1. Field of the Invention
The present invention relates to a method of starting an OS (Operating System; hereinafter referred to as OS) stored in a hard disk on an information processing apparatus such as a personal computer, and an apparatus using the same, and in particular to an OS starting method capable of starting an OS based on authentication by a program in an external storage medium and protecting information (OS and other information) stored in a hard disk, and apparatus using the same.
2. Description of the Related Art
Related art references regarding an OS starting method and an apparatus using the same include: JP-A-2002-014740, JP-A-2002-222022, JP-A-2003-099147 and JP-A-2005-070968.
FIG. 4 is a block diagram showing an example of apparatus that uses the related art OS starting method. In FIG. 4, a numeral 1 represents input section for inputting information into the apparatus such as a keyboard, an operation button and a touch panel, a numeral 2 represents control section such as a CPU (Central Processing Unit) and an MPU (Micro Processing Unit), a numeral 3 represents display section such as a CRT (Cathode Ray Tube) and an LCD (Liquid Crystal Display), a numeral 4 represents storage section such as a flash memory into which BIOS (Basic Input Output System) is stored, and a numeral 5 represents storage section such as a hard disk into which an OS and various information is stored. The numerals 1, 2, 3, 4 and 5 constitute a computer 50.
Output of the input section 1 is connected to the control section 2. A display signal from the control section 2 is connected to the display section 3. The storage section 4 and the storage section 5 are respectively interconnected with the control section 2.
Operation in the related art example shown in FIG. 4 is described by referring to FIGS. 5 and 6. FIG. 5 is a flowchart explaining the operation of the control section 2. FIG. 6 is an explanatory drawing explaining the details of an OS stored in the storage section 5.
As an initial state the BIOS is stored in the storage section 4 (flash memory) as shown by “BI01” in FIG. 4. As shown by “OS01” in FIG. 4, the OS is stored in the storage section 5 (hard disk).
In “S001” in FIG. 5, the control section 2 determines whether power is turned on. When it has determined that power is turned on, the control section 2 starts the BIOS stored in the storage section 4 (to be more specific, loads and executes the BIOS; hereinafter simply referred to as “starts the BIOS”) in “S002” in FIG. 5, and conducts an initial test when the power is turned on and searches for a boot device that can be started.
In “S003” in FIG. 5, the control section 2 starts the MBR (Master Boot Record) that is a first sector of the first found boot device (to be more specific, loads and executes the program stored in the MBR; hereinafter referred to as “starts the MBR”), starts the boot loader of the OS (to be more specific, loads and execute the boot loader; hereinafter simply referred to as “starts the boot loader”), and starts the OS (to be more specific, loads and executes the OS; hereinafter simply referred to as “starts the OS”).
In the hard disk (as the storage section 5) shown by “HD11” in FIG. 6, the MBR indicated by “MB11” in FIG. 6 and the OS indicated by “OS11” are stored. The control section 2 starts the MBR, the boot loader of the OS, and the OS.
As a result, when power is turned on, the control section 2 starts the BIOS and searches for a boot device that can be started. The MBR at a first sector of the found boot device is started, the boot loader of the OS is started, and the OS is started. This makes it possible to start the OS stored in the storage section 5 (hard disk) of the computer 50 that is an information processing apparatus.
In the related art example shown in FIG. 4, when authentication is made for security assurance before the OS is started, some sort of action should be taken with regards to the storage section 5 (hard disk) where the BIOS or the OS is stored.
For example, by adding a function to the program stored in the MBR of the boot device in the hard disk so that the starting of the OS is inhibited until authentication before booting is successful, authentication before starting the OS is made possible. However, when the hard disk is recognized as a slave hard disk of another computer, there exists a problem that the information in the hard disk can be easily analyzed.
For example, the entire hard disk may be encrypted to supplement the addition of authentication to the MBR in order to ensure security. To implement this function, it is necessary to develop a hard disk driver for each OS, and dependence on the OS and hardware leads to lower performance or failure to encrypt the entire hard disk.
Furthermore, for example, it is possible to add to the BIOS an authentication function for before starting the OS as well as locking the hard disk itself with ATA (AT Attachment) security command of IDE (Integrated Drive Electronics), thereby providing security.
FIG. 7 is a flowchart explaining the operation of the control section 2 during initialization authentication by the BIOS. As an initial state, it is assumed that the hard disk is set to the locked state by the ATA security command.
In “S101” in FIG. 7, the control section 2 determines whether power is turned on. When it has determined that power is turned on, the control section 2 starts the BIOS stored in the storage section 4 and makes the display section 3 display a password input screen.
In “S103” in FIG. 7, the control section 2 determines whether the password input from the input section 1 matches a preset password. When the control section 2 has determined that the passwords do not match, execution returns to “S102” in FIG. 7.
When the control section 2 has determined that the passwords match in “S103” in FIG. 7, the control section 2 unlocks the locked state of the hard disk by using the ATA security command, in “S104” in FIG. 7. In “S005” in FIG. 7, the control section 2 starts the MBR of the unlocked hard disk, the boot loader of the OS, and the OS.
Thus, it is impossible to read the information in the hard disk until the entire hard disk is unlocked by the ATA security command during authentication during initialization of the OS. This provides security.
This approach is unavailable to a computer that mounts BIOS without an authentication function during initialization of the OS. To make this approach available, a process is required wherein the BIOS is re-written to include an authentication function during initialization of the OS, or the like.
The authentication is BIOS-based, so physical authentication using an external storage medium is unavailable. When a password has been leaked or a password is cracked, the information in the hard disk cannot be protected.