1. Field of the Invention
This invention relates to computer system security and, more particularly, to a device and method for preventing access of a secured plug and play peripheral device (or address range within the peripheral device) whose base address has been modified.
2. Description of the Related Art
Contained within a portion of the computer system non-volatile memory is a program often referred to as Basic Input/Output System (xe2x80x9cBIOSxe2x80x9d). BIOS is the interface between the computer system hardware and the operating system and applications software. The BIOS is generally run at boot-up in order to establish the serial and parallel ports, test memory, and generally determine the overall hardware configuration of the computer system. Thereafter, the processor within the computer system is instructed to read the operating system software (and eventually the applications software) from a configured disk drive.
In order to configure various hardware resources during boot-up, it is necessary that the input/output (xe2x80x9cI/Oxe2x80x9d) address space of each hardware resource be assigned. This may entail writing an I/O address space to a register assigned to that hardware resource. Typically, the configuration register of each resource is contained on the same card as the interface to that resource so that whenever accesses occur, those accesses are immediately mapped to the corresponding resource.
Many types of hardware resources contain sensitive data and/or instructions. Those hardware resources are often linked to peripheral buses within the computer system, and are henceforth referred to as xe2x80x9cperipheral devicesxe2x80x9d. For example, a computer system may employ several peripheral buses, such as an Integrated Drive Electronics (xe2x80x9cIDExe2x80x9d) bus, a Peripheral Component Interface (xe2x80x9cPCIxe2x80x9d) bus, and/or an Industry Standard Architecture (xe2x80x9cISAxe2x80x9d) bus. A peripheral device, such as a disk drive, can reside upon the IDE bus and may contain sensitive information that must be periodically secured against unauthorized access. Certain information accessible across a serial port, a parallel port, or contained within a floppy disk drive, and commonly linked to an ISA bus may also be securable. Passwords stored within static RAM, linked to the ISA bus must be maintained private to only the individual or individuals who are authorized to examine or modify those passwords. The static RAM attributed to a computer system is often referred to as CMOS RAM.
The desire to maintain security to certain peripheral devices connected to a peripheral bus, for example the ISA bus, becomes particularly acute with the advent of what is commonly known as xe2x80x9cPlug and Playxe2x80x9d devices. Set forth in the xe2x80x9cPlug and Play ISA Specificationxe2x80x9d Version 1.0a, May 5, 1994, copyright Intel and Microsoft Corporation (herein incorporated by reference and henceforth referred to as the xe2x80x9cSpecificationxe2x80x9d), the interface to various peripheral devices can be configured upon an adapter card and merely plugged into slots associated with the computer system. In the example provided, the slots are connected to the ISA bus such that a user interface adapter, a memory media adapter, and various other adapters can be easily and quickly plugged into numerous slots associated with the ISA bus. A popular ISA adapter includes what is often referred to as a xe2x80x9cSuper I/Oxe2x80x9d adapter. The Super I/O is essentially an application specific chip, a suitable such chip obtainable from National Semiconductor Corporation as part no. PC87310.
The ease by which hardware resources and, more specifically, ISA peripheral devices (interchangeably referred to as either the devices themselves or as xe2x80x9ccardsxe2x80x9d containing an interface to the devices) can be connected to the ISA bus poses numerous security concerns. For example, a peripheral device, once secured to a slot that is secured, may not remain secured if that peripheral device is re-assigned to a dissimilar slot during removal of its associated adapter card and re-insertion of that card into another slot. Additionally, a peripheral device which is presently secured is often protected against unwarranted accesses to that particular device""s I/O address space. However, if that device is removed from its slot and another device inserted, the second device will be secured even though it may be desirable that it not be secured. It would therefore be beneficial to introduce a computer security system which can maintain security to Plug and Play peripheral devices even though those devices are moved. Moreover, it would be of further benefit to disable security of a slot previously occupied by a secured device, but re-assigned to a device that is not to be secured. The flexibility of re-assigning security controls within an existing Plug and Play ISA system would present a beneficial advancement over conventional, non-flexible (or fixed) security assignments.
The problems outlined above are in large part solved by an improved computer security system hereof. The security system can flexibly secure I/O address spaces to take advantage of modifications allowed by the Plug and Play architecture. Securement can apply to any peripheral device, such as an ISA device. Securing ISA devices, such as the Super I/O device, is achieved by placing security components within a southbridge of the computer system. The southbridge includes a password store and compare unit which retrieves passwords stored in non-volatile memory during computer boot-up, and compares those stored passwords against user-entered passwords. The password store and computer unit is interchangeably referred to as a xe2x80x9cblack boxxe2x80x9d. This description of a black box security device is generally well-known, and set forth in, for example, U.S. Pat. No. 5,748,888 (herein incorporated by reference).
Also contained within the southbridge is a configuration control unit. Upon receiving an initialization key, the configuration control unit isolates each Plug and Play device (i.e., device or card) upon, e.g., the ISA bus and assigns a unique identifier number to each of those respective devices. The identifier number is contained within a register proximate to its respective device. Additionally, the identifier number is contained within a shadow register or device identification register located within the southbridge. For each peripheral device, a corresponding device identification register and unique identifying number is present.
Further embodied upon the southbridge is a security control unit. The security control unit, similar to the configuration control unit, is coupled to the peripheral bus (e.g., ISA bus) and receives a configuration command, or wake command, transmitted across the peripheral bus. The configuration command will cause all peripheral devices that have an identifying number which matches the subsequent write data to transition from a sleep state to possibly a configuration state. Within the configuration state, configuration registers associated with corresponding peripheral devices can be configured with an I/O address range. The configuration registers are assigned to respective peripheral devices and are usually attributed to adapter cards on which those devices reside. The configuration registers are programmed during the configuration state, when boot-up occurs. In addition to programming the configuration registers, the I/O address spaces of respective peripheral devices are also programmed into shadow registers, or I/O address registers, contained within the southbridge.
The device identification registers and I/O address registers shadow or track configuration information stored within configuration registers upon respective adapter cards. However, by placing the configuration information within the southbridge via the shadow registers, allowance of subsequent accesses to particular peripheral devices and to particular I/O base addresses can be made within the southbridge. Accordingly, the security control unit includes a protection comparator which compares, e.g., ISA bus transaction addresses to base addresses and identifying numbers stored within the shadow registers to determine if those corresponding base addresses and identifying numbers represent secured devices. If so, masking logic will prevent reads and writes from being sent to the secured devices being addressed.
The password store and compare unit, or black box, serves to identify which of the peripheral devices is to be secured. If the black box output yields a lock signal, then the masking logic, upon receipt of the lock signal, will block or mask the reading or writing of ISA data. However, if the black box yields and unlock signal, then the masking logic will allow the read and write ISA data to proceed. Accordingly, the masking logic maintains control over the read/write command upon the ISA bus.
According to one embodiment, a computer system is provided. The computer system includes a microprocessor and a Plug and Play peripheral device located separate from a printed circuit board on which the microprocessor resides. The peripheral device includes a base address which is secured against access. A shadowing comparator is coupled to detect modifications to the base address of the peripheral device upon receiving a configuration command, or Wake command, issued by the computer system. An I/O address register is coupled to the shadowing comparator for storing the modified base address. Masking logic is operably coupled to the address registers for preventing access to the modified base address of the peripheral device. Thus, even though the base address of a peripheral device is modified, security of that device is maintained.
The computer system may further include a keyboard, and a storage unit operably coupled between the keyboard and the masking logic for forwarding an unlock signal to the masking logic if a stored password within the storage unit favorably compares with a password entered upon the keyboard. Upon receiving the unlock signal, the masking logic will allow access to the base address of the peripheral device.
According to another embodiment, the computer system includes a plurality of peripheral devices responsive at select times to entry upon the keyboard. A security control unit is operably linked to a peripheral bus on which a secured group of the plurality of peripheral devices are coupled. The security control unit is adapted to detect a change in I/O addresses associated with the secured group of peripheral devices and to prevent accesses to the secured group of peripheral devices before and after the I/O addresses associated therewith are changed.
According to yet another embodiment, a method is provided for securing a peripheral device within a computer system. The method includes associating an I/O address of a Plug and Play ISA peripheral device as one that is secured. A change in the I/O address can then be detected, and the changed I/O address can be stored. The changed I/O address may be recalled whenever access to the peripheral device is attempted. Those accesses can be prevented by associating the changed I/O address as one that is to remain secured.