公开(公告)号：US11436333B2

公开(公告)日：2022-09-06

申请号：US16378068

申请日：2019-04-08

Applicant: Cisco Technology, Inc.

Inventor： Chandan Singh ,  Chandrashekar Sodankoor ,  Chirag Shroff ,  Gregory James Waldschmidt

IPC: G06F9/4401 ,  G06F21/57 ,  G06F8/65

Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.

公开(公告)号：US20200320200A1

公开(公告)日：2020-10-08

申请号：US16378068

申请日：2019-04-08

Applicant: Cisco Technology, Inc.

Inventor： Chandan Singh ,  Chandrashekar Sodankoor ,  Chirag Shroff ,  Gregory James Waldschmidt

IPC: G06F21/57 ,  G06F8/65 ,  G06F9/4401

Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.