1. Field of the Invention
The present invention relates to non-volatile memory flashing and security management for a computer system, and more particularly, to a method and apparatus for remote non-volatile memory flashing and security management.
2. Description of the Related Art
A remote system management product ideally mhlimizes user action required for system management. Various system management tasks such as delivering software to a target machine or powering a target machine may be remotely performed by a system administrator rather than a user. Certain other system management tasks, however, maintain the need for user action in combination with tasks performed by a system administrator. For these tasks, it has been necessary for a user to be present at a target machine. Two examples of these tasks are flashing a read-only-memory (ROM) of a target machine and changing a security setting for a target machine.
The conventional method of flashing a read-only-memory (ROM) or changing a security setting of a target computer system begins with downloading a new ROM image and flash utility onto a fixed disk of the target computer system. The ROM image and flash utility have typically been gathered from a support compact disc or a website and stored on an operating system partition or a dedicated vendor unique system partition of the fixed disk. Alternatively, the new ROM image and flash utility may be initially stored onto a secondary ROM or non-volatile random access memory (NVRAM) and then copied to the system ROM of the computer system. The system ROM is placed in a protected state by the basic input/output system (BIOS) services during power up of the computer system, thereby preventing a flash operation to the system ROM. After the new ROM image and flash utility are downloaded, the flash utility forces the user to create a flash utility diskette. The user then cold boots the computer system with the created diskette in the floppy drive. When the computer system detects the created diskette, the computer system brings up the program to flash the system ROM. The program to flash the system ROM can prompt the user to enter an administrator password. The program then allows the user to set a configuration parameter or flag to indicate a request to flash the system ROM with the new ROM image. The request to flash the ROM is queued. Upon a reboot of the computer system, the flash utility diskette provides the administrator password to the system ROM to place the system ROM in an unprotected state allowing for a flash operation to the system ROM. Placing the system ROM in an unprotected state upon reboot prevents the BIOS from protecting or locking the ROM. The flash utility diskette next flashes the system ROM. It thus has been necessary for a user to copy a flash utility and ROM image to the system ROM, reboot the computer system, and enter an administrator password as a prerequisite to flashing the ROM. The flash utility which performs the flash of the system ROM also verifies that the system ROM is flashed correctly. The computer system must then be rebooted again to activate the new ROM image flashed to the system ROM.
Similarly, in administering certain security settings of a computer system, it has been necessary to store code and a security settings file on a system partition, request a change to a security setting which is queued for execution upon the next reboot of the computer system, and reboot the computer system to activate the change to the security setting. This process of downloading a flash ROM and security software package and running the code in the package upon reboot of the computer system before flashing a ROM or changing a security setting may be termed an out-of-band process.
Flashing a ROM or changing a security setting as an Aout-of-band.congruent. process has certain disadvantages. Queuing a change to a security setting and activating the change to the security setting upon reboot poses a risk of intervention between the time the change is queued and the time the computer system is rebooted. For example, if a system administrator requests a disabling of a power-on password of a terminated employee, the power-on password of the terminated employee continues to be in effect after the request by the administrator until a subsequent reboot of the computer system. As a result, in this time window, a terminated employee is able to tamper with the files on the computer system prior to a reboot of the computer system. Another basic disadvantage of an out-of-band process is the risk of system error upon the reboot of the computer system. If a system error occurs upon a reboot of a computer system, the queued request to change a security setting may not be serviced. Therefore, upon reboot of a computer system, a system administrator is unable to determine if the change to a security setting is in effect.