1. Field of the Invention
The present invention relates in general to data processing systems and, in particular, to a data processing system and method for maintaining security while booting the data processing system. Still more particularly, the present invention relates to a data processing system and method for password protecting the boot of the data processing system.
2. Description of the Related Art
A typical personal computer (PC) system includes a central processing unit (CPU), volatile and non-volatile memory, a display, a keyboard, one or more disk drives, a CD-ROM drive, a pointing device such as a mouse, and an optional network interface card. One of the distinguishing characteristics of PCs is the use of a motherboard or system planar to electrically interconnect these components. Commercially available examples of PCs include the Aptiva™ and Thinkpad™ series of computers available from International Business Machines of Armonk, N.Y.
The startup software of a conventional PC includes Power-On Self-Test (POST) software to initialize the system components and Basic Input/Output System (BIOS) software to interface the keyboard, mouse and other peripherals. The BIOS software includes a configuration routine that permits a user to select an order in which potential boot devices are checked by the BIOS at startup for an operating system (OS), as well as an OS loader routine that loads the OS from the boot device. For currently available PCs, the list of potential boot devices is generally limited to the hard disk, floppy disk and CD-ROM drives and, optionally, the network interface card.
When unattended, a conventional PC is vulnerable to use by unauthorized user to access confidential information either stored within the PC itself or accessible to the PC through a network. Conventional operating system password protection is relatively ineffective in preventing unauthorized use of a PC because, absent some security mechanism, an unauthorized user can simply use the BIOS configuration routine to select a boot device of choice (e.g., a floppy disk or CD-ROM drive) and boot the PC from the selected boot device utilizing the unauthorized user's own software.
In view of such security concerns, some PCs implement password protection for the BIOS configuration routine so that an unauthorized user cannot change the order in which devices are checked by BIOS for an operating system. Thus, if an operating system is detected on the hard disk drive, an unauthorized user cannot boot the PC from a floppy disk or CD-ROM. The security of a PC may alternatively or additionally be enhanced, as discussed in the above-referenced co-pending application, by requiring a user to enter a password before certain classes of devices can be accessed as a boot device. If necessary, security can be even further enhanced by providing an alarm or lock mechanism to deter removal or opening of the cabinet housing of the PC. Such additional security enhancements deter an unauthorized user from removing the hard disk drive, which may be password protected, and substituting an unprotected hard disk drive in order to gain access to the PC.
The foregoing security precautions have proven effective in preventing an unauthorized user from booting PCs that contain all possible boot devices within their cabinet housing. However, the introduction of new computer interfaces has raised new concerns regarding boot security. For example, the Universal Serial Bus (USB) provides a user accessible interface outside of the cabinet housing of a PC that permits attachment of a large number of peripheral devices. The current commercial USB implementation (i.e., USB 1.1) restricts the devices that may be attached to the USB to fairly low data rate devices, such as printers, cameras, scanners, and floppy disk drives. Because a USB floppy disk drive typically replaces an in-chassis floppy disk drive in the BIOS-defined boot order, existing security mechanisms, such as password protection of the BIOS configuration routine, prevent an unauthorized user from accessing a PC by attaching the user's own USB floppy disk drive and booting from a floppy disk.
However, the present invention recognizes that emerging peripheral connection technologies such as USB 2.0 support much higher data rates and therefore again make a PC vulnerable to unauthorized booting from a USB 2.0 hard disk drive or CD-ROM drive. For example, if a user has a PC that is configured to boot from a USB 2.0-compliant hard disk drive (which may even be password protected), it is a trivial exercise for an unauthorized user to connect his own hard disk drive in lieu of the password protected hard disk drive and access the PC. Moreover, such unauthorized access would be difficult to detect because none of the conventional tamper detection mechanisms would be triggered by swapping USB devices.
Therefore a need exists for a data processing system and method for providing security that prevent an unauthorized boot of a computer.