1. Field of the Invention
This invention relates generally to providing a secure operating environment for a computer system and, more particularly, to providing a secure way of reading from and writing to the computer system's configuration registers.
2. Background of the Related Art
This section is intended to introduce the reader to various aspects of art which may be related to various aspects of the present invention which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Since the introduction of the first personal computer (“PC”) over 20 years ago, technological advances to make PCs more useful have continued at an amazing rate. Microprocessors that control PCs have become faster and faster, with operational speeds eclipsing the gigahertz (one billion operations per second) and continuing well beyond.
Productivity has also increased tremendously because of the explosion in development of software applications. In the early days of the PC, people who could write their own programs were practically the only ones who could make productive use of their computers. Today, there are thousands and thousands of software applications ranging from games to word processors and from voice recognition to web browsers.
In addition to improvements in PC hardware and software generally, the technology for making computers more useful by allowing users to connect PCs together and share resources between them has also seen rapid growth in recent years. This technology is generally referred to as “networking.” In a networked computing environment, PCs belonging to many users are connected together so that they may communicate with each other. In this way, users can share access to each other's files and other resources, such as printers. Networked computing also allows users to share internet connections, resulting in significant cost savings. Networked computing has revolutionized the way in which business is conducted across the world.
Not surprisingly, the evolution of networked computing has presented technologists with some challenging obstacles along the way. Large, geographically diversified computer networks are susceptible to attacks by hackers who desire to gain access to information stored on those computer networks. Such hackers are sometimes motivated by nothing more than the pride they feel when they accomplish a difficult and technically challenging goal in the face of significant efforts to repel their efforts. Sadly, however, many hackers seek to compromise network security for material gain.
The data stored on modem computer networks ranges from military and corporate secrets to personal information, including social security numbers, bank records or information about credit card accounts. This information is obviously very valuable. If a conniving hacker successfully breaks into a network environment where such data is stored, the hacker may use the data directly or sell it to others who would not hesitate to use the information to the disadvantage of its rightful owner. The theft of supposedly secure data could subject the company that stored the data to falling customer confidence resulting in declining business opportunities. Failure to adequately protect the confidential information of others can even give rise to legal liability in some cases.
The complexity of modem computer networks and the equipment that comprises those networks provides hackers with many, many avenues to access secured data. Hackers frequently seek to take advantage of operational quirks of computer hardware and software (such as browser software) that the designers of that hardware or software did not intend or foresee. Even aspects of computer equipment that are intended to provide new features and additional security give imaginative hackers opportunities to compromise network security and steal confidential data.
Configuration registers are a favorite target of the attention of malicious computer hackers. All computers have configuration registers that contain control data to govern their operation. Examples of information that may be stored in the configuration registers of a computer are (1) the location of secured areas in the computer system's memory map (i.e. locations of data that are secured from outside access); (2) control information that configures peripherals; and/or (3) control information that places the computer system in certain modes of operation and otherwise governs the operation of the computer system. Data is typically written to the configuration registers of a computer system when the computer system is initialized. Data may, however, be written to configuration registers when the computer system is in operation. Additionally, data may be read from configuration registers by users or devices desiring to know the set-up of the particular aspect of the computer's operation that is controlled by the configuration register being read.
The data stored in the configuration registers of a computer system are extremely important in controlling the overall operation of the computer system. Configuration register data also controls the behavior of the computer system as part of a networked environment. Accidental or malicious overwriting of a device's configuration registers could cause that device to malfunction or cause the computer network or bus on which the computer system is resident to also malfunction.
If a hacker gains the ability to read and/or write data to the computer systems configuration registers, he/she may wreck havoc in the computer system in a number of ways. Examples of such havoc include unlocking and accessing highly confidential data stored on the computer system, changing the operational parameters of the computer system or writing data to the configuration registers to cause the computer system to crash or otherwise compromise its operation.
Previous methods of preventing improper access to a computer's configuration registers exist, but they suffer from known weaknesses. In a first known method, a user must write a correct password to a known location or configuration register to unlock the configuration registers for read/write access. After the user has completed reading from and/or writing to the configuration registers, the user must again write to the specific location to lock the configuration registers against future read/write access. In a second known method, a key mechanism is employed in which the user must include a particular binary pattern before writing to a configuration register. The binary pattern is used as a prefix to the write data provided for that register.
Users of the first method described above (hereinafter, “Method 1”) may unlock access to a device's configuration space by writing the password, perform the required reads and writes to the registers, and then lock access to that space. The problem with this method is that another user can, either accidentally or intentionally, overwrite the unlocked space while the original user is still performing their updates. To reduce the period of vulnerability, users of Method 1 may require that the unlock operation be performed for each configuration access to the device. That approach is inefficient because it requires a leading (unlock) and trailing (lock) write for every configuration access. In addition, Method 1 requires an increased number of lock/unlock reads and writes, which could be monitored by a hacker with partial access to the computer system to identify the unlock messages. The hacker may then be able to discern the password to the unlocking register, and then subsequently gain access to overwrite the configuration space of the device.
The second method referred to above (hereinafter, “Method 2”) only applies to write accesses and does not provide any means of protection against unauthorized read accesses. Nonetheless, an unauthorized user could intercept the write pattern to the configuration registers and figure out the pre-fixed key. With this knowledge, the unauthorized user could subsequently overwrite the configuration space of the system.
An improved way to provide security for the configuration registers of a computer system in order to minimize the accidental or malicious reading from and/or writing to the control registers of the computer system is desirable.