1. Technical Field
The present invention relates in general to data processing systems and in particular, to securing access to data in nonvolatile memory. More particularly, the present invention relates to a secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory.
2. Description of the Related Art
Firmware is software codes that generally reside in a piece of hardware and are responsible for an integral portion of the hardware function and are generally treated as being a component of the hardware. Typically, firmware is stored as binary information in some form of nonvolatile memory component, in which binary can be represented in hexadecimal, octal and other number bases. The components of firmware may be executable programs, such as power-on self test (POST), Basic Input/Output Software (BIOS), configuration utilities, etc., or it may be data tables, e.g., a description of the geometry of a hardfile, register values to use with a universal asynchronous receiver-transmitter (UART) to produce different baud rates, etc. Firmware is typically stored in a special type of memory chip that doesn""t lose its storage capabilities when power is removed or lost. Examples of nonvolatile storage devices used for storing firmware include ROMs, PROMs, EPROMs and EEPROMs. ROMs (read only memories) are programmed at the xe2x80x9cfactory,xe2x80x9d i.e., by the ROM manufacturer utilizing information provided by a customer. PROMs (programmable read only memories) are programmed by a technician utilizing a programming console. Once a ROM or a PROM is programmed, the firmware it contains cannot be changed. To update the firmware, the ROM or PROM must be physically removed from the device and replaced with a new ROM or PROM that contains the upgraded firmware. Improvements in memory device technologies have rendered variations of the PROM, such as erasable programmable read only memory (EPROM), which may be erased and reprogrammed after removing the device from a circuit, and electrically erasable programmable read only memory (EEPROM) devices, which can be erased utilizing electrical signals without the need to remove them from a circuit. These EEPROM devices are commonly implemented using xe2x80x9cflashxe2x80x9d memory devices.
A computer system""s, such as a personal computer (PC), system BIOS is routinely stored in flash memory rather than a basic ROM to allow the BIOS to be more easily updated should the need arise. All products generally experience a number of firmware revisions that correct firmware defects, compensate for hardware or operating system errors or introduce new features. However, the ability to update the system BIOS without having to remove the memory device that it resides in from the system has created opportunities for denial of service and other xe2x80x9cattacksxe2x80x9d by unauthorized entities. For example, an unauthorized user may erase the flash memory resulting in an inoperable device or may replace the existing BIOS with a modified BIOS that circumvents user authentication and data protection mechanisms. Conventional approaches to protecting the flash memory from unauthorized access may utilize a processor""s general purpose input/output (GPIO) terminals to block the write signal to the flash memory or utilize the GPIO to control a write protect input to the flash memory device. While these protection schemes do provide some level of protection, a determined individual, such as a hacker, can identify the particular GPIO utilized to block access to the flash memory and simply configure the GPIO to the state which will allow access to the flash memory.
Accordingly what is needed in the art is an improved access security scheme that mitigates the limitations discussed above. More particularly, what is needed in the art is a secure write access blocking circuit that generates an unmaskable interrupt when write access is enabled.
To address the above discussed deficiencies in the prior art, and in accordance with the invention as embodied and broadly described herein, a secure write blocking circuit is disclosed. The secure write blocking circuit includes enable and disable block input terminals coupled to a blocking circuit. The blocking circuit, such as a set/reset latch in a preferred embodiment, generates a block signal to prevent write access to a nonvolatile memory device, such as flash memory, in response to signals provided to the enable and disable input terminals. The secure write blocking circuit also includes an interrupt generator, coupled to the disable block input terminal, that generates an interrupt signal in response to a signal at the disable input terminal. In a related embodiment the secure write blocking circuit also includes a logic circuit, coupled to the blocking circuit, that receives the block signal and a write enable signal and in response thereto generates a control signal to a write enable input of the nonvolatile memory device.
The foregoing description has outlined, rather broadly, preferred and alternative features of the present invention so that those skilled in the art may better understand the detailed description of the invention that follows. Additional features of the invention will be described hereinafter that form the subject matter of the claims of the invention. Those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiment as a basis for designing or modifying other structures for carrying out the same purposes of the present invention. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the invention in its broadest form.