| CPC G06F 21/572 (2013.01) [G06F 8/65 (2013.01); G06F 21/575 (2013.01)] | 20 Claims |
|
1. A method for updating SPI firmware at runtime on a computing device that includes a CPU with multiple cores using a secure SPI flash access domain, the method comprising:
selecting, during pre-boot, a first core from the multiple cores of the CPU;
creating, during pre-boot, a first secure access token for the first core using an identifier of the first core;
causing, during pre-boot, a relocation and memory remap module and a SPI memory layout module to remain available during runtime, the SPI memory layout module storing the first secure access token;
creating, during pre-boot, an affinity between the relocation and memory remap module and the first core to thereby cause the relocation and memory remap module to be executed on the first core during runtime;
receiving, at runtime, a SPI firmware update in virtual address space of an operating system;
in response to receiving the SPI firmware update in the virtual address space and the relocation and memory remap module being loaded on the first core to process the SPI firmware update, creating, during runtime and by the relocation and memory remap module, a second secure access token using the identifier of the first core;
providing, during runtime and by the relocation and memory remap module, the second token to the SPI memory layout module;
comparing, during runtime and by the SPI memory layout module, the second token to the first token to confirm that the first core and the relocation and memory remap module executing on the first core are trusted; and
relocating, during runtime and by the relocation and memory remap module, the SPI firmware update from the virtual address space to SPI flash.
|