US 12,001,827 B2
System and method for system-wide firmware downgrade control
Robert T. Stevens, Austin, TX (US); Mukund P. Khatri, Austin, TX (US); and Lee E. Ballard, Georgetown, TX (US)
Assigned to Dell Products L.P, Round Rock, TX (US)
Filed by DELL PRODUCTS, LP, Round Rock, TX (US)
Filed on Jul. 27, 2020, as Appl. No. 16/939,809.
Prior Publication US 2022/0027138 A1, Jan. 27, 2022
Int. Cl. G06F 8/65 (2018.01); G06F 8/71 (2018.01); G06F 21/57 (2013.01)
CPC G06F 8/65 (2013.01) [G06F 8/71 (2013.01); G06F 21/572 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of altering firmware in an information handling system, the method comprising:
updating the firmware, wherein the information handling system is associated with a system-wide firmware downgrade security policy, and wherein the system-wide firmware downgrade security policy is stored in a storage device associated with a baseboard management controller of the information handling system;
modifying an attribute of the system-wide firmware downgrade security policy during the updating of the firmware, wherein the attribute of the system-wide firmware downgrade security policy is associated with allowing or disallowing downgrading of a release version of the firmware; and
downgrading the firmware, including:
storing a firmware image to a scratchpad, wherein the scratchpad is a non-active firmware partition, and wherein the firmware image is an older release version of the firmware;
querying the baseboard management controller for the system-wide firmware downgrade security policy in the storage device via a management communication channel;
if the downgrading of the firmware is allowed based on the attribute of the system-wide firmware downgrade security policy, then updating the non-active firmware partition to be active on boot of the information handling system; and
if the firmware image has a security vulnerability, then providing an override to allow a user to proceed with the downgrade of the firmware.