This invention relates to the field of computer systems. In particular, this invention is drawn to methods and apparatus for securing computer firmware.
In order to ensure that a computer system can be initialized to a secure context, the boot process must be secure. A computer system typically includes a processor such as a microprocessor that is designed to respond to an initialization event by initializing or resetting itself to a pre-determined state. The process of initializing the computer system is often referred to as xe2x80x9cbootingxe2x80x9d the computer system.
During the boot process, the processor executes initialization code to perform a number of initialization and security related functions. Performance of these functions is vital to ensure the security and integrity of the computer system. The initialization code is stored in nonvolatile memory to ensure availability upon application of power to the computer system. The nonvolatile memory is often modifiable to enable updating the initialization code as the computer system configuration is changed, however, any modifications should be performed within a secure context free from the ill-intentioned effects of unauthorized code such as viruses or the unintended effects of authorized code gone awry.
Without a secure context during the boot or nonvolatile memory modification process, the integrity and security of all subsequent operations may be suspect. If the boot process is insecure or if the nonvolatile memory is capable of being modified in a manner that affects the boot process, the security of the computer system is at risk. The nonvolatile memory may be left in a vulnerable state or altered such that subsequent boot processes are no longer secure. Once the security is breached, an unauthorized program may wreak havoc by destroying or modifying information and code stored in the nonvolatile memory. Alternatively, a more benign program may expose the computer system to security risks by simply preventing the computer from performing the functions vital to security during the boot process.
In view of limitations of known systems and methods, methods and apparatus for enabling a secure boot process of a computer system are described. One method of initializing a computer system depends on whether a nonvolatile memory update is in process. The computer system includes a lockable nonvolatile memory coupled to a processor having maskable address lines and a cache. When an update is in process, the nonvolatile memory is unlocked in response to the initialization event only if processor address line masking is disabled. In addition, at least a portion of the processor cache is invalidated to ensure the processor will fetch the first instruction from the nonvolatile memory.
A computer system apparatus includes a lockable nonvolatile memory and a processor having maskable address lines and a cache. Logic circuitry coupled to the nonvolatile memory and the processor prohibits unlocking of the nonvolatile memory unless address line masking is disabled. In response to an initialization event, the logic circuitry invalidates at least a portion of the processor cache, initializes the processor and unlocks the nonvolatile memory if the address line masking is disabled.
An alternative method affirmatively disables the address line masking in response to the initialization event if a nonvolatile memory update is in process. The method includes the steps of unlocking the nonvolatile memory and invalidating at least a portion of the processor cache referencing the nonvolatile memory.
An alternative embodiment of the computer system apparatus includes a lockable nonvolatile memory and a processor having maskable address lines and a cache. Logic circuitry coupled to the nonvolatile memory and the processor prohibits unlocking of the nonvolatile memory unless address line masking is disabled. The logic circuitry disables address line masking, initializes the processor, and unlocks the nonvolatile memory in response to an initialization event if a nonvolatile memory update is in process.