1. Field of the Invention
This invention relates to computing systems and, more particularly, to novel systems and methods for testing system and component vulnerability to design features and functionality.
2. Background Art
Computing systems, ranging from Systems on Chips (SoC) to multi-processor, large-scale computer complexes, typically include multiple components and devices necessary for the functioning of the system. For example, various components and devices must be initialized when a computer system is powered on or started. Typically, computer systems typically include one or more system configuration manager modules that handle basic start up and initialization of the computer systems.
In certain systems, the Basic Input-Output System (BIOS) performs the function of system configuration management. After power on or restart, the BIOS begins executing the first instructions thereof stored in the computer systems' memory. Typically, the BIOS initializes the chip set, tests and initializes system memory, initializes and tests other system components, including I/O controllers, and may test and initialize other devices, such as peripheral devices. These subsystems, components, and devices may be tested for functionality. Typically this entire process may be considered the Power-On System Test (POST) as known in the art. Eventually, the BIOS loads a boot-loader program stored in a particular location in memory or storage, such as on a fixed disc memory device, hard drive, read only memory (ROM), or the like. The boot-loader program typically loads a control program, executive or operating system into system memory and turns control over to the loaded program. The operating system then takes control of the overall computer system.
In certain embodiments, BIOS code is embodied as firmware stored in a flash memory device. This code uses configuration data to program settings that are user configurable during POST processing. Typically, BIOS configuration data is stored in some non-volatile memory device or location. Non-volatile data used during POST typically is associated with the clock, or real-time clock (RTC), as well as such temporal information as date, other time, configurations of drive systems, settings of memory, power management particulars, operating system settings, port settings, and the like.
In general, configuration data is stored in a particular space dedicated to the purpose. For example, in any “chip” or component, certain memory locations may exist. Certain of these memory locations may be referred to as registers, or the like. Likewise, the system may provide addresses (memory addresses, register addresses, or I/O port addresses) indicating a source or destination for inputs or outputs to these registers or memory locations. Such addresses may be considered part of the configuration space, often referred to as configuration registers.
The architecture of a configuration space is typically characterized by an address and an associated value. Accesses, both reads and writes, to these addresses are typically allowed to obtain or modify the values associated with these addresses. I/O port addresses typically provide access to an I/O device or component. The I/O device or component may perform some function when accesses via the I/O port address and return the value of that function to the accessor of the I/O port address.
Architectures and technical details of typical chip sets, chips, computing devices, associated components, and the like are contained in various specifications and datasheets. For example, an Intel bridge chipset is described in Intel's April 2003 datasheet for the Intel® 82801EB I/O Controller Hub 5 (ICH5)/Intel® 82801ER I/O Controller Hub 5 R (ICH5R). ICH5 is an acronym for Intel's I/O Controller Hub version 5. Furthermore, Intel's August 2008 datasheet, Intel® I/O Controller Hub 9 (ICH9) Family, for Intel's ICH9 and Intel's May 2011 Intel® 6 Series Chipset and Intel® C200 Series Chipset datasheet referred to as Intel's Q67, QM67, etc. are ICH5 progeny. Super I/O devices or components are similarly described in various specifications and datasheets. For example, the following five SMsC datasheets describe the technical details of five of SMsC's many Super I/O components: (1) FDC37C665GT Advanced High-Performance Multi-Mode Parallel Port Super I/O Floppy Disk Controllers, (2) LPC47N217 64-Pin Super I/O with LPC Interface, (3) LPC47N227 100-Pin Super I/O with LPC Interface for Notebook Applications, (4) S1010N268 Advanced Notebook I/O for ISA or LPC Designs with X-Bus Interface for I/O, Memory, and FWH Emulation and Four Serial Ports, and (5) LPC47N350 Legacy-Free Keyboard/Embedded Controller with SPI and LPC Docking Interface. Similarly, the Winbond (Nuvoton) line of Super I/O devices are described in specifications and datasheets such as, W83627DHG Winbond LPC I/O dated 10 Apr. 2007 and the LPC61 W492 Integrated Super I/O Controller for LPC Bus with Game and MIDI Ports/Plus Hardware Monitoring Functions. The latter was designed by Winbond for SMsC. ITE, another major manufacturer of Super I/O devices provides detailed technical information about ITE's components in specifications and datasheets such as, IT8705F/IT8705AF Simple Low Pin Count Input/Output (Simple LPC I/O). The above datasheets for chipsets and Super I/Os provide details of architectures, nomenclature, definitions of terms, definition of operations, and so forth. Accordingly, the foregoing references are all incorporated herein by reference and relied upon for their usage and definitions of terms of art as used by those of ordinary skill in the art. Accordingly, the usage and definitions therein are adopted hereby as the ordinary meanings of such terms within this art.
Moreover, U.S. Pat. No. 5,903,894 issued May 11, 1999 to Reneris, U.S. Pat. No. 6,112,164 issued Aug. 29, 2000 to Hobson, and U.S. Pat. No. 7,769,836 issued Aug. 3, 2010, to Bolay et al. are all useful in understanding the significant elements of such architectures, their use, action schemes, operational characteristics, features, and so forth. Again, the usage, definitions of terms, and the like found therein are adopted hereby as the ordinary meanings of such terms. All the foregoing documents and patents are hereby incorporated by reference in their entirety.
Historically, software and hardware systems include vast quantities of documentation advising users on the features, commands, protocols, communications, and so forth for interacting with such systems. Nevertheless, complex systems may have other details, not typically provided to users or purchasers, which are known or unknown to the manufacturers.
Historically, certain failures of computing devices, computing components, hardware, software or combination of hardware and software are well documented. The mode of failure is well understood, and the solution for failures is readily available. Often the problem and solution are well documented and tried.
On the other hand, in certain such systems, undocumented features, registers, addresses, data, functionality, operational instructions, commands, and the like in components of a computing device may not be documented. Likewise, computing systems have a history of periodic or random failures due to unknown causes. Furthermore, continually revising a computing device or component, as in the case of Intel's I/O Controller Hubs (ICH), may lead to the introduction of new features along with remnants of undesired features or functionality.
What is needed is a system, apparatus, and method for detecting, analyzing, correcting, documenting, and otherwise handling undocumented failure modes and causes. These failure modes and causes collectively referred to as vulnerabilities herein. For example, it would be an advance in the art to create a system, apparatus, and method for systematically analyzing and evaluating computing systems and components to determine their possible susceptibility to failures due to accidental or intentional accesses to addresses that are unknown or undocumented, or whose consequences are unknown or undocumented. Such accesses typically are the result of executed instructions or hardware's direct manipulation of one or more of the system's buses. Accesses that are possible but undocumented may be unreferenced or actually prohibited. However, if still possible, they may nevertheless have consequences.