1. The Field of the Invention
The invention relates to the field of personal computer manufacturing, and more particularly to the ability to securely modify system attributes of a pre-configured computing device that has already completed the manufacturing process.
2. Background of the Art
Nearly every modern personal computer system is sold with Basic Input Output System (BIOS) code, but only recently have manufacturers of BIOS code provided mechanisms for enabling users of personal computers and manufacturers of personal computers to access BIOS code. BIOS is an embedded code storage application of the personal computer, and more particularly is a low level code interfacing the operating system to the specific hardware implementation. BIOS is typically stored in a flash Electrically-Erasable-Programmable-Read-Only-Memory (EEPROM) that in turn is mounted on the main system board of the personal computer. The BIOS of a main system board is often software stored on an EEPROM chip which helps the main system board to function correctly and communicate with devices on the board surfaces and also secondary devices and software protocols that are attached to or running on the main system board respectively.
Typical functions of the BIOS code include the initialization of disk drives (including floppy, hard, and compact), setting control registers settings and the initialization of the video and graphical interfaces. The BIOS is specifically configured for each PC based on the presence of specific hardware and the current version or manufacturer of the hardware to take advantage of all or select BIOS functions. Often, when the hardware of the personal computer is updated or modified, the BIOS code may need to be upgraded to properly recognize and initialize the new hardware. Typically, an updated BIOS can be flashed to the Flash Read-Only Memory (ROM), after additional components of the PC have been replaced or upgraded.
Additionally, it is known that the Flash ROM memory array may be divided into two distinct sections, the boot block and the main block. The main block of the Flash ROM contains applications, such as those presented above, which are hereinafter referred to as the “main data applications.” The boot block of the Flash ROM is however protected from an ordinary flash, such that the data remaining in the boot block portion is present even after a corrupted Flash ROM image is flashed.
During the manufacturing process of personal computers, particularly of large volume orders, it is often typical for each ordered personal computer within a large order to be required to contain certain hardware capability, specific select software programs, and to be configured in a particular manner, per the order. In essence, a system is manufactured based upon a suite of features and capabilities (i.e., system attributes) for a specific customer or user. It is also quite common in these types of orders to include as a result of manufacture standardized or stock feature cards and/or chips that have functional capabilities beyond those functions or features initially ordered. Though the inclusion of such additional capabilities and functionality may appear to be more expensive, due to the quantity of stock product, the economics often favorably support such a manufacturing decision. This economic trade is becoming better understood in the industry, and is becoming a decision point that is resulting in manufacturers including a common set of features and equipment in most assembled products; this common set of equipment/functionality offering is also known as the manufacturer's “common building block.”
However, for a variety of reasons, including specific customer requirements, it is often necessary to de-function or limit the capabilities of the additionally included functionality that is present on these cards and chips. Ensuring that this de-functioning result is maintained (such that the scope of system attributes as defined as of the time manufacture versus the broad capability available as a result of that present), and that such de-functioning survives post-manufacture is also an important issue as otherwise it may be possible for a user to order a “reduced-function” system at a reduced cost and perform unauthorized post-manufacturing modifications to illegally upgrade and sell a “full-function” system that does not meet the standards of the labeled manufacturer of the system. Similarly, there also may exist a situation where one or more manufactured system needs to be modified or upgraded (e.g., a customer has cancelled orders or there exists an oversupply of stock of a manufactured line in-house) such that further functionality of system attributes of those systems need to be either increased or decreased in functioning scope. Since manufacturing of systems often occurs at locations separate from order facilities and by vendors who are contracted to manufacture, ensuring that end products produced are commensurate with the prescribed system attributes assigned at the time of manufacture is important but is clearly difficult to track.
Fixing a set of system attributes for a system at a particular time or stage of manufacture is however possible using the boot block. For instance, when a system has completed the manufacturing stage (i.e., the system has not yet been shipped to the customer but has been built to a prescribed level of manufacture), it is possible to concurrently set a bit (e.g., MFG_DONE) within the boot block of the system in the manufacturing environment to indicate that the system is complete (or at a particular stage) and that no further system attribute changes or modifications are to take place. In other words, the system has a fixed set of system attributes. Although the MFG_DONE bit is identified herein by example, other one-way bits located in the boot block are also envisioned by the present invention, and the invention is not so limited to the examples set forth.
The MFG_DONE bit is a bit that may be set by the manufacturer at the time of completion of the system (or at a predetermined stage of manufacture), and the setting of the bit prevents further modification to the set of system attributes of that particular system outside of the manufacturing environment. This bit setting approach in the manufacturing environment is an approach that is well-aligned with requirements set forth by the Trusted Computer Platform Alliance (TCPA) requiring that a manufacturer establish a Core Root of Trust for Measurement (CRTM) that is to be controlled by manufacturing. One of the goals of the TCPA is to maintain the privacy of the platform owner while providing a ubiquitous interoperable mechanism to validate the identity and integrity of a computing platform. However, since the MFG_DONE bit is set in the manufacturing environment, in the event the finished system is recalled, withdrawn, identified as overstock to be modified, selected for re-introduction, or the like, or when there is an express order to alter its functionality, the system attributes of that system cannot be easily changed since the MFG_DONE bit is set to indicate that the system is “outside of the manufacturing environment.” Similarly, there may exist the situation where a large volume system user orders an upgrade of the functions and features of numerous systems that were originally ordered as “low-function” to “full-function” and are presently in operation at the client site, which is physically remote from the manufacturing environment.
As used herein the terms “BIOS”, “BIOS code”, “BIOS image files” and “system BIOS” are used interchangeably and are intended to have similar meanings and uses in relation to functions and characteristics associated with BIOS. As used herein the terms “personal computer,” “computer,” “PC,” “system,” “computing device,” and “server,” are used interchangeably and are intended to have similar meanings and uses in relation to functions and characteristics associated with electronic information handling systems.