The disclosure relates generally to ensuring firmware integrity before a system is booted and to updating firmware.
The first code fetched and executed from a device on power on is commonly referred to as firmware. It's job in a PC may include initializing the CPU, memory, video, keyboard, mouse, hard disk drive, and/or other hardware. It then typically checks each configured bootable device, like the hard disk or USB storage, and loads and executes that software according to a preconfigured boot priority, giving it control of the PC. This process is commonly known as “booting” and is not strictly limited to the PC category of computing devices.
Firmware is usually stored in non-volatile memory on a motherboard. One example of such memory is commonly referred to as “flash” memory. The firmware is specifically designed to work with each particular model of computer, interfacing with various devices that make up the complementary chipset of the system. In modern computer systems, the non-volatile memory's contents can be rewritten without removing it from the motherboard, allowing firmware to be upgraded in place. Hardware manufacturers frequently issue firmware updates to upgrade their products, improve compatibility, and remove bugs.
Since the firmware is stored in rewritable memory, the contents may be replaced or rewritten, sometimes termed “flashing.” Flashing may be performed by a special program, usually provided by the system's manufacturer, with a firmware image in a hard drive or a USB flash drive. A file containing such contents may be referred to as “a firmware image.” For example, firmware may be flashed by storing a firmware image on a root of a USB drive and then booting the system. Firmware may be subsequently re-flashed to upgrade to a newer version to fix bugs, to improve performance, or to support new hardware. In some cases, a re-flashing operation may be performed to fix damaged firmware.
Flash memory devices are advantageous for storing firmware because these devices may be easily updated by a user. However, an improperly executed or aborted firmware update may render a computer unusable. To avoid these situations, recent firmware design includes a “boot block” which is a portion of the firmware that runs first and is updated separately from the rest of the firmware. The boot block code verifies if the rest of the firmware is intact using hash checksums or other methods before transferring control of the firmware. If the boot block detects any corruption in the main firmware, the user is warned that a recovery process should be initiated by booting from removable media so that the user may re-flash the firmware. In some cases, the software that verifies the integrity of flash contents may be compromised to report known good cryptographic hashes of firmware while malicious firmware continues to execute. Systems with mis-programmed flash devices or erased flash devices effectively become useless without manual intervention.