Firmware updates during limited time period
US-2015160948-A1 · Jun 11, 2015 · US
Managing update attempts by a guest operating system to a host system or device
US9349010B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9349010-B2 |
| Application number | US-201514671933-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 27, 2015 |
| Priority date | Sep 8, 2009 |
| Publication date | May 24, 2016 |
| Grant date | May 24, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: provisioning a guest operating system having non-virtualized access to at least one device of a host system; causing a counter to be updated for at least one attempted modification of configuration information for the at least one device; determining that a value of the counter does not correspond to an expected value; and performing at least one security action with respect to at least one of the host system or the at least one device, wherein the expected value is stored in a location inaccessible to the guest operating system. 2. The computer-implemented method of claim 1 , wherein the counter is integrated within the host system or a network interface card, or along a path between a Peripheral Component Interconnect (PCI) bus and the at least one device. 3. The computer-implemented method of claim 1 , further comprising: receiving, from a control plane computer system, a set of configuration information; and updating the configuration information without updating the counter. 4. The computer-implemented method of claim 1 , wherein the at least one security action includes flashing host configuration information before provisioning a subsequent guest operating system on the host system. 5. The computer-implemented method of claim 1 , further comprising: communicating with a provisioning system to transmit the expected value of the counter. 6. The computer-implemented method of claim 1 , further comprising: causing at least one second counter to be updated to a second value for each second attempted modification of second configuration information for at least one second device of the host system. 7. The computer-implemented method of claim 6 , further comprising: causing a master counter to use the value and the second value to determine a master expected value. 8. The computer-implemented method of claim 7 , wherein the master counter corresponds to a rack of servers, the rack of servers including the host system. 9. The computer-implemented method of claim 1 , further comprising: encrypting or digitally signing the expected value. 10. The computer-implemented method of claim 1 , wherein the expected value is stored in a memory location of the host system or a remote data store. 11. The computer-implemented method of claim 1 , wherein the at least one device is at least one of a central processing unit, a graphics processing unit, a disk controller, a network interface card, a PCI bus, a cryptographic card, a hardware codec, a co-processing device, a peripheral device, an input/output chipset, an element on a bus, or a data path routing component. 12. A system, comprising: a processor; memory including instructions that, upon being executed by the processor, cause the system to: provision a guest operating system having non-virtualized access to at least one device of a host system; cause a counter to be updated for at least one attempted modification of configuration information for the at least one device; determine that a value of the counter does not correspond to an expected value; and perform at least one security action with respect to at least one of the host system or the at least one device, wherein the expected value is stored in a location inaccessible to the guest operating system. 13. The system of claim 12 , wherein the counter is a monotonic counter. 14. The system of claim 12 , wherein the configuration information comprises firmware for at least one of a central processing unit, a Basic Input/Output System (BIOS), or a peripheral device. 15. The system of claim 12 , wherein the expected value is encrypted, digitally signed, or stored in a memory location of the host system or a remote data store that is inaccessible to a user of the guest operating system. 16. The system of claim 12 , wherein a user has applied an authorized modification to the configuration information, and the instructions upon being executed further cause the system to: obtain a notification from the user that the user applied the authorized modification to the configuration information; and update the expected value of the counter based on the notification. 17. The system of claim 12 , wherein the at least one security action includes at least one of re-flashing the at least one device or the host system, limiting access to the at least one device or the host system, isolating the at least one device or the host system, discontinuing a boot process of the at least one device or the host system, performing a validation process for the at least one device or the host system, provisioning the guest operating system on a second host system, resetting the at least one device or the host system, shutting down the host system, or shutting down a user network including the host system. 18. A non-transitory computer-readable storage medium storing instructions that, upon being executed by a processor, cause the processor to: provision a guest operating system having non-virtualized access to at least one device of a host system; cause a counter to be updated for at least one attempted modification of configuration information for the at least one device; determine that a value of the counter does not correspond to an expected value; and perform at least one security action with respect to at least one of the host system or the at least one device, wherein the expected value is stored in a location inaccessible to the guest operating system. 19. The non-transitory computer-readable storage medium of claim 18 , wherein the at least one device is at least one of a central processing unit, a graphics processing unit, a disk controller, a network interface card, a PCI bus, a cryptographic card, a hardware codec, a co-processing device, a peripheral device, an input/output chipset, an element on a bus, or a data path routing component. 20. The non-transitory computer-readable storage medium of claim 18 , the at least one security action includes at least one of re-flashing the at least one device or the host system, limiting access to the at least one device or the host system, isolating the at least one device or the host system, discontinuing a boot process of the at least one device or the host system, performing a validation process for the at least one device or the host system, provisioning the guest operating system on a second host system, resetting the at least one device or the host system, shutting down the host system, or shutting down a user network including the host system.
Assignees
Inventors
Classifications
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Secure boot · CPC title
Monitoring involving counting · CPC title
Monitoring arrangements specially adapted to the computing system or computing system component being monitored · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9349010B2 cover?
- Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent t…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/572. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 24 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).