Firmware runtime patch secure release process
US-2022156377-A1 · May 19, 2022 · US
Firmware version corruption attack prevention
US2022171851A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022171851-A1 |
| Application number | US-202017107467-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 30, 2020 |
| Priority date | Nov 30, 2020 |
| Publication date | Jun 2, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes detecting a change in control of a peripheral device from a first security domain to a second security domain of a computer system and in response to detecting the change in control of the peripheral device, reading a current firmware version of the peripheral device and determining whether the current firmware version of the peripheral device is trusted by the computer system. The method further includes in response to determining that the current firmware version is trusted by the computer system, providing control of the peripheral device to the second security domain.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: detecting, by a processing device, a change in control of a peripheral device from a first security domain to a second security domain of a computer system; in response to detecting the change in control of the peripheral device: reading, by the processing device, a current firmware version of the peripheral device; and determining, by the processing device, whether the current firmware version of the peripheral device is trusted by the computer system; and in response to determining that the current firmware version is trusted by the computer system, providing control of the peripheral device to the second security domain. 2 . The method of claim 1 , further comprising: detecting an initialization of the peripheral device on the computer system; and in response to detecting the initialization of the peripheral device: reading, by the processing device, the current firmware version of the peripheral device; and determining, by the processing device, whether the current firmware version of the peripheral device is trusted by the computer system. 3 . The method of claim 1 , wherein determining whether the current firmware version is trusted by the computer system comprises comparing the current firmware version to one or more certified versions of firmware associated with the peripheral device. 4 . The method of claim 3 , wherein comparing the current firmware version to the one or more certified versions of firmware associated with the peripheral device comprises comparing a hash of the current firmware version to the one or more certified versions of firmware associated with the peripheral device. 5 . The method of claim 3 , wherein comparing the current firmware version to the one or more certified versions of firmware associated with the peripheral device comprises comparing a signature included in the current firmware version to known signatures of one or more versions of firmware associated with the peripheral device trusted by the computer system. 6 . The method of claim 1 , further comprising: in response to determining that the current firmware version is trusted by the computer system, writing, by the processing device, a trusted signature to the current firmware version, wherein the trusted signature identifies the current firmware version as trusted by the computer system. 7 . The method of claim 6 , further comprising: detecting a second change in control of the peripheral device from the second security domain to a third security domain of the computer system; and determining that the current firmware version on the peripheral device includes the trusted signature; and in response to determining that the current firmware version on the peripheral device includes the trusted signature, providing control of the peripheral device to the third security domain. 8 . A system comprising: a memory; and a processing device operatively coupled to the memory, the processing device to: detect a change in control of a peripheral device from a first security domain to a second security domain of a computer system; in response to detecting the change in control of the peripheral device: read a current firmware version of the peripheral device; and determine whether the current firmware version of the peripheral device is trusted by the computer system; and in response to determining that the current firmware version is trusted by the computer system, provide control of the peripheral device to the second security domain. 9 . The system of claim 8 , wherein the processing device is further to: detect an initialization of the peripheral device on the computer system; and in response to detecting the initialization of the peripheral device: read the current firmware version of the peripheral device; and determine whether the current firmware version of the peripheral device is trusted by the computer system. 10 . The system of claim 8 , wherein to determine whether the current firmware version is trusted by the computer system the processing device is to compare the current firmware version to one or more certified versions of firmware associated with the peripheral device. 11 . The system of claim 10 , wherein to compare the current firmware version to the one or more certified versions of firmware associated with the peripheral device the processing device is to compare a hash of the current firmware version to the one or more certified versions of firmware associated with the peripheral device. 12 . The system of claim 10 , wherein to compare the current firmware version to the one or more certified versions of firmware associated with the peripheral device the processing device is to compare a signature included in the current firmware version to known signatures of one or more versions of firmware associated with the peripheral device trusted by the computer system. 13 . The system of claim 8 , wherein the processing device is further to: in response to determining that the current firmware version is trusted by the computer system, write a trusted signature to the current firmware version, wherein the trusted signature identifies the current firmware version as trusted by the computer system. 14 . The system of claim 13 , wherein the processing device is further to: detect a second change in control of the peripheral device from the second security domain to a third security domain of the computer system; and determine that the current firmware version on the peripheral device includes the trusted signature; and in response to determining that the current firmware version on the peripheral device includes the trusted signature, provide control of the peripheral device to the third security domain. 15 . A non-transitory computer-readable storage medium including instructions that, when executed by a processing device, cause the processing device to: detect, by the processing device, a change in control of a peripheral device from a first security domain to a second security domain of a computer system; in response to detecting the change in control of the peripheral device: read, by the processing device, a current firmware version of the peripheral device; and determine, by the processing device, whether the current firmware version of the peripheral device is trusted by the computer system; and in response to determining that the current firmware version is trusted by the computer system, provide control of the peripheral device to the second security domain. 16 . The non-transitory computer-readable storage medium of claim 15 , wherein the processing device is further to: detect an initialization of the peripheral device on the computer system; and in response to detecting the initialization of the peripheral device: read the current firmware version of the peripheral device; and determine whether the current firmware version of the peripheral device is trusted by the computer system. 17 . The non-transitory computer-readable storage medium of claim 15 , wherein to determine whether the current firmware version is trusted by the computer system the processing device is to compare the current firmware version to one or more certified versions of firmware associated with the peripheral device. 18 . The non-transitory computer-readable storage medium of claim 17 , wherein to compare the current firmware version to the one or more certified versions of firmware associated with the peripheral device the processing device
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Test or assess software · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022171851A1 cover?
- A method includes detecting a change in control of a peripheral device from a first security domain to a second security domain of a computer system and in response to detecting the change in control of the peripheral device, reading a current firmware version of the peripheral device and determining whether the current firmware version of the peripheral device is trusted by the computer system…
- Who is the assignee on this patent?
- Red Hat Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jun 02 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).