Friends in Low Places – Loading Firmware in the Field

A country song made famous by Garth Brooks in 1990 declares, “I got friends in low places,” noting that one can always rely on ordinary people to help a friend in need. BIOS software is the friend in the “low places” of clients and servers. It is software on which these systems rely to verify the soundness of the hardware and to transfer control to subsequent software. It has full access to the resources of a system, including memory, processors, coprocessors, and fans. What, then, if this software were to become irreparably modified, whether by mistake or malice? This paper addresses the problem of reliably updating such firmware in the field, after a device has left the secure confines of a manufacturing facility.

By: Elaine Palmer; Tamas Visegrady

Published in: RC25095 in 2011

LIMITED DISTRIBUTION NOTICE:

This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.

rc25095.pdf

Questions about this service can be mailed to reports@us.ibm.com .