such as initialization, diagnostics, loading the operating system kernel from mass storage, and routine input/output ("I/O") functions.
Upon initially supplying power to the CPU through a power-up sequence, the CPU will "boot up" by fetching the instruction code residing in the boot-up firmware. Traditionally, the boot-up firmware is implemented in Erasable Programmable Read Only Memory ("EPROM"). However, recent advances in semiconductor technology have allowed boot-up firmware to be implemented in flash memory, increasing its susceptibility to intrusive attack.
Due to its critical role in computer systems, boot-up firmware should be well protected against intrusive attacks. One type of intrusive attack involves an intruder accessing the computer directly, physically removing a boot-up device containing the boot-up firmware (e.g., flash memory, a printed circuit board containing memory, etc.), and substituting that boot-up device with another boot-up device. In some cases, the intruder may be the legitimate owner or user of the computer system who is trying to defraud third-party service providers.
Currently, mechanical security mechanisms, particularly those used by portable computers to erase important information if the laptop's casing is opened without authorization, has little effect in preventing these intrusive attacks. There are no well-established electronic security mechanisms to provide security protection for a path connecting a host processor and a boot-up device.
Therefore, it would be desirable to design a mechanism that prevents an intruder from successfully defrauding others through replacement of the boot-up device such as a cryptographic coprocessor, or a flash memory device for example. This may be achieved by electrically "binding" the physical bootup device to the host processor to provide a secure path between the host processor and the boot-up firmware. This prevents an attacker from simply replacing the cryptographic coprocessor, since the host processor is unable to execute boot-up instructions not previously encrypted by the specific cryptographic coprocessor to which it has been "imprinted".