The Basic Input/Output System (BIOS) of a computer is the backbone of the operation of that computer. The BIOS is programming that controls the basic hardware operations of the computer, including interaction with floppy disk drives, hard disk drives and the keyboard. Because of ever changing computer technologies, even though a computer may still be acceptable to a user, often the BIOS of that computer will not support all of the new technologies.
A conventional method for upgrading the BIOS code or image of a computer is to physically replace the Read-Only-Memory (ROM) based BIOS, which in networks systems, would entail replacing the ROM-BIOS in each processor node, which is very time consuming and adds to the overall system down-time of the network.
There have been solutions for updating a BIOS image associated with a processor without having to physically replace the ROM-BIOS at each computer in the network. For example, one solution is to provide the computer with a Flash EPROM for the BIOS, also known as a Flash BIOS. With a Flash BIOS, the BIOS image or a portion of the BIOS image can be updated by a software update. This is often performed by downloading or storing the Flash information onto a media storage device, such as a floppy disk, and using the disk at each computer to flash the BIOS. However, this is very time consuming, especially with large network systems. Further, some of the computers on the network may not have floppy drives or the proper medium transfer device.
A second method is to send the flash over the network to each computer in the network. The problem with this method is that the flash is subject to someone introducing malicious code, such as a virus, to the flash, thereby causing the BIOS to be flashed with a corrupt image.
Yet another method includes transferring the flash information from the source computer to the receiving computer, with the flash information including the flash code, the flash code instructions and an encrypted digital signature corresponding to the identification of the flash code. The sender is authenticated and then the receiving computer is operably placed in a secure mode. A hash value corresponding to the flash information is calculated, and the digital signature from the flash information is decrypted. The flash code is validated by comparing the digital signature of the flash information to the calculated hash, and if validated, the BIOS is flashed with the new flash code, the new flash code is verified, and the computer re-booted power cycled.
As a result, there is a need in the art for a more secure procedure for updating a utility within the data processing system.