Microsoft Corporation
FIRMWARE RUNTIME PATCH SECURE RELEASE PROCESS

Abstract:

A secure firmware update patch release process includes providing (1) a test mode in firmware for performing firmware verification testing on a firmware update patch and (2) an additional signing applied to the firmware update patch after the firmware verification testing and before deployment of the firmware update patch in a production environment. A developer may generate and build a firmware update patch and release the patch for firmware verification testing. Before the firmware verification testing, a platform signature is added to the firmware update patch. The test mode may authenticate the firmware update patch based on the platform signature. If the firmware update patch passes the firmware verification testing, a system signature may be added to the firmware update patch. The system signature may be required to authenticate the firmware update patch while the firmware operates in an official mode of operation.