System firmware, for example, basic input/output system (BIOS) or core system software code is typically maintained within a non-volatile memory of a corresponding electronic device, for example, a desktop computer, laptop computer, personal digital assistant (PDA), set top boxes, servers, point-of-sale (POS) devices, automated teller machines (ATMs), wireless communication devices, for example, cellular telephones and other suitable devices and combinations thereof. The system firmware is operative to recognize and initialize the hardware subsystems and components of the electronic device and transfer control of the electronic device to an applicable operating system, upon completion of the initialization process. During the initialization process, sometimes referred to as the power on self test (POST) process, the electronic device retrieves firmware from a predetermined location within the non-volatile memory and loads it into the system memory, commonly referred to as Random Access Memory or RAM. The initialization process ultimately transfers device control to the operating system.
The firmware is typically written to a section of non-volatile memory of the electronic device, such as flash memory, during the manufacturing process. During this process the non-volatile memory must necessarily be write-enabled. A typical, though not exclusive manufacturing process, could include, for example, the assembly of various components of an electronic device, including a non-volatile memory. The non-volatile memory could be loaded with a baseline version of firmware such that the assembled electronic device would be capable of functioning (e.g. have code instructions from memory executed by a processor, with input and output functions operable for the device to communicate with a user). However, the baseline firmware may or may not be the final production version, complete with all code and data intended for final production of the electronic device. Firmware includes executable code as well as data. One piece of data may include a platform identification or platform ID that is a unique identifier of the specific platform or assembly of the electronic device. Such data as well as updates or modifications of the executable code of the firmware may need to be added to the non-volatile memory in order to arrive at the final production version of the firmware.
It is therefore desirable to allow certain untrusted code or code that is not part of the firmware, to have access and write privileges to portions of the non-volatile memory during a manufacturing phase of the electronic device to update firmware executable code, data, platform IDs, etc. However, after the manufacturing phase, when the electronic device is in production phase, for example, when it is transferred to or otherwise under the control of an end-user, it is desirable to have portions or sectors of the non-volatile memory write-protected before any untrusted code is executed. Protecting the non-volatile memory, in part, helps secure and protect the operational integrity of the electronic device.
A conventional method for determining whether firmware is in its final or production state in the non-volatile memory is to have the system initialization procedure check for a specific hardware jumper on the electronic device. If the hardware jumper is in place, then the system assumes that the proper firmware is resident in the non-volatile memory and proceeds through the boot sequence using the resident firmware. The hardware jumper should thus only be placed on the electronic device at a point in the manufacturing process at which the production version of firmware, including for example, the final executable code version, as well as any data such as unique platform identification data or other such data, has been loaded into the non-volatile memory. A drawback associated with the aforementioned process is that it requires the extra manufacturing step of setting a hardware jumper, as well as using up valuable real estate for that physical jumper on the electronic device.