Electronic systems and devices, for example, desktop computers, laptop computers, personal digital assistants (PDAs), set top boxes, servers, point-of-sale (POS) devices, automated teller machines (ATMs), wireless communication devices, for example, cellular telephones and other suitable devices and combinations thereof typically include one or more internal expansion slots to provide for upgraded functionality and/or to allow the system or device to interconnect with other devices, for example, video cards or other peripheral components. Electronic devices also typically include one or more external connection points, for example, USB connections, serial connections and parallel connections which allow a peripheral component to be connected to the electronic device. Typically, such connection points are coupled to one or more of the buses, for example, the peripheral component interconnect (PCI) bus of the corresponding electronic device.
Peripheral devices, for example, video cards, typically include a memory component that stores the operating code specific to the corresponding peripheral device, that is operative independent of the operating system executed on the electronic device or system to which the peripheral device is connected. Such a memory is referred to as an option read only memory (option ROM). In addition to the operating code for the corresponding peripheral device, the option ROM may also include code which facilitates the communication and interoperability of the peripheral device with the electronic device to which it is connected.
System firmware, for example, basic input/output system (BIOS) code or core system software code is maintained within a non-volatile memory of the electronic device and is operative to recognize and initialize the hardware subsystems and components of the electronic device and transfer control of the electronic device to an applicable operating system, upon completion of the initialization process. The system firmware is also responsible for interconnecting to, recognizing and executing the firmware and other code maintained on the option ROMs of peripheral devices.
System integrity problems, in the form of reduced security, may result from the blind or unchecked connection and execution of the code maintained in peripheral option ROMs. Currently, when a peripheral device is connected to an electronic device, the peripheral device is recognized and the system firmware of the electronic device communicates with the peripheral device and provides for the execution of the code maintained with the option ROM of the peripheral device. A drawback with conventional execution methods is that the code maintained within the option ROM may contain or include malicious code that may damage the electronic device or prevent it from operating correctly. The malicious code may also contain viruses that may be transmitted to other devices or systems to which the affected electronic device is connected to.
Currently, the most common security measure employed to prevent an option ROM-based attack is provided by what is referred to as hardware security—the fact that a malicious user or potential hacker has to physically open the device housing and insert the peripheral device into an available expansion slot on a mother board of the electronic device. This may be a tedious and complex process given the structure of the electronic device. For example, laptop computers and PDAs do not have a significant amount of room within the device housing to insert an internal board or other device. Thus, the potential hacker has to have knowledge of the internal architecture of the electronic device, as well as be able to manipulate the limited space within the device housing to insert the peripheral device and corresponding option ROM. This may be time consuming and not worth the effort.
An alternate security measure employed by current electronic devices to prevent an option ROM-based attack is to require the electronic device to start up (or restart) each time a new device is coupled to or detected by the electronic device. This has the drawback of requiring the electronic device to be restarted (or rebooted) each time a peripheral device is added, which may take up a substantial amount of time. However, after the electronic device is restarted, there is no way to prevent any harmful code maintained within the option ROM from propagating throughout the electronic device and into, for example through a network, any devices connected to the affected electronic device.