| CPC G06F 21/575 (2013.01) [G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A computing system comprising:
a secure flash memory that stores firmware that comprises boot firmware, a plurality of read-only portions, and a reference hash of the plurality of read-only portions, wherein the secure flash memory performs the following operations:
calculate a hash of a designated portion of the firmware to provide a calculated hash of the designated portion, the designated portion of the firmware comprising the boot firmware and the reference hash of the plurality of read-only portions; and
validate the designated portion of the firmware by comparing the calculated hash of the designated portion and a reference hash of the designated portion that is securely stored in the secure flash memory;
a device that executes the firmware, wherein the boot firmware performs the following operations:
based at least on the designated portion of the firmware being validated, initiate a boot of the firmware by calculating a hash of the plurality of read-only portions to provide a calculated hash of the plurality of read-only portions;
based at least on the designated portion of the firmware being validated, validate the plurality of read-only portions by comparing the calculated hash of the plurality of read-only portions and the reference hash of the plurality of read-only portions; and
based at least on the plurality of read-only portions being validated, complete the boot of the firmware; and
host software that, when executed, performs the following operations:
change a state of the designated portion of the firmware from a read-only state in which designated portion is not capable of being updated by the firmware to a writeable state in which the designated portion is capable of being updated by the firmware; and
based at least on the state of the designated portion of the firmware being changed from the read-only state to the writable state, update the designated portion of the firmware.
|