CPC G06F 8/65 (2013.01) [G06F 8/71 (2013.01); G06F 21/572 (2013.01); G06F 2221/033 (2013.01)] | 20 Claims |
1. A method of altering firmware in an information handling system, the method comprising:
updating the firmware, wherein the information handling system is associated with a system-wide firmware downgrade security policy, and wherein the system-wide firmware downgrade security policy is stored in a storage device associated with a baseboard management controller of the information handling system;
modifying an attribute of the system-wide firmware downgrade security policy during the updating of the firmware, wherein the attribute of the system-wide firmware downgrade security policy is associated with allowing or disallowing downgrading of a release version of the firmware; and
downgrading the firmware, including:
storing a firmware image to a scratchpad, wherein the scratchpad is a non-active firmware partition, and wherein the firmware image is an older release version of the firmware;
querying the baseboard management controller for the system-wide firmware downgrade security policy in the storage device via a management communication channel;
if the downgrading of the firmware is allowed based on the attribute of the system-wide firmware downgrade security policy, then updating the non-active firmware partition to be active on boot of the information handling system; and
if the firmware image has a security vulnerability, then providing an override to allow a user to proceed with the downgrade of the firmware.
|