U.S. patent application number 13/721080 was filed with the patent office on 2013-12-19 for electronic device and method for verifying firmware of the electronic device.
This patent application is currently assigned to HON HAI PRECISION INDUSTRY CO., LTD.. The applicant listed for this patent is Hon Hai Precision Industry Co., Ltd.. Invention is credited to YU-CHEN HUANG.
Application Number | 20130339713 13/721080 |
Document ID | / |
Family ID | 49757069 |
Filed Date | 2013-12-19 |
United States Patent
Application |
20130339713 |
Kind Code |
A1 |
HUANG; YU-CHEN |
December 19, 2013 |
ELECTRONIC DEVICE AND METHOD FOR VERIFYING FIRMWARE OF THE
ELECTRONIC DEVICE
Abstract
In a method for verifying firmware of an electronic device, the
electronic device includes a baseboard management controller (BMC)
for storing a BMC firmware, and a basic input-output system (BIOS)
for storing a BIOS firmware. The method writes a first verification
code into the BMC firmware, and writes a second verification code
into the BIOS firmware. The method writes the BMC firmware into the
BMC, and writes the BIOS firmware into the BIOS. The method further
triggers the electronic device to power off if the first
verification code of the BMC firmware is not identical to the
second verification code of the BIOS firmware, and boots an
operating system of the electronic device if the first verification
code of the BMC firmware is identical to the second verification
code of the BIOS firmware.
Inventors: |
HUANG; YU-CHEN; (New Taipei,
TW) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Industry Co., Ltd.; Hon Hai Precision |
|
|
US |
|
|
Assignee: |
HON HAI PRECISION INDUSTRY CO.,
LTD.
New Taipei
TW
|
Family ID: |
49757069 |
Appl. No.: |
13/721080 |
Filed: |
December 20, 2012 |
Current U.S.
Class: |
713/2 |
Current CPC
Class: |
G06F 21/572
20130101 |
Class at
Publication: |
713/2 |
International
Class: |
G06F 21/57 20060101
G06F021/57 |
Foreign Application Data
Date |
Code |
Application Number |
Jun 18, 2012 |
TW |
101121700 |
Claims
1. An electronic device, comprising: a baseboard management
controller (BMC) storing BMC firmware; a basic input-output system
(BIOS) storing BIOS firmware; a storage device, and at least one
processor; and one or more modules that are stored in the storage
device and executed by the at least one processor, the one or more
modules comprising: a first writing module that writes a first
verification code into the BMC firmware, and writes a second
verification code into the BIOS firmware; a second writing module
that writes the BMC firmware into the BMC, and writes the BIOS
firmware into the BIOS; a first verification module verifies
whether the first verification code of the BMC firmware is
identical to the second verification code of the BIOS firmware when
the electronic device starts a power-on self-test; and a triggering
module that triggers the electronic device to power off if the
first verification code of the BMC firmware is not identical to the
second verification code of the BIOS firmware, and boots an
operating system of the electronic device if the first verification
code of the BMC firmware is identical to the second BIOS code of
the BIOS firmware.
2. The electronic device according to claim 1, wherein the
triggering module further triggers a system management interrupt
(SMI) at a time interval after the operating system of the
electronic device is booted.
3. The electronic device according to claim 2, wherein the one or
more modules further comprises: a second verification module that
verifies whether the first verification code of the BMC firmware is
identical to the second verification code of the BIOS firmware when
the SMI of the electronic device is triggered.
4. The electronic device according to claim 3, wherein the one or
more modules further comprises: a halt module that halts all input
and output ports of the electronic device to protect data of the
electronic device and triggers an alarm generator of the electronic
device to generate an alarm message, if the first verification code
of the BMC firmware is not identical to the second verification
code of the BIOS firmware.
5. The electronic device according to claim 1, wherein the first
verification code is a binary code of a version number of the BMC
firmware.
6. The electronic device according to claim 5, wherein the second
verification code is predefined the same as the first verification
code when the second verification code is written into the BIOS
firmware.
7. A method for verifying firmware of an electronic device, the
method comprising: writing a first verification code into a
baseboard management controller (BMC) firmware, and writing a
second verification code into a basic input-output system (BIOS)
firmware; writing the BMC firmware into a BMC of the electronic
device, and writing the BIOS firmware into a BIOS of the electronic
device; verifying whether the first verification code of the BMC
firmware is identical to the second verification code of the BIOS
firmware when the electronic device starts a power-on self-test;
triggering the electronic device to power off if the first
verification code of the BMC firmware is not identical to the
second verification code of the BIOS firmware; and booting an
operating system of the electronic device if the first verification
code of the BMC firmware is identical to the second BIOS code of
the BIOS firmware.
8. The method according to claim 7, further comprising: triggering
a system management interrupt (SMI) at a time interval after the
operating system of the electronic device is booted.
9. The method according to claim 8, further comprising: verifying
whether the first verification code of the BMC firmware is
identical to the second verification code of the BIOS firmware when
the SMI of the electronic device is triggered.
10. The method according to claim 9, further comprising: halting
all input and output ports of the electronic device to protect data
of the electronic device and triggering an alarm generator of the
electronic device to generate an alarm message, if the first
verification code of the BMC firmware is not identical to the
second verification code of the BIOS firmware.
11. The method according to claim 7, wherein the first verification
code is a binary code of a version number of the BMC firmware.
12. The method according to claim 11, wherein the second
verification code is predefined the same as the first verification
code when the second verification code is written into the BIOS
firmware.
13. A non-transitory computer-readable storage medium having stored
thereon instructions, when executed by a processor of an electronic
device, causes the processor to perform a method for verifying
firmware of the electronic device, the method comprising: writing a
first verification code into a baseboard management controller
(BMC) firmware, and writing a second verification code into a basic
input-output system (BIOS) firmware; writing the BMC firmware into
a BMC of the electronic device, and writing the BIOS firmware into
a BIOS of the electronic device; verifying whether the first
verification code of the BMC firmware is identical to the second
verification code of the BIOS firmware when the electronic device
starts a power-on self-test; triggering the electronic device to
power off if the first verification code of the BMC firmware is not
identical to the second verification code of the BIOS firmware; and
booting an operating system of the electronic device if the first
verification code of the BMC firmware is identical to the second
BIOS code of the BIOS firmware.
14. The storage medium according to claim 13, wherein the method
further comprises: triggering a system management interrupt (SMI)
at a time interval after the operating system of the electronic
device is booted.
15. The storage medium according to claim 14, wherein the method
further comprises: verifying whether the first verification code of
the BMC firmware is identical to the second verification code of
the BIOS firmware when the SMI of the electronic device is
triggered.
16. The storage medium according to claim 15, wherein the method
further comprises: halting all input and output ports of the
electronic device to protect data of the electronic device and
triggering an alarm generator of the electronic device to generate
an alarm message, if the first verification code of the BMC
firmware is not identical to the second verification code of the
BIOS firmware.
17. The storage medium according to claim 13, wherein the first
verification code is a binary code of a version number of the BMC
firmware.
18. The storage medium according to claim 17, wherein the second
verification code is predefined the same as the first verification
code when the second verification code is written into the BIOS
firmware.
Description
BACKGROUND
[0001] 1. Technical Field
[0002] Embodiments of the present disclosure relate to electronic
devices and methods for protecting data of the electronic device,
and more particularly to an electronic device and a method for
verifying firmware of the electronic device.
[0003] 2. Description of Related Art
[0004] An electronic device usually uses an anti-virus software to
protect against computer viruses only after booting an operating
system of the electronic device. However, before the operating
system of the electronic device is booted, a vicious user or a
hacker may run a non-authorized baseboard management controller
(BMC) firmware or a non-authorized basic input-output system (BIOS)
firmware on the electronic device, which may make data of the
electronic device to be exposed to a high level of risk.
BRIEF DESCRIPTION OF THE DRAWINGS
[0005] FIG. 1 is a block diagram of one embodiment of an electronic
device including a firmware verification system.
[0006] FIG. 2 is a block diagram of one embodiment of function
modules of the firmware verification system in FIG. 1.
[0007] FIG. 3 is a flowchart of one embodiment of a method for
verifying firmware of an electronic device.
DETAILED DESCRIPTION
[0008] In general, the word "module", as used herein, refers to
logic embodied in hardware or firmware, or to a collection of
software instructions, written in a programming language, such as,
Java, C, or assembly. One or more software instructions in the
modules may be embedded in firmware, such as in an EPROM. The
modules described herein may be implemented as either software
and/or hardware modules and may be stored in any type of
non-transitory computer-readable storage medium or other storage
device. Some examples of the non-transitory computer-readable
storage medium include CDs, DVDs, BLU-RAY, flash memory, and hard
disk drives.
[0009] FIG. 1 is a block diagram of one embodiment of an electronic
device 1 including a firmware verification system 10. In the
embodiment, the electronic device 1 further includes, but is not
limited, a storage device 12, at least one processor 14, a
baseboard management controller (BMC) 16, a basic input-output
system (BIOS) 18, and an alarm generator 20. FIG. 1 is only one
example of the electronic device 1, other examples may include more
or fewer components than those shown in the embodiment, or have a
different configuration of the various components.
[0010] The storage device 12 may include any type(s) of
non-transitory computer-readable storage medium, such as a hard
disk drive, a compact disc, a digital video disc, or a tape drive.
In the embodiment, the storage device 12 stores computerized codes
of the firmware verification system 10.
[0011] The at least one processor 14 may include a processor unit,
a microprocessor, an application-specific integrated circuit, and a
field programmable gate array, for example.
[0012] The BMC 16 stores a BMC firmware including a first
verification code, and the BIOS 18 stores a BIOS firmware including
a second verification code. In the embodiment, the first
verification code may be a binary code of a version number of the
BMC 16, for example, the version number of the BMC firmware is "1"
that can be converted into a binary code of "0001". The second
verification code may be predefined the same as the first
verification code for verifying firmware of the electronic device
1.
[0013] The alarm generator 20 generates an alarm message when the
first verification code of the BMC firmware is identical to the
second verification code of the BIOS firmware. In the embodiment,
the alarm message may be au audio message or a message to prompt
the user that the electronic device 1 may be attacked by a vicious
user or a hacker.
[0014] In one embodiment, the firmware verification system 10
includes a plurality of function modules (see FIG. 2 below), which
include computerized codes or instructions that can be stored in
the storage device 12 and executed by the at least one processor 14
to provide a method for verifying a firmware of the electronic
device 1.
[0015] FIG. 2 is a block diagram of one embodiment of the firmware
verifying system 10 included in the electronic device 1. In one
embodiment, the firmware verifying system 10 may include a first
writing module 100, a second writing module 102, a first
verification module 104, a triggering module 106, a second
verification module 108, and a halt module 110. The modules may
comprise computerized codes in the form of one or more programs
that are stored in the storage device 12 and executed by the at
least one processor 14 to provide functions for implementing the
modules. The functions of the function modules 100-110 are
illustrated in FIG. 3 and described below.
[0016] FIG. 3 illustrates a flowchart of one embodiment of a method
for verifying firmware of the electronic device 1. Depending on the
embodiment, additional steps may be added, others removed, and the
ordering of the steps may be changed.
[0017] In step S10, the first writing module 100 writes a first
verification code into a BMC firmware, and writes a second
verification code into a BIOS firmware. In the embodiment, the
verification code may be a binary code of a version number of the
BMC 16, for example, the version number of the BMC firmware is "1"
which is converted to a binary code of "0001". The second
verification code may be predefined the same as the first
verification code when the second verification code is written into
the BIOS firmware.
[0018] In step S11, the second writing module 102 writes the BMC
firmware into the BMC 16, and writes the BIOS firmware into the
BIOS 18 of the electronic device 1.
[0019] In step S12, the first verification module 104 verifies
whether the first verification code of the BMC firmware is
identical to the second verification code of the BIOS firmware when
the electronic device 1 starts a power-on self-test. In the
embodiment, the first verification module 104 determines that the
BMC firmware or the BIOS firmware may have been substituted by a
non-authorized BMC firmware or a non-authorized BIOS firmware if
the first verification code is not identical to the second
verification code. The first verification module 104 determines
that the BMC firmware or the BIOS firmware is not substituted by
the non-authorized BMC firmware or the non-authorized BIOS firmware
if the first verification code is identical to the second
verification code.
[0020] In step S13, the triggering module 106 triggers the
electronic device 1 to power off if the first verification code of
the BMC firmware is not identical to the second verification code
of the BIOS firmware.
[0021] In step S14, the triggering module 106 boots an operating
system (e.g., a WINDOWS OS) of the electronic device 1 if the first
verification code of the BMC firmware is identical to the second
verification code of the BIOS firmware.
[0022] In step S15, the triggering module 106 triggers a system
management interrupt (SMI) at a time interval after the operating
system of the electronic device 1 is booted. In the embodiment, the
time interval may be predefined as a time period according to user
requirements, such as 30 minutes.
[0023] In step S16, the second verification module 108 verifies
whether the first verification code of the BMC firmware is
identical to the second verification code of the BIOS firmware when
the SMI of the electronic device 1 is triggered. The step S16 is to
protect the electronic device 1 against hackers who may run the
non-authorized BMC firmware or the non-authorized BIOS firmware on
the electronic device 1 after the booting of the operating system
of the electronic device 1.
[0024] In step S17, the halt module 110 halts all input and output
ports of the electronic device 1 to protect data of the electronic
device 1 and triggers the alarm generator 20 to generate an alarm
message, if the verification code of the BMC firmware is not
identical to the second verification code of the BIOS firmware . In
the embodiment, the alarm message may be au audio message or a
message for prompting the user that the electronic device 1 may be
attacked by a vicious user or a hacker.
[0025] As described above, from the step S10 to the step S17, the
data of the electronic device 1 can be protected against a
non-authorized BMC firmware or a non-authorized BIOS firmware by
verifying the BMC firmware stored in the BMC 16 and the BIOS
firmware stored in the BIOS 18 of the electronic device 1.
[0026] Although certain embodiments of the present disclosure have
been specifically described, the present disclosure is not to be
construed as being limited thereto. Various changes or
modifications may be made to the present disclosure without
departing from the scope and spirit of the present disclosure.
* * * * *