-
公开(公告)号:US20200272738A1
公开(公告)日:2020-08-27
申请号:US16281527
申请日:2019-02-21
Applicant: Cisco Technology, Inc.
Inventor: Chirag Kiritkumar Shroff , Dylan Thomas Walker , Gregory Michael Schnorr , Gregory James Waldschmidt
Abstract: A firmware protection module implements a hybrid firmware protection scheme on a computing device. The firmware protection module intercepts a message from a processor to a memory of the computing device. The message includes a command and an address in the memory corresponding to a firmware module stored in the module. The firmware protection module determines whether the command in the message is prohibited and whether the address in the message is protected. Responsive to a determination that the command is prohibited and the address is protected, the firmware protection module prevents at least a portion of the message from reaching the memory.
-
公开(公告)号:US11436333B2
公开(公告)日:2022-09-06
申请号:US16378068
申请日:2019-04-08
Applicant: Cisco Technology, Inc.
Inventor: Chandan Singh , Chandrashekar Sodankoor , Chirag Shroff , Gregory James Waldschmidt
IPC: G06F9/4401 , G06F21/57 , G06F8/65
Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.
-
公开(公告)号:US11580226B2
公开(公告)日:2023-02-14
申请号:US16281527
申请日:2019-02-21
Applicant: Cisco Technology, Inc.
Inventor: Chirag Kiritkumar Shroff , Dylan Thomas Walker , Gregory Michael Schnorr , Gregory James Waldschmidt
Abstract: A firmware protection module implements a hybrid firmware protection scheme on a computing device. The firmware protection module intercepts a message from a processor to a memory of the computing device. The message includes a command and an address in the memory corresponding to a firmware module stored in the module. The firmware protection module determines whether the command in the message is prohibited and whether the address in the message is protected. Responsive to a determination that the command is prohibited and the address is protected, the firmware protection module prevents at least a portion of the message from reaching the memory.
-
公开(公告)号:US20200320200A1
公开(公告)日:2020-10-08
申请号:US16378068
申请日:2019-04-08
Applicant: Cisco Technology, Inc.
Inventor: Chandan Singh , Chandrashekar Sodankoor , Chirag Shroff , Gregory James Waldschmidt
IPC: G06F21/57 , G06F8/65 , G06F9/4401
Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.
-
-
-
Search Results
4
records
(took 0.033 seconds)
