Abstract: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.

Abstract: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.

Abstract: An SMI (System Management Interrupt) generation capability is added to the cryptographic verification operation utilized to verify an update of a system management utility, such as the BIOS update utility. With the addition of an SMI upon completion of a signature verification command, the SMI handler issues a signature verification request to a trusted platform module (TPM) and returns control to the controlling application with a status code indicating it should begin polling the SMI handler for status. Upon completion of the verification operation, the TPM issues the SMI. The SMI handler then queries the TPM for status. The SMI handler then updates its internal status and permits access to the requested resource assuming the verification is successful. Upon the next poll from the application, the SMI handler returns the status to the calling application, which would either continue or abort with the update operation.

Abstract: A personal computer furnishes a secure path for a security chip of the personal computer for entry of a personal identification number code (PIN). The path is not sniffable or surreptitiously detectable by software. The security chip is removably mounted on a daughter card rather than hardwired to the motherboard of the personal computer. With proper authorization, an interposer may be inserted between the daughtercard and the motherboard. When the PIN becomes necessary, it need not be entered through a keyboard and transmitted to the daughtercard over a bus where it is capable of surreptitious detection or interception. The PIN is instead entered directly from a keypad into the daughtercard.