1. Field of the Invention
The present invention relates generally to protecting a computer system and, more particularly, to protecting at least one of a BIOS, Boot Block, CMOS, and NVRAM in a computer system.
2. Background of the Related Art
This section is intended to introduce the reader to various aspects of art which may be related to various aspects of the present invention which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Computer security is becoming increasingly important in today""s environment of heavily networked computer systems. As a result, security and integrity features are becoming desirable in the use of personal computers and servers. Of particular concern is the protection of reprogrammable start up memory from unauthorized reprogramming or alteration of the computer""s non-volatile memory.
When a computer is initially turned on, the computer executes a series of instructions from a specified startup routine. The startup routine is generally referred to as the Basic Input/Output System (BIOS). The memory in which the BIOS is stored is typically small. It stores the basic software to provide for initial set up and configuration of the system and allows the system to load and execute subsequent programs. Since the configuration software must be available at startup time, the BIOS is typically stored in non-volatile memory.
In the past, the BIOS was generally stored in a read only memory device. However, it has become more common in recent years to store the BIOS routine in a reprogrammable or random access memory so that the BIOS software can be upgraded when necessary. Thus, typically the BIOS is stored in FLASH memory or a non-volatile Random Access Memory (NVRAM) to allow the contents of the BIOS to be changed. The act of changing the contents of non-volatile memory is often called xe2x80x9cflashingxe2x80x9d the memory.
A flashable BIOS may consist of two separately programmable portions, each containing identical copies of the BIOS software. To upgrade or flash the BIOS, only half of the memory is updated at one time. To update the BIOS without losing operability, the inactive half of the BIOS is overwritten first. Once the system is power cycled the second time, the system is brought up with the newly overwritten portion of the BIOS being active. Subsequently, the section containing the older BIOS routine can be updated while it is inactive. While this method of flashing the BIOS offers obvious advantages over the conventional method of upgrading the BIOS by physically replacing a memory chip, this ability to alter the BIOS creates various security risks. To prevent malicious, as well as inadvertent, reprogramming of the BIOS, various security measures are often implemented into computer systems.
The present invention may be directed to addressing one or more of the problems set forth above.
Certain aspects commensurate in scope with the disclosed embodiments are set forth below. It should be understood that these aspects are presented merely to provide the reader with a brief summary of certain forms the invention might take and that these aspects are not intended to limit the scope of the invention. Indeed, the invention may encompass a variety of aspects that may not be set forth below.
In one embodiment of the present invention, there is provided a method and apparatus for validating segments of memory in a computer system. Specifically, a Boot-Block is used to validate a BIOS and the BIOS is used to validate the Boot-Block. These validation algorithms can be implemented in conjunction with a cryptographic algorithm to provide enhanced system protection. Also, the Boot-Block and/or the BIOS may be used to validate other memory segments such as the CMOS or additional portions of the NVRAM.
In another embodiment of the present invention, there is provided a method and apparatus in which a Boot-Block may be used to validate the BIOS. This validation algorithm can be implemented in conjunction with a cryptographic algorithm to provide enhanced system protection. Also, the Boot-Block may be used to validate other memory segments such as the CMOS or additional portions of the NVRAM.
In yet another embodiment of the present invention, there is provided a method and apparatus in which the BIOS may be used to validate a Boot Block. This validation algorithm can be implemented in conjunction with a cryptographic algorithm to provide enhanced system protection. Also, the BIOS may be used to validate other memory segments such as the CMOS or additional portions of the NVRAM.