FIRMWARE CONFIGURATION INTEGRITY IDENTIFY - Technical ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Technical Disclosure Commons Defensive Publications Series April 2021 FIRMWARE CONFIGURATION INTEGRITY IDENTIFY HP INC Follow this and additional works at: https://www.tdcommons.org/dpubs_series Recommended Citation INC, HP, "FIRMWARE CONFIGURATION INTEGRITY IDENTIFY", Technical Disclosure Commons, (April 14, 2021) https://www.tdcommons.org/dpubs_series/4224 This work is licensed under a Creative Commons Attribution 4.0 License. This Article is brought to you for free and open access by Technical Disclosure Commons. It has been accepted for inclusion in Defensive Publications Series by an authorized administrator of Technical Disclosure Commons.
INC: FIRMWARE CONFIGURATION INTEGRITY IDENTIFY
Firmware Configuration Integrity Identify
Problem/Objectives
Modern computers become more and more complex, because it has lots of controllers and
processors, even sensors, integrated in a system. For example, a system may have USB PD
(Power Delivery) controller, Thunderbolt controller, Camera, Card Reader, fingerprint
Reader…etc. Each controller/processor/sensor may have its own firmware, usually, the
firmware is updatable.
Firmware Best Know Configuration (BKC) was provided by vendor. Computer already was
verified and get better quality.
Current system firmware (BIOS) has dependent with various peripheral device firmware.
Different configuration, system will get unknow behavior.
Example, Intel platform of BIOS has deep dependent with Management Engine
firmware.
Verification team always take much time to get firmware BKC information and check firmware
(BKC) status by manual.
In here, we provide automatic solution to help verification team. They can reduce verification
time and get better verification quality.
Abstract
Concept
In system firmware (BIOS) develop phase, system firmware (BIOS) source code includes various
peripheral devices firmware and configuration INF file.
A binary raw data file that includes BIOS and various peripheral device firmware name, version,
& vendor will be generate during BIOS build process.
The binary raw data will be integrated into system firmware. Like, BIOS Logo file.
A new SMBIOS type provides individual FW name, version, and vendor information.
A warning message which firmware information doesn’t match firmware BKC will display in pre‐
boot environment when system firmware is not protection.
Published by Technical Disclosure Commons, 2021 2Defensive Publications Series, Art. 4224 [2021]
An error log that firmware doesn’t match firmware BKC will always be record to support error
management software tool.
Two new WMI interface to return a binary raw data of various firmware information and error
log. It can be utility on automatic verification software tool or error management software tool.
https://www.tdcommons.org/dpubs_series/4224 3INC: FIRMWARE CONFIGURATION INTEGRITY IDENTIFY
Benefit
Automatic firmware configuration integrity identifies in pre‐boot environment.
Reduce verification time resource and get better verification quality due to no
human mistake parameter.
New WMI interface provides expandable IT management capability.
In protection BIOS, this innovation only will do error log without warning error
message. No user experience impact.
Help verification team to reduce resource and cost.
Product Drawing – BIOS Build Process
Binary raw data file
address will be
… in 16 byte alignment
FW Bin FW Bin FW Bin FW Bin
on SPI ROM
1 2 3 n
BIOS Driver
1
Collect FW information Binary Raw data
build process and generate
that Include FW Info
BIOS Driver Binary raw data file
2
BIOS SRC of Driver
Build Process
DXE Full BIOS Binary
BIOS Driver
3
…
EDK II Build Process to
generate full BIOS Binary PEI
BIOS Driver
n
Published by Technical Disclosure Commons, 2021 4Defensive Publications Series, Art. 4224 [2021]
Product Drawing – (BKC)Binary RAW Data File Format
FW version format definition:
• Individual FW owns self firmware version definition. Example: Intel ME FW has 4 filed version definition.
“11.22.33.44”
• In here, FW version utilities BCD format to describe full FW version information. Terminated with a null
“00h” byte.
• Example. Intel ME FW information. 12.34.56.AE
Product Drawing – SMBIOS Type definition
Offset Name Length Value Description
Specifies the type of structure. Types 128 through 256 (80h to FFh) are available for
00h Type Byte Varies
system‐ and OEM‐specific information
01h Length Byte 05h Specifies the length of the formatted area of the structure. String is not included.
02h Handle WORD Varies a unique 16‐bit number in the range 0 to 0FFFEh
04h FW Count Byte Varies Total firmware count
05h FW 1 Name Byte String String number of the FW 1 Name (FW version format follow page 5)
https://www.tdcommons.org/dpubs_series/4224 5INC: FIRMWARE CONFIGURATION INTEGRITY IDENTIFY
06h FW 1 Version Byte String String number of the FW 1 Version (FW version format follow page 5)
07h FW 1 Vendor Byte String String number of the FW 1 Vendor (FW version format follow page 5)
………………….. …………. ……….. ……….. ……………………….
05h + (n * 3) FW n Name Byte String String number of the FW n Name (FW version format follow page n)
06h + (n * 3) FW n Version Byte String String number of the FW n Name (FW version format follow page n)
07h + (n * 3) FW n Vendor Byte String String number of the FW n Name (FW version format follow page n)
Published by Technical Disclosure Commons, 2021 6Defensive Publications Series, Art. 4224 [2021]
Product Drawing –
Register Error through
Error Handle Manager
Protocol
Search BKC FW info start Error handler Manager
Reset pointer from SPI ROM Protocol
Read FW version through
PEI Phase Get FW info from SMBIOS
API/vendor SDK/..
Update error log from error
handle manager protocol on
DXE Phase non‐volatile memory
Save FW information into No-Present
non‐volatile variable
Compare
FW Name
Display warning message and
No
wait 30 second to get user
Check Present attachation when BIOS is
individual
f Mis-match
Compare
Yes FW version
OS
Build SMBIOS Type
Match Runtime
No
All FW
compare is
All FW check
is done or
Yes Delete Previous error log
from non‐volatile memory
Yes
Yes Check any
error log Yes
No
No Check any
previous
Disclosed by Rick Hsia, Jimmy Kuo, Tom Hung, Harry Chang, Nicholas Feng,
HP Inc.
https://www.tdcommons.org/dpubs_series/4224 7You can also read
