System and method for verifying changes to UEFI authenticated variables
US9660807B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 22, 2014 |
| Grant date | May 23, 2017 |
| Priority date | — |
| Expiry date | Sep 22, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/3297
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A mechanism for certifying that an operating system-based application has authorization to change a UEFI authenticated variable held in the system firmware is discussed. Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware. The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable. In one embodiment, the password is the system firmware password.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.