1. Field of the Invention
The invention pertains generally to a boot process in a computer system. More particularly, it pertains to a protected boot process that resists tampering with the boot sequence.
2. Description of the Related Art
Before a computer system can operate, it must have an operating system (OS) in its memory that allows the computer""s resources to be reached and controlled by the other software, such as the various application programs. It is desirable to have various types and versions of operating systems loadable into the same computer system hardware. To accomplish this, the computer hardware has a non-volatile, comparatively simple bootstrap program, which initializes various basic functions and then loads more complicated software from a disk. The boot sequence may have multiple levels of load programs, with each successive level loading a more complex, more capable, but also more modifiable program until the OS itself is loaded.
In a conventional system, the boot process is started with a reset function of some kind. This might be a cold start reset (power to the hardware is initially off), a warm start reset (the hardware is already powered up, but in a partially unknown logic state), or one of several other starting conditions. The type of reset affects the particular functions that must be performed in the boot sequence, but generally does not change the overall boot process.
The reset function typically generates a reset interrupt, which vectors the system to a program in non-volatile memory and begins execution from that point. This program is generally a Basic Input-Output System (BIOS) in flash memory. The BIOS enables basic input-output (IO) control, branches into an option ROM to enable the options that are active in that particular system, and then branches back into the BIOS program to complete initialization and load the OS into main memory from a disk. While most of the hardware in such a system is provided by the computer vendor, the BIOS and option ROM are typically provided by third party vendors, so the computer vendor has limited knowledge of, and control over, the specific contents of these items. In addition, both the BIOS and option ROM are typically reprogrammable while in the computer and therefore subject to tampering after the system has been installed. This presents a security issue, since there is no way to tell if the BIOS or option ROM have been tampered with. Widespread concern over sophisticated hackers and computer viruses makes this problem especially worrisome, as the system may be tampered with in unknown and possibly undetectable ways.
Computer vendors want to be able to verify that the bootstrap sequence is the one they want and expect, and that any unauthorized changes that have been made to this sequence are detectable at boot time so the boot sequence can be terminated and the problem investigated.
The invention includes a method of booting an operating system that includes initiating a reset function, executing a protected program, validating a BIOS program, and executing the BIOS program.