Browse Prior Art Database

Automatic Boot Block recovery if BIOS integrity is compromised

IP.com Disclosure Number: IPCOM000021318D
Original Publication Date: 2004-Jan-13
Included in the Prior Art Database: 2004-Jan-13
Document File: 1 page(s) / 61K

Publishing Venue

IBM

Abstract

Disclosed as a method to improve: - system flash corruption detection - boot block recovery process If the system does not boot after trying a certain number of times, the BIOS will scan itself and determine if it is still good. If it is not good, it will automatically reboot the system and request a flash diskette to perform boot block recovery. If the BIOS is good, it will continue POST.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 91% of the total text.

Page 1 of 1

Automatic Boot Block recovery if BIOS integrity is compromised

    Disclosed is a method to improve system flash corruption detection and boot block recovery process.

If the system does not boot after trying a certain number of times, the BIOS will scan itself and determine if it is still good. If it is not good, it will automatically reboot the system and request a flash diskette to perform boot block recovery. If the BIOS is good, it will continue POST.

When the BIOS is created, The routines in BIOS are measured using a SHA-1 hash algorithm. A table is kept in the boot block sector (which is not normally changed). This table contains a list of addresses of the code and the corresponding SHA-1 hash measurements of the code.

During normal operation the BIOS integrity check is not performed. (A proper integrity check is "very" time consuming and it is not possible to do this and meet Microsoft® quick boot time requirements.) It is only initiated when the user's system is not able to complete POST (i.e., hangs) two tries in a row. The next time the system goes through POST it will execute an integrity check of BIOS. The BIOS will be measured and compared to the SHA-1 measurements that were taken when the BIOS was compiled.

If no errors are found:

The counters are cleared The system reboots and goes through a normal POST (System board replacement is probably in order).

If an error is found:

The user is notified with a beep code. There will be a different beep code for e...