1. Field of the Invention
This invention relates generally to the field of device security, and more specifically to use of an embedded microcontroller to perform pre-boot and security functions in a system.
2. Description of the Related Art
Increasingly, computers are under threat of malicious tampering or intrusion, e.g., from unauthorized users, either locally or over networks. Identity theft, theft of secrets and similar crimes are made easier by electronic access and the portability of machines. Commensurate with this trend, there is a desire for users to perform financial transactions from their personal computers (PCs). However, the current PC architecture is not secure. The current industry response is to use solutions from industry leaders, along with a device called a Trusted Platform Module (TPM) to better secure secrets within the PC. The most vulnerable time for a PC is during the initial start-up, when the PC must detect if the PC has been tampered with while the power was off, and then and only then boot the machine and allow a user or application to access data on the PC.
One current solution to this problem utilizes the system central processing unit (CPU) and system BIOS (basic I/O service) software. For example, Phoenix Technologies provides a product called TrustedCore, which is firmware that works to establish what is called the “root of trust”. A drawback to this solution is that the system BIOS contains the software that must establish the root of trust. One issue with using the host CPU running BIOS code is that the BIOS is generally stored in an external flash memory which is easily modified by a user. A malicious user could substitute BIOS code that either ignores security or steals secrets, and so a conventional system cannot be trusted to perform the security authorization. Said another way, the BIOS code runs on the main CPU that is trying to be protected. Thus, an intruder could modify the BIOS code that resides in an industry standard flash device, and the root of trust could be broken without the system knowing it.
Thus, in current approaches, the system that is responsible for testing for such tampering is also the system subject to attack. Therefore, a careful attack could disable this self-test.
Other corresponding issues related to the prior art will become apparent to one skilled in the art after comparing such prior art with the present invention as described herein.