1. Field of the Invention
The present invention relates to the field of use of protecting flash memory from unintended or unauthorized modification. More particularly, the present invention relates to providing modification protection for code contained in flash memory, such as a Basic Input/Output System program (BIOS).
2. Description of Related Art
Currently, when a PC is first initialized or reset, it begins executing a basic Input/Output System program (BIOS) at a predefined location. The BIOS first performs a Power On Self Test (POST), in which all the system hardware units (such as the interrupt controller, the Direct Memory Access (DMA) controller, and timers/counters) are tested and programmed for normal operation. After the POST is complete, the BIOS scans another predefined memory region for BIOS extension software.
BIOS extension software may be included on hardware expansion plug-in cards. Typically, graphics adapter cards, local area network (LAN) adapter cards, and other hardware expansion plug-in cards have BIOS extension software. BIOS extension software allows the expansion hardware to map its own interrupt service programs into the BIOS function set, thereby adapting the function set to use the custom hardware.
The BIOS function set is defined in terms of software interrupts, meaning the BIOS and any BIOS expansion software must modify the interrupt vector table (BIOS software is written assuming the processor is running in real mode). Programs use the BIOS function set by generating software interrupts, which find the address of a particular BIOS function in the interrupt vector table and transfers control to the interrupt service program.
A common procedure followed by DOS programs is to modify the interrupt vector table to intercept BIOS calls (or other interrupts such as keyboard inputs), examine or process any relevant data, and then pass along control of the processor to the original target BIOS program. For example, when a key is pressed on a keyboard, a hardware interrupt is generated which causes the BIOS to get the relevant data from the keyboard interface, translate the data as necessary, and store it in a queue. Later, a program can generate a software interrupt that requests the BIOS to provide the next key input from the keyboard.
Because the BIOS is the first program to gain control of the processor after reset, it is critical to any security scheme. Therefore, the BIOS must be protected from modification during any time where the machine is in an unsecured operating mode, especially in cases where the BIOS is stored in flash memory. The BIOS is stored in flash memory to allow for field updates and reprogramming of the BIOS.
Typically, access to the BIOS is controlled by a system controller chip or chip set. The system controller incorporates all standard PC architecture functions such as interrupt controllers, DMA controllers, and memory controllers. This access control includes a reprogramming function for modifying the flash memory as well as functions for accessing the flash memory for execution of the program contained within the BIOS.
A common approach presently used to prevent unintentional modification of a flash memory is to use a register interlock scheme where two or more registers must be written with specific values in a specific sequence to enable the reprogramming of the flash memory. An example of the current flash memory protection scheme is illustrated in FIG. 1, where a register A 2, a first key 4, a first comparator 6, a register B 8, a second key 10, a second comparator 14, and an AND gate 12. Register A 2 receives data from data path 16 when it receives a xe2x80x9cwrite enablexe2x80x9d signal on write line 18. The value of register A 2 is compared to the value of first key 4 by comparator 6. Comparator 6 generates a write enable signal to AND gate 12 if the value of register A 2 is equal to the value of first key 4. Similarly, comparator 14 compares the value contained in register B 8 and second key 10 and generates a xe2x80x9cBIOS write enablexe2x80x9d signal on signal line 20 if the value contained in register B is equal to the value contained in second key 10.
Normally, after reset of the system containing the register interlock of FIG. 1, register A 2 and register B 8 contain the value of zero. In addition, register B 8 is inaccessible to receive a value as comparator 6 outputs a logical zero to AND gate 12 as the value contained in register A 2 (i.e., zero) is not equal to the value contained in key 4 (i.e., hexadecimal number xe2x80x9c0x00AA55FFxe2x80x9d). To enable flash erasure and programming, register B 8 must contain a value of xe2x80x9c0xFF55AA00xe2x80x9d. To enable access to register B 8, register A 2 must contain a value of xe2x80x9c0x00AA55FFxe2x80x9d, as shown in FIG. 1.
Thus, to enable the reprogramming of the flash BIOS program in flash memory, register A 2 is first loaded with the value of xe2x80x9c0x00AA55FFxe2x80x9d through the use of data path 16 and write signal line 18. When register A 2 has been so configured, comparator 6 will output the xe2x80x9cwrite enablexe2x80x9d signal to AND gate 12 which will allow a subsequent write signal on write signal line 18 to configure register B 8 with the value of xe2x80x9c0xFF55AA00xe2x80x9d through the use of data path 16. When register B 8 has been so configured, comparator 14 will output a xe2x80x9cBIOS write enablexe2x80x9d signal over signal line 20 to allow the access of the flash memory (not shown) for reprogramming.
Although the scheme of writing two specific values in a specific sequence into two specific register locations reduces the probability of accidental erasure, the scheme does not prohibit intentional or mischievous erasure or reprogramming of the flash memory because the access sequence must be published in some form by the hardware developer for use by third-party BIOS program developers.
Therefore, what is needed is a protection scheme which would allow only authorized individuals to modify the flash memory. In addition, this protection scheme must allow for the protection of the flash memory without the need to provide hardware which is unique to each machine that is to be protected.
To provide for the protection of flash memory containing a program such as a Basic Input/Output System from any unauthorized reprogramming efforts, a system memory controller is included which provides a mode where the processor is restricted to accessing only the flash memory (i.e., a mode where the processor can only execute instructions from the flash memory and not from any other memory such as a main system memory or cache). This mode can be enabled or disabled by setting or clearing a control register of the system memory controller. The default mode after reset of the system would be to restrict instruction execution to the program in flash memory.
In addition, the memory controller should incorporate a set of registers that can be used to define limited regions of accessibility to memory space outside flash memory (i.e., regions in main system memory). These registers would be accessible to the processor only when the controller is operating in the restricted access mode (i.e., when the processor is executing instructions only from the flash memory). The register set will consist of one or more pairs of registers, wherein each pair would consist of a Base register and a Limit register. The Base and Limit registers would define a memory region beyond the flash memory which would be accessible to the processor when the system is operating in the restricted mode. The default value after reset would be 0 (i.e., after reset, no xe2x80x9cextendedxe2x80x9d memory access is allowed in restricted mode).
In addition, a flash memory programming register is used to enable erasure and reprogramming of flash memory. The flash memory programming register is interlocked to enable those functions only when the memory controller is operating in the restricted mode.
To reprogram a flash memory, the following procedure would be used:
1. A flash memory upgrade program containing a new flash memory image for the flash memory would be loaded into main system memory and executed. The flash memory upgrade program would incorporate a digital signature which was xe2x80x9csignedxe2x80x9d by the private key of the vendor; the digital signature being the original hash value of the flash memory upgrade program encrypted with the vendor""s private key.
2. The flash memory upgrade program would call a special function in the current program contained in the flash memory, requesting to install the new flash memory image. This call would specify the address and size of the flash memory upgrade program located in main system memory.
3. The current program would set the memory controller to operate in a restricted mode, and enable extended memory access to the portion of the system memory containing the flash memory upgrade program.
4. The current program would then verify the source and content of the flash memory upgrade program (which includes the new flash memory image) by: (a) decrypting the digital signature using the vendor""s public key stored in the current program to obtain the original hash value; (b) independently calculating a hash value for the flash memory upgrade program which is resident in main system memory; and (c) comparing the original hash value obtained from decrypting the digital signature with the independently generated hash value to find a match.
5. If the hash values match, indicating that the flash memory upgrade program contained in main memory originated from the authorized creator AND has not been modified, then the current program contained in the flash memory would enable reprogramming of the flash memory and return control of the processor to the flash memory upgrade program.
6. The flash memory upgrade program would then erase the flash memory and copy the new flash memory image into the flash memory. The new program code would contain the same special functions as the current program to allow future field upgrades, and also include a copy of the public key of the vendor. In addition, in another preferred embodiment, each subsequent version of the flash memory upgrade program can contain an updated or different key. In this other preferred embodiment, where each different version of the update program has a different key, there would be required multiple signatures, one for each key that has been previously used, to ensure that any previous version of the program can be updated without going through all revisions in between. Moreover, each update program would contain all previous keys, to ensure that the flash memory can also be xe2x80x9cdowngradedxe2x80x9d to a previous version of the program code.
7. The flash memory upgrade program, still executing from main system memory, would then transfer control of the processor to the program contained in the new flash memory image, now in flash memory, which in turn would return the memory controller to normal operation and begin its normal initialization sequence as if a reset had occurred.
The provided security scheme would not require the system to initialize in a secure mode and could be implemented after a normal initialization procedure of the system. Thus, upon reset of the system, the program located in flash memory (such as the BIOS) would gain control of the processor, set the memory controller to allow unrestricted access to the system memory, and proceed as normal. When it is desired that the program in the flash memory should be updated, execution would begin with Step 1, as indicated above, and not require that the processor or system be placed in a special mode before execution of the flash memory upgrade program.
Through the use of the above protection scheme, only the holders of the vendor""s private key could distribute software to modify the current program. The ability to disable unused memory during the flash reprogramming process prevents any code that has not been cryptographically verified from getting control of the system. In addition, extensions to the current program, which is not contained in the flash memory or the authorized memory space, would not be allowed to execute and would thus prevent xe2x80x9croguexe2x80x9d programs contained in an extension from unauthorized modification of the flash memory. The only way to subvert the security process is by altering the operation of the hardware or compromising the vendor""s private key. The fundamental integrity of the original code itself and any updates can be insured by economic and administrative means and therefore should not require any hardware support which is unique to each machine.
This invention also does not depend on the BIOS having to take control from the beginning of the boot-up process to ensure thwart unauthorized modification.
This approach to protecting sensitive registers in devices is not only used for enabling flash programming, but also for other applications where an accidental modification of a hardware register could result in serious consequences.
Other objects, features and advantages of the invention will be apparent from the accompanying drawings, and from the detailed description that follows below.