DETAILED ACTION
Status of Claims
Claims 1 – 20 are pending.
Claims 1 and 20 are independent.
This office action is Non-Final.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 6 – 10, and 15 - 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 – 5, 11 – 14, 18 -20 are rejected under 35 U.S.C. 103 as being unpatentable over Balakrishnan et al (US Patent Application No. 2015/0331694 A1, hereinafter “Balakrishnan”), in view of Lambert et al. (US Patent No. 11,226,862, hereinafter “Lambert”).
As per claim 1, Balakrishnan teaches a computing system comprising:
a central processing unit (CPU) [CPU 111, fig. 1, 0035];
a baseboard management controller (BMC) [BMC 120, fig. 1, 0035] coupled to the CPU via a first communication protocol [communication interface 130, 0035], the BMC including a first communication protocol controller, a BMC memory [memory 123, fig. 1], … and an internal BMC bus configured to communicatively couple the BMC memory, the first communication protocol controller … [0050: “…The BMC 120 has various system devices: such as interfaces, buses, and storage devices. Any device of the BMC 120 can be accessible by the host computer 110 through a communication interface…”];
and a boot non-volatile memory [non-volatile memory 122, fig.1, 0051; BIOS chip 113, 0045, 0047] coupled to the BMC via the first communication protocol controller [processor 121, fig.1, 0050, 0069], the boot non-volatile memory being configured to store basic input/output system (BIOS)firmware [BIOS chip 113, 0045] and/or BMC firmware [0051: “… The non-volatile memory 122 stores the firmware 124 of the BMC 120. When the processor121 of the BMC 120 is powered up, the firmware 124 of the BMC 120 is loaded into the memory 123 and executed.…”].
However, Balakrishnan does not explicitly teach the BMC has a root of trust element.
Lambert is cited to teach a BMC that boots in response to an AC power cycle event, provides a BMC ready signal in response to the boot, establishes the BMC as a root of trust for the processor in response to providing the BMC ready signal, and provides a processor boot indication to the processor in response to establishing the BMC as the root of trust. Both Balakrishnan and Lambert are directed to BMC boot policy.
As per claim 1, Lambert further teaches BMC includes a root of trust [Abstract, col. 1, lines 40 -46 :“…An information handling system may include a BMC that boots in response to an AC power cycle event, provides a BMC ready signal in response to the boot, establishes the BMC as a root of trust for the processor in response to providing the BMC ready signal, and provides a processor boot indication in response to establishing the BMC as the root of trust…”].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention Balakrishnan and Lambert as Lambert improves Balakrishnan by explicitly providing security measures for validating firmware content.
As per claim 2, Balakrishnan teaches the system of claim 1, wherein the first communication protocol is a serial peripheral interface(SPI) [well known and conventional communication bus, 0030: “…The term “interface”, as used herein, generally refers to a communication tool or means at a point of interaction between components for performing data communication between the components. Generally, an interface may be applicable at the level of both hardware and software, and may be uni-directional or bi-directional interface. Examples of physical hardware interface may include electrical connectors, buses, ports, cables, terminals, and other I/O devices or components. The components in communication with the interface may be, for example, multiple components or peripheral devices of a computer system…” ].
As pe claim 3, Balakrishnan teaches the system of claim 1, wherein the boot non-volatile memory is a flash chip [0044: “… the BIOS chip 113 is a non-volatile memory, such as a flash memory chip …”].
As per claim 4, Balakrishnan teaches the system of claim 1, wherein the BMC further includes a second communication protocol controller, the second communication protocol controller supporting out-of-band management [0049: “… The BMC 120 monitors the sensors and can send out-of-band (OOB) alerts to a system administrator of the host computer 110 if any of the parameters do not stay within preset limits, indicating a potential failure of the host computer 110…”].
As per claim 5, Lambert teaches the system of claim 4, wherein the second communication protocol controller is an Ethernet controller [Ethernet channels, col. 11, line 45 ].
As per claim 11, Lambert teaches the system of claim 1, wherein the root of trust is configured to verify content of the BMC memory via the internal BMC bus prior to storing the content of the BMC memory in the boot non-volatile memory as the BIOS firmware and/or the BMC firmware[validate the contents of a BIOS non-volatile memory device to ensure that the BIOS has not been tampered with col. 4, lines 15 - 33].
As per claim 12, Lambert teaches the system of claim 11, wherein the root of trust is configured to verify the content of the BMC memory once for multiple DC power cycles1 [validate the contents of a BIOS non-volatile memory device to ensure that the BIOS has not been tampered with col. 4, lines 15 - 33].
As per claim 13, Balakrishnan teaches the system of claim 1, wherein the BMC is configured to retrieve the BIOS firmware from the boot non-volatile memory and store the BIOS firmware in the BMC memory, and the CPU is configured to retrieve the stored BIOS firmware in the BMC memory to perform a boot operation [drivers may be stored in BMC memory 0051: “…The non-volatile memory 122 stores the firmware 124 of the BMC 120. When the processor121 of the BMC 120 is powered up, the firmware 124 of the BMC 120 is loaded into the memory 123 and executed. The firmware 124 of the BMC 120 has at least a kernel 125 and a virtual storage module 126. In certain embodiments, various hardware specific drivers 127 are accessible through the virtual storage module 126…”; 0055-0056].
As per claim 14, Balakrishnan teaches the system of claim 1, wherein capacity of the BMC memory is at least one gigabyte and capacity of the boot non-volatile memory less than 128 megabytes [memories assigned can be tailored to a size large enough to store the needed files, 0050].
As per claim 18, Balakrishnan teaches the system of claim 1, wherein the BMC further includes a first communication protocol bus simulator running in slave mode, the first communication protocol bus simulator being configured to respond to boot non-volatile memory read and write demands from the CPU [0053 – 0055: “…When the host computer 110 attempts to retrieve a specific file from the virtual storage module126, the host computer will send a read operation (or command) to the communication interface 130 in accordance with a specific storage device protocol, specifying a file to be retrieved. The virtual storage module 126 then receives such a read operation initiated by host computer 110 through the communication interface 130. The virtual storage module 126 instruct the BMC 120 to locate the file, and then sends the requested file back to the host computer 110 through the communication interface 130…”].
As per claim 19, Balakrishnan teaches the system of claim 18, wherein the actions pertaining to the boot non-volatile memory read and write demands from the CPU are performed on the BMC memory instead of the boot non-volatile memory [write commands are stored to a specific address of the memory 123, 0061].
As per claim 20, Balakrishnan teaches a computing system comprising:
a central processing unit (CPU) [CPU 111, fig. 1, 0035];
a baseboard management controller (BMC) [BMC 120, fig. 1, 0035] coupled to the CPU via a first communication protocol [communication interface 130, 0035], the BMC including a first communication protocol controller [processor 121, fig.1, 0050], a BMC memory [memory 123, fig. 1, 0050], … and an internal BMC bus configured to communicatively couple the BMC memory[0050: “…The BMC 120 has various system devices: such as interfaces, buses, and storage devices. Any device of the BMC 120 can be accessible by the host computer 110 through a communication interface…”];, the first communication protocol controller, … and
a first boot non-volatile memory coupled to the BMC via the first communication protocol controller, the first boot non-volatile memory being configured to store basic input/output system(BIOS) firmware [BIOS chip 113, 0045]; and
a second boot non-volatile memory coupled to the BMC via the first communication protocol controller, the second boot non-volatile memory being configured to store BMC firmware [non-volatile memory 122, fig.1, 0051].
However, Balakrishnan does not explicitly teach the BMC has a root of trust element.
Lambert is cited to teach a BMC that boots in response to an AC power cycle event, provides a BMC ready signal in response to the boot, establishes the BMC as a root of trust for the processor in response to providing the BMC ready signal, and provides a processor boot indication to the processor in response to establishing the BMC as the root of trust. Both Balakrishnan and Lambert are directed to BMC boot policy.
As per claim 20, Lambert further teaches BMC includes a root of trust [Abstract, col. 1, lines 40 -46 :“…An information handling system may include a BMC that boots in response to an AC power cycle event, provides a BMC ready signal in response to the boot, establishes the BMC as a root of trust for the processor in response to providing the BMC ready signal, and provides a processor boot indication in response to establishing the BMC as the root of trust…”].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention Balakrishnan and Lambert as Lambert improves Balakrishnan by explicitly providing security measures for validating firmware content.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Shivanna; Suhas et al. (US Patent Application No. 2018/0096154 A1) “Multiple Roots Of Trust To Verify Integrity” is cited to teach an example computing system that includes a first controller and a second controller. The first controller is to verify integrity of a first root of trust (ROT), and generate an integrity signal indicating the results. The second controller is to verify integrity of a second ROT, write the firmware image to the first controller, and verify integrity of the written firmware image.
Righi; Stefano et al. (US Patent No. 11,531,760 B1) “Baseboard Management Controller (BMC)-based Security Processor Technologies” is cited to teach a Baseboard Management Controller (“BMC”) -based security processor. The BMC-based security processor can provide a hardware Root of Trust (“RoT”) for a computing platform without the addition of specialized silicon to the platform and while minimizing the number of attack points. The BMC-based security processor can also provide functionality for securely filtering requests made on certain buses in a computing platform.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERRELL S JOHNSON whose telephone number is (571)270-3485. The examiner can normally be reached 10AM-7PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jaweed Abbaszadeh can be reached at 571-270-1640. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TERRELL S JOHNSON/ Primary Examiner, Art Unit 2176
1 Adapting from AC power cycling to DC power cycling would only require a person of ordinary skill in the art.