Flexible Password Protection Scheme for a C2 Security/Electrically Erasable Programmable Read Only Memory Controller
Original Publication Date: 1994-Sep-01
Included in the Prior Art Database: 2005-Mar-27
Clarke Jr, GL: AUTHOR [+5]
Disclosed is a method that allows the C2 security function within IBM PS computers to meet the security requirements of attaching to a Local Area Network (LAN) in a secured environment.
Flexible Password Protection Scheme for a C2
Erasable Programmable Read Only Memory Controller
a method that allows the C2 security function
within IBM PS computers to meet the security requirements of
attaching to a Local Area Network (LAN) in a secured environment.
Government has legislated that after January 1, 1992
all personal computers used for storing data for government purposes
must have a minimum security level of C-2. The C2 Security
controller within IBM personal computers controls a serial
Electrically Erasable Programmable Read Only Memory (EEPROM) where
the system security password, two other reserved passwords, a
flexible length password (up to 512 bytes), and the IPL sequence data
are stored. Additionally, an ID and serial number unique to a
particular system, and Vital Product Data (VPD) are also stored in
the EEPROM. The C2 Security controller provides a four pin serial
interface to talk to an external Microwire (TM National
Semiconductor) compatible EEPROM. The four pins which make up this
interface are EEPROM_CS, SERIAL_DATA_IN, SERIAL_DATA_OUT, and
SERIAL_CLK. The EEPROM provides random access to its data, so every
transfer contains two bytes which include address and command
information, and two bytes of input/output data. The address and
data transfers are paced by the SERIAL_CLK. A block diagram of the
C2 Security controller is shown in Fig. 2.
programming interface to the EEPROM Controller consists of
three sets of registers at I/O addresses '78'H through '7C'H, indexed
by bits 2 and 3 of port '7C'H. See the diagram below:
Note that the
register sets indicated by index groups
0 and 2
have been documented in prior art. The serial data stream is
written to, and read back from, the register set at index group 0.
The address and command bytes are stored in ports '0078'h and
'0079'h; the data MSByte is stored in port '007A'h and the data
LSByte is stored in port '007B'h. A command to execute the
transfer is issued to port '007C'h. Some status can be read from
port '007C'h; more status can be...