WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Transparent, secure computer virus detection method and apparatus    
United States Patent5537540   
Link to this pagehttp://www.wikipatents.com/5537540.html
Inventor(s)Miller; Craig A. (Tomball, TX); Dhareshwar; Yatin (Bombay, IN); Heller; Edmund G. (Spring, TX); Garrett; Michael R. (Houston, TX)
AbstractA computer system which verifies the integrity of installed software on the computer system. A reserved non-DOS hard disk partition is used to store routines which pre-boot the computer system and provide a secure environment from which to verify files. Routines start by performing a self check on the non-DOS partition routines, then check the master boot record and boot sectors of the hard disk. System files of the user DOS partition are verified next and any additional designated user files are verified until the computer system is verified. Since the computer booted from an atypical partition, the drives are remapped to account for the shift in logical disk drive addressing. When completed and prior to booting from the user partition, an NVRAM latch is set to prevent unauthorized modification of the initial checksums. The non-DOS partition contains three different sets of DOS: a copy of the user DOS, if DOS is installed on the user partition; a subset of DOS and a backup of the DOS subset. This allows the non-DOS partition to be booted to allow easier execution of the routines. Additionally, if the user changes DOS versions, such changes can be provided to the non-DOS partition for future use.



 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5537540
Transparent, secure computer virus detection method and apparatus - US Patent 5537540 Drawing
Transparent, secure computer virus detection method and apparatus
Inventor     Miller; Craig A. (Tomball, TX); Dhareshwar; Yatin (Bombay, IN); Heller; Edmund G. (Spring, TX); Garrett; Michael R. (Houston, TX)
Owner/Assignee     Compaq Computer Corporation (Houston, TX)
Patent assignment
All assignments
Publication Date     July 16, 1996
Application Number     08/315,702
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     September 30, 1994
US Classification     714/38 714/36 714/52
Int'l Classification     G06F 011/00
Examiner     Beausoliel Jr.; Robert W.
Assistant Examiner     Palys; Joseph E.
Attorney/Law Firm     Pravel, Hewitt, Kimball & Krieger
Address
Parent Case    
Priority Data    
USPTO Field of Search     395/575 395/700 395/750 395/425 395/183.14 395/183.13 395/183.15 395/183.21 395/183.12 395/184.01 395/185.05 395/47 380/4
Patent Tags     transparent, secure computer virus detection
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5421006
Jablon
714/36
May,1995
[0 after 0 votes]		5379342
Arnold
380/2
Jan,1995
[0 after 0 votes]
5375243
Parzych
726/17
Dec,1994
[0 after 0 votes]		5204966
Wittenberg
726/6
Apr,1993
[0 after 0 votes]
5144659
Jones
713/165
Sep,1992
[0 after 0 votes]		5073934
Matyas

Dec,1991
[0 after 0 votes]
5050212
Dyson
713/187
Sep,1991
[0 after 0 votes]		5022077
Bealkowski
711/163
Jun,1991
[0 after 0 votes]
4908861
Brachtl
713/187
Mar,1990
[0 after 0 votes]		4819267
Cargile
713/184
Apr,1989
[0 after 0 votes]
4309569
Merkle
713/177
Jan,1982
[0 after 0 votes]		5121345
Lentz
713/188
Dec,1969
[0 after 0 votes]
5265164
Matyas
380/30
Dec,1969
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A method for operating a computer system, the computer system including a processor; random access memory; read only memory containing a ROM program executed by said processor upon resetting of the computer system; at least one storage means having a non-DOS partition and at least one other partition, said non-DOS partition having a first and second region, said first region for storing a first verification program executed by said processor, a first verification list for storing a list of files stored on said second region, said files including files required to boot the computer system and a second verification program, and a first hash code table for storing hash codes of said first verification list files, said second region for storing a first operating system and the second verification program executed by said processor, a second verification list for storing a list of files stored on said other partitions and a second hash code table, said other partitions include at least a second partition for storing a second operating system and user programs executed by said processor; and a non-volatile memory having a plurality of locations for storing an non-volatile memory hash code and accessible to said processor, said non-volatile memory hash code containing at least one value being a modification detection code of said first region, said plurality of locations of said non-volatile memory being readable and writable by said processor after a first reset of the computer system, being write protected after receipt of a designated signal from said processor, and being made writable again only after a second reset of the computer system, the method comprising the steps of:

resetting the computer system and executing said ROM program, whereupon the ROM program causes execution of the following steps:

computing a hash code for said first region of said non-DOS partition;

determining if said computed hash code is equal to said non-volatile memory hash code value stored in said non-volatile memory;

loading said first verification program stored on said non-DOS partition into said random access memory if said computed hash code is equal; and

executing said first verification program loaded into said random access memory; and

wherein said first verification program further causes execution of the following steps:

computing hash codes for files listed in said first verification list;

determining if said computed hash codes are equal to hash code values stored in said first hash code table; and

booting said first operating system on said non-DOS partition if said computed hash codes are equal; and

wherein said operating system further causes execution of the following steps upon booting:

loading said second verification program stored on said non-DOS partition into said random access memory; and

executing said second verification program loaded into said random access memory; and

wherein said second verification program further causes execution of the following steps:

computing hash codes for files listed in said second verification list;

determining if said computed hash codes are equal to ash code values stored in said second hash code table; and

returning control to said ROM program; and

whereupon the ROM program causes further execution of the following steps if said computed hash codes are equal:

providing said designated signal to said non-volatile memory device prior to booting said second operating system; and

booting said second operating system from said second partition.

2. The method of claim 1, wherein said storage means further includes a master boot record for containing a partition table, said non-DOS partition having a boot sector containing instructions for booting said first operating system and whereupon said first verification program further causes execution of the following steps prior to said booting said first operating system step:

computing hash codes for said master boot record and said non-DOS partition boot sector; and

determining if said hash codes are equal to hash code values stored in said first hash code table.

3. The method of claim 2, wherein the at least one other partition includes at least one DOS accessible partition, whereupon said second verification program further causes execution of the following steps prior to computing hash codes for files listed in said second verification list:

determining each DOS accessible partition of said storage means;

assigning said non-DOS partition to a logical drive address value;

assigning a last partition of said DOS accessible partitions to a first logical drive address value after said non-DOS partition;

assigning a first partition of said DOS accessible partitions to a second logical drive address value after said non-DOS partition; and

assigning the remaining partitions of said DOS accessible partition with logical drive address values sequentially incremented from said second logical drive address.

4. The method of claim 2, wherein said non-DOS partition includes system files of said second operating system, and backups of said system files of said first and second operating systems, whereupon said first verification program further causes execution of the following steps prior to said booting said first operating system step:

determining if system files from said second operating system are present on said second partition;

verifying said system files of said second operating system stored on said non-DOS partition if said system files of said second operating system are present on said second partition; and

copying said system file backups of said first operating system stored on said non-DOS partition to said system files of said first operating system on said non-DOS partition if said system files of said second operating system are not present on said second partition.

5. The method of claim 4, whereupon said verifying step further causes execution of the following steps:

locating said system files of said second operating system stored on said non-DOS partition;

computing hash codes for said system files; and

determining if said computed hash codes are equal to hash code values stored in said first hash code table.

6. The method of claim 4, whereupon said verifying step further causes execution of the following step prior to copying said system file backups:

verifying said system file backups of said second operating system stored on said non-DOS partition if said hash codes are not equal.

7. The method of claim 6, whereupon said verifying system file backups step further causes execution of the following steps:

computing hash codes for said system file backups of said second operating system stored on said non-DOS partition;

determining if said computed hash codes are equal to hash code values stored in said first hash code table; and

restoring said system files of said second operating system to said non-DOS partition from an external source if said hash codes are not equal.

8. The method of claim 4, wherein said second partition includes a storage compression utility, and whereupon said first verification program further causes execution of the following steps prior to said booting said first operating system step:

copying said storage compression utility from said second partition to said non-DOS partition;

computing a hash code for said storage compression utility;

determining if said computed hash code is equal to a hash code value stored in said first hash code table; and

deleting said storage compression utility copy from said non-DOS partition if said hash codes are not equal.

9. The method of claim 8, wherein said second partition includes a boot record for booting said second operating system, whereupon said second verification program further causes execution of the following steps prior to said returning control to said ROM program step:

computing a hash code for said second partition boot record; and

determining if said computed hash code is equal to a hash code value stored in said second hash code table.

10. The method of claim 1, wherein said first verification program further causes execution of the following step prior to computing hash code values for files listed in said first verification list:

saving a lower region of said random access memory, said lower region containing ROM status information; and

wherein said second verification program further causes execution of the following step just prior to returning control to said ROM program:

restoring said lower region of said random access memory.

11. The method of claim 1, wherein said first and second operating systems are DOS.

12. The method of claim 11, wherein said second verification list includes a system configuration files portion and a user files portion.

13. The method of claim 1, wherein said first operating system is DOS and said second operating system is other than DOS.

14. The method of claim 13, wherein said second verification list includes only system configuration files.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to an apparatus and method of verifying the integrity of computer data for effects of computer viruses and more particularly to a verification system using a reserved non-DOS hard disk partition resulting in a boot verification system that is independent of and transparent to the operating system.

2. Description of the Related Art

A personal computer (PC) typically contains several forms of storage media such as a hard disk and a floppy disk. These types of media are used to store user software such as the operating system (OS) and applications, and work product information such as electronic documents. A PC also has lower level software known as the Basic Input/Output System (BIOS) contained in Read Only Memory (ROM) on the system board. When the computer is first turned, on the CPU starts executing the BIOS from ROM. The BIOS performs a set of diagnostic routines called Power On Self Test (POST) and if completed successfully, proceeds to locate and boot up the OS.

The BIOS is programmed to locate the operating system by first searching the floppy disk, and then the hard disk. This permits the PC to be booted if either the hard disk has failed or a different OS is required.

Before continuing, background on hard disk drives is deemed appropriate. A computer may have a plurality of hard disks connected to allow storage of large amounts of software and data. Physically, a hard disk is comprised of at least one platter for storing the data. Each platter is divided into a number of concentric storage units called tracks. A track is further divided into sectors. Each platter is accessed by a top head and a bottom head which read and write data onto the hard disk. Logically, a hard disk may be divided into partitions, each partition having an amount of storage selectable at the time of creation, but the aggregate of all partitions not exceeding the storage capacity of the hard disk. For example, a single hard disk could have three partitions logically named C:, D: and E:. Partitions are further divisible into tracks, cylinders and sectors for addressing purposes. Under DOS, a computer may have several disk partitions of different sizes or different types, meaning DOS-type or non-DOS-type, thus allowing more than one operating system to be installed on the same hard disk. Additional disk partition types are reserved for future uses. Each hard disk has a single Master Boot Record (MBR), that contains information pertaining to the size, type and location of disk partitions. A boot record is contained in the boot sector of the bootable partition which contains operating system dependent information relating to the file structure on the hard disk.

Returning now to the boot sequence, once the MBR is found, control is handed to the first byte of the MBR, thus booting the OS.

As mentioned before, most information contained in a computer is stored on the hard disk. Unless otherwise noted, "software" and "program" refers to executable software programs while "data" refers generically to all forms of electronic information including software and files created by software. But in either case, all are stored on the hard disk. Huge amounts of money are invested by companies in purchasing software and even more money is expended on developing the information contained in the electronic data files such as documents, spreadsheets and drawings. Protecting these resources is therefore an important concern.

One method of offering protection is by the use of passwords. The password is typically stored in battery-backed CMOS memory and before the user is allowed access to the computer, the user is required to enter a password. Once entered, the computer compares the entered password to the password in CMOS and, if they match, is allowed access. The main disadvantage with this system is that passwords offer very little protection against certain forms of data corruption, discussed below. Second, other forms of attack can bypass the CMOS memory because it is not read protected in many cases. To address this concern, passwords are encoded, however, once the encoding scheme is reverse engineered the protection has again been breached. Further, the CMOS memory could simply be disconnected from its battery, thus losing any contents including the password and allowing access.

A related art to that of computer protection is that of integrity checking. Integrity checking is used here to denote methods used to check the trustworthiness of data. It should be noted that in this context, integrity and trustworthiness have little to do with defects in the design of the software, or bugs in the software, although certain bugs could cause the integrity of the software to be jeopardized. The two main causes of software untrustworthiness are file corruption and viruses. File corruption usually happens when some sort of system failure occurs during a file transfer for example, if the system is shut off while a file is being copied onto the hard disk. The other much larger threat to software integrity is computer viruses.

While many computer viruses are relatively benign, computer viruses can be hostile, clandestine and created specifically to cause undesirable results on the computer, such as destroy software and data, or cause peculiar computer operation, such as lock-up the keyboard or blank the monitor. They can be introduced into a computer in as many ways as the computer can communicate externally, such as through the floppy drive, a network or a modem. Viruses are typically designed to secretly attach themselves to a file or the MBR or boot record so the user is unaware of the intrusion. The distinguishing feature is that once they attach themselves to the host program, the file must be different. Once attached, any subsequent copies of that host file also contain the virus, thereby increasing the potential for destruction. The virus is then activated when the file is executed. Thus a virus attached to a data file will lay dormant because the data file is not executable.

Certain methods of calculating assessment codes are well suited to detecting the modification of data caused by viruses or accidentally corrupted files. Checksums are adequate for detecting accidental modifications of data, however, they are an insecure defense against viruses. A well-designed virus could easily attach itself to a host program without resulting in a different checksum. Therefore, to address this problem, advanced modification detection codes (MDCs) have been developed to specifically detect deliberate corruption of data, and are superior to checksums. For this purpose, software is assumed trustworthy when it is initially installed onto the fixed disk of the computer. Once installed, an integrity assessment code is calculated and stored. Thereafter, when the computer is turned on again, the stored assessment code is compared to a newly calculated value. If a discrepancy is found, the user is alerted. The disadvantage with this method is that because of the unlimited number of hard disk files, i.e. assessment codes, the assessment codes must be stored on the hard disk thus making the codes themselves susceptible to virus attack.

Modification detection codes are also commonly used in conjunction with the use of digital signatures, which can authenticate the originator of a message. Applied to integrity assessment, an originating program would hold the signature, or MDC, of the data it is assessing. This way the originating program "signs off" on the integrity of the assessed data before it is used.

One common commercial method of assessing the integrity of the user software is to check for viruses by running a virus checking software program. These programs rely on the characteristics of the known viruses to detect their presence. Thus, a new virus would be undetectable to a program like this. Additionally, if a virus is present, the virus checking software itself is susceptible because it is loaded from the infected hard disk and must run in memory that could be infected.

Another improved software method moves the software checking software onto a ROM. When the BIOS boots, the virus checking ROM software is executed. This has the advantage of checking early enough in the boot process so that any viruses in the system can be detected before they have the chance to be loaded into memory. However, the ROM code still relies on the known characteristics of the viruses to detect their presence. Modification detection codes are also used with this technique, but again, the assessment codes are accessible to savvy viruses.

A much more secure technique is described in U.S. patent application Ser. No. 08/231,443, filed Apr. 20, 1994, to David C. Jablon and Nora Hensley, entitled "Method and Apparatus for Assessing Integrity of Computer Software", which is hereby incorporated by reference. The described technique uses CMOS memory as a non-volatile memory (NVRAM). The NVRAM has one location which can be write protected by a write once bit. Once set, the write protection cannot be removed until the computer is reset. This location holds an MDC code for certain operating system programs located on the hard disk. Software in the ROM BIOS needs the protected operating system programs and the MDC of those programs. If the calculated MDC matches that stored in the NVRAM, then the programs are secure and can be executed. In one embodiment for normal operation the write protection is activated at this time. In an alternative embodiment the write protection is activated before the first, non-checked program is executed. The operating system is then loaded and boots the computer, the operating system can then check each further file before it is executed on each file can check the files it initiates. Checking consists of calculating the MDC of the programs, comparing to a value in a previously checked table and passing the program if there is a good comparison. If not, the program has changed and may include a virus.

While the technique is very secure and usable in an ideal environment, a PC is far from an ideal environment. Files change often, in many cases those which are considered critical system files, so the problems of bookkeeping the changes and back calculating through the MDCs is problematic. Further, many PCS have very complicated booting procedures and the technique can interfere with those procedures. So while the technique is theoretically secure, in practice, the many variables of a PC environment limit its usefulness. So it would clearly be desirable to overcome the PC environment problems to utilize the technique to provide positive detection of viruses.

SUMMARY OF THE PRESENT INVENTION

A computer system according to the present invention verifies the integrity of installed software on the computer system. It uses the secure checking technique of the Jablon application in a PC environment without capability problems and greatly reduced administrative requirements. A reserved non-DOS hard disk partition is used to pre-boot the computer system and provide a secure environment from which to verify files. Upon power-up or reset, the computer performs the power on self test and calls the first SAFESTART routine. The SAFE START routines start by performing a self check, then check the master boot record and boot sectors of the hard disk. This verification captures a large majority of viruses and is performed before any code residing in those areas is executed, thus preventing the spread of any discovered viruses. Further checks are performed on SAFE START files before each is executed. Eventually, system files are verified and any additional designated user files are verified until the computer system is verified. Since the computer booted from an atypical partition, the drives are remapped to account for the shift in logical disk drive addressing. When completed, SAFE START files are cleaned up, a latch is set to prevent unauthorized modification of the initial protection values, and control is returned to the BIOS to boot the user OS.

The reserved non-DOS partition contains three different sets of DOS: a copy of the User DOS (if DOS is installed on the user partition), a subset of DOS called SDOS, and a backup of the DOS subset. According to the present invention, the reserved non-DOS partition is bootable by SAFE START. During SAFE START, the default OS is the user's DOS, if installed, otherwise SDOS is used as the pre-boot OS. Additionally, if one of the OS's becomes infected, another can be swapped in to run SAFE START.

BRIEF DESCRIPTION OF THE DRAWINGS

A better understanding of the invention can be obtained when the following detailed description of the preferred embodiment is considered in conjunction with the following drawing, in which:

FIG. 1 is a schematic block diagram of a computer system board S;

FIG. 2 is a schematic block diagram of a processor board P;

FIG. 3 is a more detailed block diagram of a portion of FIG. 1;

FIG. 4 is a flowchart illustrating sequences for preparing the computer system of FIGS. 1 and 2 for utilizing the present invention;

FIG. 5 is a flowchart for further illustrating sequences for preparing the computer system of FIGS. 1 and 2 for utilizing the present invention;

FIGS. 6A, 6B, 6C and 6D are flowcharts for further illustrating sequences for preparing the computer system of FIGS. 1 and 2 for utilizing the present invention; and

FIGS. 7A, 7B, 7C and 7D are flowcharts for further illustrating sequences for preparing the computer system of FIGS. 1 and 2 for utilizing the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring now to FIG. 1, the system board S of a computer system for use according to the present invention is shown. In the preferred embodiment, the system boards contain circuitry and slots for receiving interchangeable circuit boards. In the preferred embodiment, there are two primary buses located on the system board S. The first bus is the PCI or Peripheral Component Interconnect bus P which includes address/data portion 100, control and byte enable portion 102 and control signal portion 104. The second primary bus on the system board S is the EISA bus E. The EISA bus E includes LA address portion 106, SA address portion 108, SD data portion 110 and EISA/ISA control signal portion 112. The PCI and EISA buses P and E form the backbones of the system board S.

A CPU connector 114 is connected to the PCI bus P to receive interchangeable processor cards, such as the one shown in FIG. 2. A PCI graphics connector 116 is connected to the PCI bus P to receive a video graphics card as shown in FIG. 3. A PCI option connector 118 is also connected to the PCI bus P to receive any additional cards designed according to the PCI standard. In addition, a SCSI and network interface (NIC) controller 120 is connected to the PCI bus P. Preferably the controller 120 is a single integrated circuit and includes the capabilities necessary to act as a PCI bus master and slave and the circuitry to act as a SCSI controller and an Ethernet interface. A SCSI connector 122 is connected to the controller 120 to allow connection of various SCSI devices, such as hard disk drives and CD-ROM drives. An Ethernet connector 124 is provided on the system board S and is connected to filter and transformer circuitry 126, which in turn is connected to the controller 120. This forms a network or Ethernet connection for connecting the system boards and computer to a local area network (LAN).

A PCI-EISA bridge 130 is provided to convert signals between the PCI bus P and the EISA bus E. The PCI-EISA bridge 130 includes the necessary address and data buffers and latches, arbitration and bus master control logic for the PCI bus, EISA arbitration circuitry, and EISA bus controller as conventionally used in EISA systems and a DMA controller. Preferably the PCI-EISA bridge 130 is a single integrated circuit, but other combinations are possible. A miscellaneous system logic chip 132 is connected to the EISA bus E. The miscellaneous system logic chip 132 contains a digital audio interface, counters and timers as conventionally present in personal computer systems, an interrupt controller for both the PCI and EISA buses P and E and power management logic, as well as other miscellaneous circuitry. A series of four EISA slots 134 are connected to the EISA bus E to receive ISA and EISA adapter cards. A combination I/O chip 136 is connected to the EISA bus E. The combination I/O chip 136 preferably includes a floppy disk controller, real time clock (RTC)/CMOS memory, two UARTs, a parallel port and various address decode logic. A floppy disk connector 138 for receiving a cable to a floppy disk drive is connected to the combination I/O chip 136. A pair of serial port connectors are also connected to the combination I/O chip 136, as is a parallel port connector 142. A buffer 144 is connected to both the EISA bus E and the combination I/O chip 136 to act as a buffer between the EISA bus E and a hard disk drive connector 146 to allow connection of an IDE-type hard disk drive. A non-volatile random access memory (NVRAM) 148 is connected to the EISA bus E and receives its control signals from the combination I/O chip 136. An address latch 150 is connected to the EISA bus E and controlled by the combination I/O chip 136 to provide additional addressing capability for the NVRAM 148. Preferably the NVRAM 148 is used to contain certain system information. A data buffer 152 is connected to the SD portion of the EISA bus E to provide an additional data bus XD for various additional components of the computer system. The NVRAM 148 is connected to the XD data bus to receive its data bits. A flash ROM 154 receives its control and address signals from the EISA bus E and is connected to the XD bus for data transfer. Preferably the flash ROM 154 contains the BIOS information for the computer system and can be reprogrammed to allow for revisions of the BIOS. An 8742 or keyboard controller 156 is connected to the XD bus and EISA address and control portions 108 and 112. The keyboard controller 156 is of conventional design and is connected in turn to a keyboard connector 158 and a mouse or pointing device connector 160.

The computer system of the preferred embodiment also includes audio capabilities. To this end a CODEC chip 162 is connected to the miscellaneous system logic chip 132 and to an analog amplifier and mixer chip 164. An FM synthesizer chip 166 is connected to the analog amplifier and mixer 164 and receives digital information from the XD bus. The FM synthesizer 166 is also connected to the control and data portions 110 and 112 of the EISA bus E and is controlled by the miscellaneous system logic chip 132. An audio connector 168 is provided to allow external audio connections to the computer and is connected to the outputs and inputs of the analog amplifier and mixer 164.

Referring now to FIG. 2, the processor board P is shown. In the processor board P of FIG. 2, the CPU or processor 200 can be any of a plurality of processors, such as the 486DX/33, 486DX2/66, 486DX4/50-100, 486DX4/33-100, 486DX4/33-83, P24T, Pentium 50/75, Pentium 60/90, and Pentium 66/100, and other similar and compatible processors. The processor 200 provides data, address and control portions 202, 204 and 206 to form a processor bus PB. A level 2 (L2) or external cache memory system 208 is connected to the processor bus PB to provide additional caching capabilities to improve performance of the computer system. The L2 cache 208 can be organized as a 128 kbyte direct mapped cache or 256 kbyte two-way set associative cache when used with 486 family processor and as a 256 or 512 kbyte direct mapped or two-way set associative cache when used with Pentium family processors. A cache and memory controller (CMC) and PCI bridge chip 210, is connected to the control portion 206 and to the address portion 204. The CMC 210 is connected to the L2 cache 208 as it incorporates the cache controller and therefore controls the operations of the cache memory devices in the L2 cache 208. The CMC 210 is also connected to control a series of address and data buffers 212. The data buffers 212 are utilized to handle memory data to a main memory array 214. The data buffers 212 are connected to the processor data portion 202 and receive control signals from the CMC 210. The data buffers 212 provide a memory address bus 216 and a memory data bus 218 to the memory array 214. A memory control signal bus 220 and memory address bus 216 is provided from the CMC 210. Clock distribution and generation circuitry 222 is associated with the processor card P and is connected to the CMC 210. A processor connector 224, such as a card edge, is provided to be mateably received by the processor connector 114. The processor connector 224 is connected to the CMC 210, the data buffers 212 and the clock distribution circuitry 222 to provide clocks to the computer system and to provide a PCI interface to allow the processor 200 to access the PCI and EISA buses P and E and to allow PCI and EISA bus masters to access the main memory array 214.

The computer system elements that are not discussed in detail below are not significant to the present invention other than to illustrate an example of a fully figured computer system. It is noted that the above description of a computer system is provided for completeness and numerous variations could be developed as apparent to those skilled in the art.

Referring now to FIG. 3, a block diagram of portions of the NVRAM 148 is shown. An address latch 150 connects and provides NVRAM address signals 312 to the NV memory 300, an address decoder 302 and a write protect bit address decoder 304. Control signals to the NVRAM 148 are provided from the computer by RAMCTRL signals 314 which are connected to the address latch 150 and the NV memory 300 and include a read signal 318 connected to an AND gate 310 and a write signal 316 connected to an AND gate 308. An S/R latch 306 has an S input connected to the system reset signal 315, an R input connected to the output of the write protect bit address decoder 304 by a clear signal 328, and a Q output connected to the AND gate 308 by a write enable signal 322. The AND gate 308 is connected to the write input of the NV memory 300 by a signal 324. Upon system reset, the Q output of the S/R latch 306 is set high by the reset signal 315, thus allowing a write operation to NV memory 300. A subsequent write operation to the address decoded by the write protect bit address decoder 304 will cause the clear signal 328 to be driven high, thus resetting the S/R latch 306 and disabling further write operations to the NV memory 300. Read or write operations to the NV memory 300 are decoded by the address decoder 302 which provides an NVRAM select signal 320 to the inputs of the AND gate 308 and the AND gate 310. Data is communicated to the NV memory 300 by the data signals 330. The foregoing circuitry allows read and write accesses of the NV memory 300, however, once the right protect bit in the S/R latch 306 is cleared, no further write operations will be accepted by the NVRAM 148 until the computer system is reset or powered off again. Other variations in the development of the NVRAM can be utilized with appropriate modifications, as long as there is a way to protect a small area.

This completes the detailed description of the circuitry utilized in the computer system according to the present invention to provide a write protected memory area for the verification system of the present invention. This circuitry is used in conjunction with certain operating sequences provided in the read only memory space and hard disk of the computer system to perform the verification functions of the present invention.

When power to computer system is initially turned on, or the system is cold reset, the power on sequence 400 (FIG. 4) is commenced. The first step of the power on sequence 400 is step 402 where the computer will start executing from BIOS ROM. The BIOS is preferably stored in flash ROM 154 and contains low level programming for booting the operating system, and an INT 13h handler for accessing the hard disk. Control then proceeds from step 402 to step 404 where the computer system performs a power on self test to determine if all system hardware is operating properly. Control then proceeds from step 404 to step 406 where an RROM routine begins and the computer system reads the NVRAM 148 to determine if the SAFE START routine should commence. If so, control proceeds to step 408 where the computer system determines if a hard disk is present. If in step 406 the system determines the SAFE START routine should not commence, then control proceeds to step 410 where the BIOS routine performs the remainder of the boot sequence. If in step 408, it was determined that the system did not have a hard disk present, control proceeds to step 410 where the BIOS routine performs the remainder of the boot sequence.

If the computer system does have a hard disk present, then control proceeds from step 408 to step 412 where the RROM routine contained in the flash ROM 154 is copied into the memory array 214 for faster processing. After RROM is copied, the computer jumps to the RROM starting address and begins