Title of Invention	APPARATUS FOR AUTOMATIC REPLACEMENT OF CORRUPTED BIOS IMAGE
Abstract	An apparatus, comprising: a memory means including a primary BOIS and a backup BIOS; a validator to validate at least a part of the primary BIOS; control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and a timer to determine whether the primary BIOS executes within a predetermined period of time

Title of Invention

APPARATUS FOR AUTOMATIC REPLACEMENT OF CORRUPTED BIOS IMAGE

Abstract

An apparatus, comprising: a memory means including a primary BOIS and a backup BIOS; a validator to validate at least a part of the primary BIOS; control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and a timer to determine whether the primary BIOS executes within a predetermined period of time

Full Text	APPARTUS FOR FORM 2 THE PATENTS ACT 1970 (39 OF 1970] COMPLETE SPECIFICATION [See Section 10, rule 13] AUTOMATIC REPLACEMENT OF CORRUPTED BIOS IMAGE" INTEL CORPORATION, a corporation incorporated in the State of Delaware, of 2200 Mission College Boulevard, Santa Clara, California 95052, United States of America, The following specification particularly describes the nature of the invention and the manner in which it is to be performed:- BACKGROUND OF THE INVENTION 1. Field of the Invention (0001] The invention pertains generally to computers. In particular, it pertains to management of the BIOS image in computers. 2. Description of the Related Art [0002] Computers are usually initialized by executing a Basic Input/Output System (BIOS). The BIOS is non-voiatile code that determines what the computer can do without accessing programs from a disk. On personal computers (PCs), the BIOS contains all the code required to perform a self-test and to control the keyboard, display screen, disk drives, serial communications, and a number of miscellaneous functions. The BIOS then loads the operating system from disk. Originally, the BIOS was placed in a read-only memory (ROM) and could not be modified without physicaiiy replacing the ROM. As the functions performed by the BIOS became more complex, and computers became easier to reconfigure after manufacture, the BIOS was placed on rewritable programmable ROMs, such as flash memory. [0003] Since the BIOS can now be rewritten in the field after the computer becomes operational, and a computer cannot be booted without a valid BIOS, this raises reliability and security issues. A computer can be disabled if the BIOS is corrupted by being rewritten incorrectly, such as by user error, power interruption, or software malfunction. To help prevent an unrecoverable condition, many systems contain a backup copy of the system BIOS that can be relied upon if the primary BIOS is faulty. However, these generally require physical intervention by the user to activate the backup BIOS. For example, the backup BIOS may be enabled by a mechanical switch or jumper on the motherboard. Those systems that have some sort of automatic recovery still require the physical presence and intervention of an operator - to choose boot options or to insert a recovery disk, for example. If the faulty BIOS was caused by a download to a remote system with no operator present, the corrective action (dispatching a technician to the site) can be very expensive in terms of both money and downtime. An additional disadvantage of the convention BIOS redundancy approach is that the two BIOS copies are usually stored in two separate memory devices, which increases manufacturing costs. The present invention relates to an apparatus, comprising: a memory means including a primary BOIS and a backup BIOS; a validator to validate at least a part of the primary BIOS; control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and a timer to determine whether the primary BIOS executes within a predetermined period of time. 3 BRIEF DESCRIPTION OF THE DRAWINGS [0004] Fig. I shows a block diagram of a dual-BIOS system. [0005] Figs. 2A, 2B, 2C show a flow chart of a method embodiment. [0006] Figs. 3 A, 3B, 3C show a more detailed flow chart of a method embodiment. [0007] Fig. 4 shows a block diagram of a dual-BIOS systtm with a module for programming the BIOS contents. DETAILED DESCRIPTION OF THE INVENTION [0008] Various embodiments allow a backup BIOS image to automatically be enabled whenever the primary BIOS image is faulty, without any intervention by an operator. It may also allow both BIOS images to be stored in one physical device, decreasing board area and cost. In operation, execution may begin in the backup BIOS, which may validate the primary BIOS. If the primary BIOS passes the validation test, control may then be transferred to the primary BIOS to perform the boot sequence. If the primary BIOS fails the validation test, indicating it has been corrupted, the backup BIOS may generate a warning indicator and perform the boot sequence. If the primary BIOS passes the validation test but does not complete the boot sequence correctly, indicating it is faulty in a way that eluded the validation test, the backup BIOS may be used to boot the system. 7~he boot sequence for the primary and backup BIOS images do not have to be identical. [0009] Fig. I shows functional components of an embodiment of a dual-BIOS 25 system 10. Memory device 132 may be used to hold the code for both the backup BIOS 11 3 and the primary BIOS 114. In one embodiment, memory device 112 may be a programmable read-only memory (PROM) such as a flash memory device. In one embodiment, memory device 112 may be a single integrated circuit. Control logic 1] ] may be used to control the operation of memory device 112 to enable the features of the dual-BIOS system 10. In operation, the address lines ADR of a bus may be used to read the contents of the memory device 112 over data lines DATA to retrieve instructions for initializing the system. In one embodiment, address lines ADR include all 32 bits of a 32-bit address bus. To permit easy switching between backup BIOS 113 and primary BIOS 114, the least significant address bits (LSAB) may be routed directly to memory device 112, while the most significant address bits (MSAB) may be routed to control logic III. Control logic 111 may then issue selected ones of the most significant bits (SELECTION MSB) to select either backup BIOS 133 or primary' BIOS 114. The number of bits in LSAB may be designed to accommodate the maximum size of each BIOS. In one embodiment, LSAB consists of 16 address lines to permit directly addressing a BIOS address space of 64k. In a 32-bit address environment, this may leave 16 bits for MSAB. However, the number of bits in SELECTION MSB may be reduced to only those that will change state during BIOS operations, while the remaining high-order address bit inputs to memory device 112 may be ignored. The number of bits required for SELECTION MSB depends on the specific address ranges selected for backup BIOS 113 and primary BIOS 114. In one embodiment, SELECTION MSB includes only one bit, to permit switching between the two address ranges. [0010] Control logic 111 may also have several control inputs from the bus. In one embodiment, these may include Write Enable, Chip Select to the BIOS device, and CPU-INIT. Control logic 111 may output multiple control signals to memory device 112. In one embodiment, these may include Write Enable (WE) and Chip Select (CS). However, these two signals being output from control logic 111 may not track the equivalent signals being input to control logic 111 because control logic 1 ] 1 may manipulate them to control the automatic dual-BIOS function. [0011] Backup BIOS 113 may be located in an address space of memory device y 112 that will be decoded as read-only by control logic 111, while primary BIOS 114 may be located in an address space of memory device 112 that will be decoded as read/write by control logic 111. The read-only state may be enforced by write-protecting the backup BIOS. This may be accomplished by deasserting the Write Enable line to memory device 112 whenever any portion of backup BIOS 113 is being addressed, thus preventing the W possibility of corrupting backup BIOS 113 with a write operation. In this embodiment, primary BIOS 114 may be revised by reprogramming it, but backup BIOS 113 may remain unchanged so that any detected problem with primary BIOS 114 may be avoided by booting the system with the older, proven, backup BIOS 113. Validator 115 may be used to validate primary BIOS 114 to determine if primary BIOS 114 has been corrupted; }? i.e., if portions of it did not program correctly. In one embodiment, validator 115 includes code located in backup BIOS 113 to perform a checksum process on primary BIOS 114. Control logic 111 may assert the Chip Select line to memory device 112 whenever memory device 112 is being addressed, regardless of which BIOS is being addressed. [0012] Figs. 2A-C show a flow chart of a method embodiment 20. The BIOS entry point is shown at block 221. This point may be entered as the result of, for example, a system reset, a CPU initialization signal, or a jump to the boot vector. In one embodiment, the BIOS entry point is at the top of addressable memory space. Block 222 determines whether the backup BIOS or the primary BIOS is being executed. In one embodiment, this may be determined by examining a bit that is set to control which BIOS Iff is to be executed. In another embodiment, this may be determined by examining one or 6 more high-order address bits. If the backup BIOS is executing, the backup BIOS may validate the primary BIOS at block 224 to determine if the primary BIOS is corrupted, and may also check a retry counter that tracks the number of times the primary BIOS has unsuccessfully tried to execute. Corruption of the primary BIOS may be due to various causes, such as errors in writing the code into the portion of the memory device containing the primary BIOS code. another cause may be failure of at least one memory cell in the portion of the memory device containing the primary BIOS code. In one embodiment, validation may be done by executing a checksum on the code of at least a portion of the primary BIOS. In another embodiment, the backup BIOS may perform a more extensive validation test on the primary BIOS. If the primary BIOS is found to be corrupted, or if the retry counter has reached a predetermined value designated here as'X' , the backup BIOS may set an error indicator, such as an 'Invalid' flag, at block 225 to indicate that the primary BIOS is unreliable and that the backup BIOS will be used to boot the system. Block 226 may be used to make adjustments for the fact that the primary and backup BIOS images may be different. If the primary BIOS has previously been revised, it may have changed other parameters that make it incompatible with the unchanged backup BIOS. For example, if the primary BIOS requires different CMOS settings than the backup BIOS, these settings may need to be modified at block 226 to be compatible with the backup BIOS. After making these adjustments, if they are necessary, the boot sequence can continue at block 223 in the backup BIOS and move to point 'A' that continues in Fig. 2B. [0013] Returning to block 224, if the primary BIOS is found to be valid and the retry counter has not reached the predetermined value, a watchdog timer may be started at block 227 that may be used later to detect a'fault in the BIOS that was not detected by the validation test. The retry counter that was tested in block 224 may also be incremented. A 7 'primary' BIOS' indicator may be set at block 228 to switch control to the primary BIOS. In one embodiment, this may consist of setting a hardware bit. At block 229, a CPU initialization signal may be generated to force execution back to the BIOS entry point at block 221. In one embodiment, this initialization signal may be generated under control of the BIOS code. In another embodiment, it may be generated in hardware as a result of setting the select bit in block 228. After execution moves to the BIOS entry point, block 222 may once again determine whether the primary or backup BIOS is being executed. Since the 'primary BIOS' indicator was set at block 228, the primary BIOS is now executing and the boot sequence may continue at block 223. From there, execution may continue at point 'A' in Fig. 2B. [0014] At block 230 of Fig. 2B, the selected boot sequence executes. If the boot sequence executes properly, it will complete before the watchdog timer times out, and it will clear the retry counter and disarm the watchdog timer at block 231 before passing control to the operating system at block 232. If the boot sequence is expected to take 15 longer than the longest period the watchdog timer can be set to, the boot sequence may be programmed to periodically restart the watchdog timer. Otherwise, the watchdog timer may be set to a single value that allows time: for the boot sequence to run to completion. Fig. 2C shows the sequence that occurs if the watchdog timer times out as indicated at block 240, A timeout of the watchdog timer may indicate that execution of the BIOS is not going as planned and that something is wrong with that execution. This may be used to detect some faults in the BIOS that escaped detection in the validation test. A timeout may reselect the backup BIOS at block 24] and return control to the BIOS entry point from block 241 in Fig. 2C to block 221 in Fig. 2A. This may restart the validation and timeout sequences previously described. If the watchdog timer times out, indicating an execution failure of the primary BIOS, the primary BIOS may be retried a predetermined 8 number of times by use of the retry counter which is tested at biock 224 and incremented at block 227. When the designated number of retries occurs, the retry counter will reach a value of'X', which causes execution of the backup BIOS in blocks 225-226, 223, and 230-232. The retry counter may be initialized (not shown) before the first boot sequence 6 with the primary BIOS is attempted. [0015] Figs. 3A-C show a flow cnart 30 of an embodiment that distributes the BIOS code between high and low memory. Many processors are designed to automaticaly jump to a location at the top of addressable memory space whenever the system is reset. In the embodiment shown in Fig. 3A, the determination of which BIOS image to execute is made in blocks 331-339 while still in upper memory, but most of the primary and secondary BIOS code is located in the lower one megabyte of addressable memory space and execution of the boot sequence is performed in blocks 340-342. In the illustrated embodiment, the primary and backup boot sequences can be considered to be in low memory in the lower 1 megabyte of addressable memory space, while the validation and BIOS-selection code may be considered to be in high memory at the upper end of addressable memory space. [0016] Block 331 represents an action that triggers entry into the BIOS code. In one embodiment, this may be a system restart, a reset, or a CPU initialization signal. The exact address of the entry point may be determined by the design of the processor, regardless of the BIOS code that is being implemented. In block 332, execution may jump from this predetermined address to the BIOS image near the top of the 32-bit address space. In one embodiment, the contents of the BIOS are copied from programmable read-only memory (PROM) into main memory and execution then continues in main memory. This may speed up execution if the PROM memory containing the BIOS image has a slower access speed than main memory. This portion of main memory may be called shadow memory, since its contents now shadow those of the PROM containing the BIOS image. Block 333 may be a decision point to determine if the BIOS image is located in the lower one megabyte of address space in shadow memory. If it is, execution may jump at block 339 to the BIOS entry point in that shadow memory in the lower 1 megabyte. If the BIOS image is not in shadow memory in the lower one megabyte, the code may enable the "big real mode" to allow access to a BIOS image in the upper address range. Big real mode is a well-known operating mode that is hybrid between real mode and protected mode. Real mode, a legacy from the days when computer address space was more limited, only permits one megabyte of address space, while protected mode permits access to the full 4 gigabytes of address space permitted by a 32-bit address. Big real mode has some of the simplicity of real mode, but still allows access to the 4 gigabyte address range. In the embodiment of Fig. 3A, big real mode is enabled at block 334. Then the primary BIOS image is validated. In one embodiment, validation consists of performing a checksum on the code and comparing it to a predetermined checksum for that code. The retry counter may also be checked at block 335 to see if it has reached a predetermined value shown as 'X'. If the primary BIOS code is validated at block 335, indicating the code has passed the validation test, and the retry counter has not reached the predetermined value, block 336 may increment the reset counter and start the watchdog timer and then prepare the hardware to decode the primary BIOS in the lower one megabyte range. Block 339 then jumps to the BIOS entry point in that lower range. In one embodiment, preparing the hardware to decode the primary BIOS includes setting bits in control logic 111 to select the primary BIOS 114 in memory device 112 (see Fig. 1). If the primary BIOS code is not validated at block 335, i.e., if it fails the validation test, indicating the code has been corrupted, or if the retry counter indicates the primary BIOS ft has been retried a specified number of times, block 337 may set an 'invalid' flag to warn the user that the primary BIOS image is invalid and that the backup image is being used. In one embodiment, this warning may take the form of a message to the user. Block 338 may then prepare the hardware to decode the backup BIOS in the lower one megabyte range and then block 339 jumps to the BIOS entry point in that lower range. In one embodiment, preparmg the hardware to decode the backup BIOS includes setting bits in control logic 111 to select the backup BIOS 113 in memory device 112 (Fig. 1). [0017] After jumping to lower memory in block 339, block 340 may determine if the 'invalid' flag has been set. If it has not, the selected boot sequence may then be continued at block 342. If it has been set, block 341 may make any necessary adjustments to accommodate the differences between the primary BIOS and the backup BIOS, such as clearing and rewriting the CMOS settings. In one embodiment, all BIOS-related settings may initially be set for the primary BIOS, and will need to be changed only if a defective primary BIOS image causes a switch to the backup BIOS. [0018] Once the selected boot sequence is started at block 342, it may continue though point 'B' to block 343 in Fig. 3B. If the boot sequence executes properly, it will complete before the watchdog timer times out, and it will clear the retry counter and disarm the watchdog timer at block 344 before passing control to the operating system at block 345. If the boot sequence is expected to take longer than the longest period the watchdog timer can be set to, the boot sequence may be programmed to periodically restart the watchdog timer. Otherwise, the watchdog timer may be set to a single value that allows time for the boot sequence to run to completion. Fig. 3C shows the sequence that occurs if the watchdog timer times out as indicated at block 350. A timeout of the watchdog timer may indicate that execution of the BIOS is not going as planned and that something is wrong with that execution. This mav be used to detect some faults in the BIOS that escaped detection in the validation test. A timeout may reselect the backup BIOS at block 351 and return control to the BIOS entry point from block 352 in Fig. 3C to block 331 in Fig. 3A. This may restart the validation and timeout sequences previously described. If the watchdog timer times out, indicating an execution failure of the primary BIOS, the primary BIOS may be retried a predetermined number of limes by use of the retry counter which is tested at block 335 and incremented at block 336. When the designated number of retries occurs, the retry counter will reach a value of 'X', which causes execution of the backup BIOS in blocks 339-345. The retry counter may be initialized (not shown) before the first boot sequence with the primary BIOS is attempted. [0019] Fig. 4 shows a system 40 that may be much like system 10 in Fig. 1, but with the addition of a module for programming one or-both of the primary and secondary BIOS images. Programming device 441 may be used to program the contents of backup BIOS 113, and may also be used to program the contents of primary BIOS 114. In one embodiment, programming device 441 may include a pre-programmed read-only memory (ROM) chip on a module with a connector. Interface 442 may be a mating connector on the same printed circuit board that contains memory device 112 that permits device 441 to be mechanically and electrically attached to or removed from the system. In one embodiment, ail of device 441 receives its electrical power, input signals, and mechanical support through interface 442 and/or the circuit board so that no external connections are needed to program memory device 112. {0020] When a system is initially constructed, memory device 112 may be empty, i.e., unprogrammed with a BIOS. Since a BIOS program or its equivalent may be necessary to boot the computer system, inserting device 441 into interface 442 may provide the equivalent of a BIOS program and also permit memory device 112 to be programmed with a BIOS for future boot operations. Once memory device 112 has been programmed, device 441 may be removed. Interface 442 may provide data (DATA) and WE CLAIM: 1 An apparatus, comprising: a memory means including a primary BOIS and a backup BIOS; a validator to validate at least a part of the primary BIOS; control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and a timer to determine whether the primary BIOS executes within a predetermined period of time. 2 The apparatus as claimed in claim 1, wherein the memory means is a single integrated circuit. 3 The apparatus as claimed in claim 1, optionally comprising a programming means to program the backup BIOS. 4 The apparatus as claimed in claim l, wherein the programming means includes a read-only memory. 5 The apparatus as claimed in claim 1, wherein the programming means is removably connected to a circuit board containing the memory means. 6 The apparatus as claimed in claim 1, wherein the programming means is connected to receive all its electrical power from the circuit board. 7 The apparatus as claimed in claim 1, wherein the programming means is connected to receive all its mechanical support from the circuit board. Dated this 24th day of November, 2003. [RANJNA MEHTA-DUTT] of Remfry & Sagar Attorney for the Applicants

Full Text

APPARTUS FOR

FORM 2
THE PATENTS ACT 1970
(39 OF 1970]
COMPLETE SPECIFICATION
[See Section 10, rule 13]

AUTOMATIC REPLACEMENT OF CORRUPTED BIOS IMAGE"
INTEL CORPORATION, a corporation incorporated in the State of Delaware, of 2200 Mission College Boulevard, Santa Clara, California 95052, United States of America,
The following specification particularly describes the nature of the invention and the manner in which it is to be performed:-

BACKGROUND OF THE INVENTION

1. Field of the Invention
(0001] The invention pertains generally to computers. In particular, it pertains to
management of the BIOS image in computers.
2. Description of the Related Art
[0002] Computers are usually initialized by executing a Basic Input/Output System
(BIOS). The BIOS is non-voiatile code that determines what the computer can do without accessing programs from a disk. On personal computers (PCs), the BIOS contains all the code required to perform a self-test and to control the keyboard, display screen, disk
drives, serial communications, and a number of miscellaneous functions. The BIOS then loads the operating system from disk. Originally, the BIOS was placed in a read-only memory (ROM) and could not be modified without physicaiiy replacing the ROM. As the functions performed by the BIOS became more complex, and computers became easier to reconfigure after manufacture, the BIOS was placed on rewritable programmable ROMs,
such as flash memory.
[0003] Since the BIOS can now be rewritten in the field after the computer
becomes operational, and a computer cannot be booted without a valid BIOS, this raises reliability and security issues. A computer can be disabled if the BIOS is corrupted by being rewritten incorrectly, such as by user error, power interruption, or software

malfunction. To help prevent an unrecoverable condition, many systems contain a backup copy of the system BIOS that can be relied upon if the primary BIOS is faulty. However, these generally require physical intervention by the user to activate the backup BIOS. For example, the backup BIOS may be enabled by a mechanical switch or jumper on the motherboard. Those systems that have some sort of automatic recovery still require the physical presence and intervention of an operator - to choose boot options or to insert a recovery disk, for example. If the faulty BIOS was caused by a download to a remote system with no operator present, the corrective action (dispatching a technician to the site) can be very expensive in terms of both money and downtime. An additional disadvantage of the convention BIOS redundancy approach is that the two BIOS copies are usually stored in two separate memory devices, which increases manufacturing costs.
The present invention relates to an apparatus, comprising: a memory means including a primary BOIS and a backup BIOS; a validator to validate at least a part of the primary BIOS; control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and a timer to determine whether the primary BIOS executes within a predetermined period of time.
3

BRIEF DESCRIPTION OF THE DRAWINGS
[0004] Fig. I shows a block diagram of a dual-BIOS system.
[0005] Figs. 2A, 2B, 2C show a flow chart of a method embodiment.
[0006] Figs. 3 A, 3B, 3C show a more detailed flow chart of a method embodiment.
[0007] Fig. 4 shows a block diagram of a dual-BIOS systtm with a module for
programming the BIOS contents.
DETAILED DESCRIPTION OF THE INVENTION
[0008] Various embodiments allow a backup BIOS image to automatically be
enabled whenever the primary BIOS image is faulty, without any intervention by an operator. It may also allow both BIOS images to be stored in one physical device,
decreasing board area and cost. In operation, execution may begin in the backup BIOS, which may validate the primary BIOS. If the primary BIOS passes the validation test, control may then be transferred to the primary BIOS to perform the boot sequence. If the primary BIOS fails the validation test, indicating it has been corrupted, the backup BIOS may generate a warning indicator and perform the boot sequence. If the primary BIOS
passes the validation test but does not complete the boot sequence correctly, indicating it is
faulty in a way that eluded the validation test, the backup BIOS may be used to boot the
system. 7~he boot sequence for the primary and backup BIOS images do not have to be
identical.
[0009] Fig. I shows functional components of an embodiment of a dual-BIOS
25 system 10. Memory device 132 may be used to hold the code for both the backup BIOS

11 3 and the primary BIOS 114. In one embodiment, memory device 112 may be a programmable read-only memory (PROM) such as a flash memory device. In one embodiment, memory device 112 may be a single integrated circuit. Control logic 1] ] may be used to control the operation of memory device 112 to enable the features of the dual-BIOS system 10. In operation, the address lines ADR of a bus may be used to read the contents of the memory device 112 over data lines DATA to retrieve instructions for initializing the system. In one embodiment, address lines ADR include all 32 bits of a 32-bit address bus. To permit easy switching between backup BIOS 113 and primary BIOS 114, the least significant address bits (LSAB) may be routed directly to memory device
112, while the most significant address bits (MSAB) may be routed to control logic III. Control logic 111 may then issue selected ones of the most significant bits (SELECTION MSB) to select either backup BIOS 133 or primary' BIOS 114. The number of bits in LSAB may be designed to accommodate the maximum size of each BIOS. In one embodiment, LSAB consists of 16 address lines to permit directly addressing a BIOS
address space of 64k. In a 32-bit address environment, this may leave 16 bits for MSAB. However, the number of bits in SELECTION MSB may be reduced to only those that will change state during BIOS operations, while the remaining high-order address bit inputs to memory device 112 may be ignored. The number of bits required for SELECTION MSB depends on the specific address ranges selected for backup BIOS 113 and primary BIOS
114. In one embodiment, SELECTION MSB includes only one bit, to permit switching between the two address ranges.
[0010] Control logic 111 may also have several control inputs from the bus. In
one embodiment, these may include Write Enable, Chip Select to the BIOS device, and CPU-INIT. Control logic 111 may output multiple control signals to memory device 112. In one embodiment, these may include Write Enable (WE) and Chip Select (CS).

However, these two signals being output from control logic 111 may not track the equivalent signals being input to control logic 111 because control logic 1 ] 1 may manipulate them to control the automatic dual-BIOS function.
[0011] Backup BIOS 113 may be located in an address space of memory device
y 112 that will be decoded as read-only by control logic 111, while primary BIOS 114 may be located in an address space of memory device 112 that will be decoded as read/write by control logic 111. The read-only state may be enforced by write-protecting the backup BIOS. This may be accomplished by deasserting the Write Enable line to memory device 112 whenever any portion of backup BIOS 113 is being addressed, thus preventing the W possibility of corrupting backup BIOS 113 with a write operation. In this embodiment, primary BIOS 114 may be revised by reprogramming it, but backup BIOS 113 may remain unchanged so that any detected problem with primary BIOS 114 may be avoided by booting the system with the older, proven, backup BIOS 113. Validator 115 may be used to validate primary BIOS 114 to determine if primary BIOS 114 has been corrupted;
}? i.e., if portions of it did not program correctly. In one embodiment, validator 115 includes
code located in backup BIOS 113 to perform a checksum process on primary BIOS 114.
Control logic 111 may assert the Chip Select line to memory device 112 whenever
memory device 112 is being addressed, regardless of which BIOS is being addressed.
[0012] Figs. 2A-C show a flow chart of a method embodiment 20. The BIOS
entry point is shown at block 221. This point may be entered as the result of, for example, a system reset, a CPU initialization signal, or a jump to the boot vector. In one embodiment, the BIOS entry point is at the top of addressable memory space. Block 222 determines whether the backup BIOS or the primary BIOS is being executed. In one embodiment, this may be determined by examining a bit that is set to control which BIOS
Iff is to be executed. In another embodiment, this may be determined by examining one or
6

more high-order address bits. If the backup BIOS is executing, the backup BIOS may validate the primary BIOS at block 224 to determine if the primary BIOS is corrupted, and may also check a retry counter that tracks the number of times the primary BIOS has unsuccessfully tried to execute. Corruption of the primary BIOS may be due to various causes, such as errors in writing the code into the portion of the memory device containing the primary BIOS code. another cause may be failure of at least one memory cell in the portion of the memory device containing the primary BIOS code. In one embodiment, validation may be done by executing a checksum on the code of at least a portion of the primary BIOS. In another embodiment, the backup BIOS may perform a more extensive
validation test on the primary BIOS. If the primary BIOS is found to be corrupted, or if the retry counter has reached a predetermined value designated here as'X' , the backup BIOS may set an error indicator, such as an 'Invalid' flag, at block 225 to indicate that the primary BIOS is unreliable and that the backup BIOS will be used to boot the system. Block 226 may be used to make adjustments for the fact that the primary and backup
BIOS images may be different. If the primary BIOS has previously been revised, it may have changed other parameters that make it incompatible with the unchanged backup BIOS. For example, if the primary BIOS requires different CMOS settings than the backup BIOS, these settings may need to be modified at block 226 to be compatible with the backup BIOS. After making these adjustments, if they are necessary, the boot
sequence can continue at block 223 in the backup BIOS and move to point 'A' that continues in Fig. 2B.
[0013] Returning to block 224, if the primary BIOS is found to be valid and the
retry counter has not reached the predetermined value, a watchdog timer may be started at block 227 that may be used later to detect a'fault in the BIOS that was not detected by the
validation test. The retry counter that was tested in block 224 may also be incremented. A
7

'primary' BIOS' indicator may be set at block 228 to switch control to the primary BIOS. In one embodiment, this may consist of setting a hardware bit. At block 229, a CPU initialization signal may be generated to force execution back to the BIOS entry point at block 221. In one embodiment, this initialization signal may be generated under control of the BIOS code. In another embodiment, it may be generated in hardware as a result of setting the select bit in block 228. After execution moves to the BIOS entry point, block 222 may once again determine whether the primary or backup BIOS is being executed. Since the 'primary BIOS' indicator was set at block 228, the primary BIOS is now executing and the boot sequence may continue at block 223. From there, execution may
continue at point 'A' in Fig. 2B.
[0014] At block 230 of Fig. 2B, the selected boot sequence executes. If the boot
sequence executes properly, it will complete before the watchdog timer times out, and it will clear the retry counter and disarm the watchdog timer at block 231 before passing control to the operating system at block 232. If the boot sequence is expected to take
15 longer than the longest period the watchdog timer can be set to, the boot sequence may be programmed to periodically restart the watchdog timer. Otherwise, the watchdog timer may be set to a single value that allows time: for the boot sequence to run to completion. Fig. 2C shows the sequence that occurs if the watchdog timer times out as indicated at block 240, A timeout of the watchdog timer may indicate that execution of the BIOS is
not going as planned and that something is wrong with that execution. This may be used to detect some faults in the BIOS that escaped detection in the validation test. A timeout may reselect the backup BIOS at block 24] and return control to the BIOS entry point from block 241 in Fig. 2C to block 221 in Fig. 2A. This may restart the validation and timeout sequences previously described. If the watchdog timer times out, indicating an
execution failure of the primary BIOS, the primary BIOS may be retried a predetermined
8

number of times by use of the retry counter which is tested at biock 224 and incremented at block 227. When the designated number of retries occurs, the retry counter will reach a value of'X', which causes execution of the backup BIOS in blocks 225-226, 223, and 230-232. The retry counter may be initialized (not shown) before the first boot sequence 6 with the primary BIOS is attempted.
[0015] Figs. 3A-C show a flow cnart 30 of an embodiment that distributes the
BIOS code between high and low memory. Many processors are designed to automaticaly jump to a location at the top of addressable memory space whenever the system is reset. In the embodiment shown in Fig. 3A, the determination of which BIOS
image to execute is made in blocks 331-339 while still in upper memory, but most of the primary and secondary BIOS code is located in the lower one megabyte of addressable memory space and execution of the boot sequence is performed in blocks 340-342. In the illustrated embodiment, the primary and backup boot sequences can be considered to be in low memory in the lower 1 megabyte of addressable memory space, while the validation
and BIOS-selection code may be considered to be in high memory at the upper end of addressable memory space.
[0016] Block 331 represents an action that triggers entry into the BIOS code. In
one embodiment, this may be a system restart, a reset, or a CPU initialization signal. The exact address of the entry point may be determined by the design of the processor,
regardless of the BIOS code that is being implemented. In block 332, execution may
jump from this predetermined address to the BIOS image near the top of the 32-bit address space. In one embodiment, the contents of the BIOS are copied from programmable read-only memory (PROM) into main memory and execution then continues in main memory. This may speed up execution if the PROM memory containing the BIOS image has a
slower access speed than main memory. This portion of main memory may be called

shadow memory, since its contents now shadow those of the PROM containing the BIOS image. Block 333 may be a decision point to determine if the BIOS image is located in the lower one megabyte of address space in shadow memory. If it is, execution may jump at block 339 to the BIOS entry point in that shadow memory in the lower 1 megabyte. If the BIOS image is not in shadow memory in the lower one megabyte, the code may enable the "big real mode" to allow access to a BIOS image in the upper address range. Big real mode is a well-known operating mode that is hybrid between real mode and protected mode. Real mode, a legacy from the days when computer address space was more limited, only permits one megabyte of address space, while protected mode permits access
to the full 4 gigabytes of address space permitted by a 32-bit address. Big real mode has some of the simplicity of real mode, but still allows access to the 4 gigabyte address range. In the embodiment of Fig. 3A, big real mode is enabled at block 334. Then the primary BIOS image is validated. In one embodiment, validation consists of performing a checksum on the code and comparing it to a predetermined checksum for that code. The
retry counter may also be checked at block 335 to see if it has reached a predetermined value shown as 'X'. If the primary BIOS code is validated at block 335, indicating the code has passed the validation test, and the retry counter has not reached the predetermined value, block 336 may increment the reset counter and start the watchdog timer and then prepare the hardware to decode the primary BIOS in the lower one
megabyte range. Block 339 then jumps to the BIOS entry point in that lower range. In
one embodiment, preparing the hardware to decode the primary BIOS includes setting bits in control logic 111 to select the primary BIOS 114 in memory device 112 (see Fig. 1). If the primary BIOS code is not validated at block 335, i.e., if it fails the validation test, indicating the code has been corrupted, or if the retry counter indicates the primary BIOS
ft has been retried a specified number of times, block 337 may set an 'invalid' flag to warn

the user that the primary BIOS image is invalid and that the backup image is being used. In one embodiment, this warning may take the form of a message to the user. Block 338 may then prepare the hardware to decode the backup BIOS in the lower one megabyte range and then block 339 jumps to the BIOS entry point in that lower range. In one
embodiment, preparmg the hardware to decode the backup BIOS includes setting bits in
control logic 111 to select the backup BIOS 113 in memory device 112 (Fig. 1).
[0017] After jumping to lower memory in block 339, block 340 may determine if
the 'invalid' flag has been set. If it has not, the selected boot sequence may then be continued at block 342. If it has been set, block 341 may make any necessary adjustments
to accommodate the differences between the primary BIOS and the backup BIOS, such as
clearing and rewriting the CMOS settings. In one embodiment, all BIOS-related settings
may initially be set for the primary BIOS, and will need to be changed only if a defective
primary BIOS image causes a switch to the backup BIOS.
[0018] Once the selected boot sequence is started at block 342, it may continue
though point 'B' to block 343 in Fig. 3B. If the boot sequence executes properly, it will complete before the watchdog timer times out, and it will clear the retry counter and disarm the watchdog timer at block 344 before passing control to the operating system at block 345. If the boot sequence is expected to take longer than the longest period the watchdog timer can be set to, the boot sequence may be programmed to periodically
restart the watchdog timer. Otherwise, the watchdog timer may be set to a single value that allows time for the boot sequence to run to completion. Fig. 3C shows the sequence that occurs if the watchdog timer times out as indicated at block 350. A timeout of the watchdog timer may indicate that execution of the BIOS is not going as planned and that something is wrong with that execution. This mav be used to detect some faults in the
BIOS that escaped detection in the validation test. A timeout may reselect the backup

BIOS at block 351 and return control to the BIOS entry point from block 352 in Fig. 3C to block 331 in Fig. 3A. This may restart the validation and timeout sequences previously described. If the watchdog timer times out, indicating an execution failure of the primary BIOS, the primary BIOS may be retried a predetermined number of limes by use of the
retry counter which is tested at block 335 and incremented at block 336. When the
designated number of retries occurs, the retry counter will reach a value of 'X', which
causes execution of the backup BIOS in blocks 339-345. The retry counter may be
initialized (not shown) before the first boot sequence with the primary BIOS is attempted.
[0019] Fig. 4 shows a system 40 that may be much like system 10 in Fig. 1, but
with the addition of a module for programming one or-both of the primary and secondary BIOS images. Programming device 441 may be used to program the contents of backup BIOS 113, and may also be used to program the contents of primary BIOS 114. In one embodiment, programming device 441 may include a pre-programmed read-only memory (ROM) chip on a module with a connector. Interface 442 may be a mating connector on
the same printed circuit board that contains memory device 112 that permits device 441 to be mechanically and electrically attached to or removed from the system. In one embodiment, ail of device 441 receives its electrical power, input signals, and mechanical support through interface 442 and/or the circuit board so that no external connections are needed to program memory device 112.
{0020] When a system is initially constructed, memory device 112 may be empty,
i.e., unprogrammed with a BIOS. Since a BIOS program or its equivalent may be necessary to boot the computer system, inserting device 441 into interface 442 may provide the equivalent of a BIOS program and also permit memory device 112 to be programmed with a BIOS for future boot operations. Once memory device 112 has been programmed, device 441 may be removed. Interface 442 may provide data (DATA) and

WE CLAIM:
1 An apparatus, comprising:
a memory means including a primary BOIS and a backup BIOS;
a validator to validate at least a part of the primary BIOS;
control logic means coupled to the memory means to automatically select a first boot sequence in the primary BIOS for execution if the primary BIOS is validated and to automatically select a second boost sequence in the backup BIOS for execution if the primary BIOS is not validated; and
a timer to determine whether the primary BIOS executes within a predetermined period of time.
2 The apparatus as claimed in claim 1, wherein the memory means is a single integrated circuit.
3 The apparatus as claimed in claim 1, optionally comprising a programming means to program the backup BIOS.
4 The apparatus as claimed in claim l, wherein the programming means includes a read-only memory.
5 The apparatus as claimed in claim 1, wherein the programming means is removably connected to a circuit board containing the memory means.
6 The apparatus as claimed in claim 1, wherein the programming means is connected to receive all its electrical power from the circuit board.
7 The apparatus as claimed in claim 1, wherein the programming means is connected to receive all its mechanical support from the circuit board.
Dated this 24th day of November, 2003.
[RANJNA MEHTA-DUTT]
of Remfry & Sagar
Attorney for the Applicants

Documents:

01074-mumnp-2003-assignment(23-08-2001).pdf

01074-mumnp-2003-cancelled pages(24-11-2003).pdf

01074-mumnp-2003-claims(granted)-(24-11-2003).doc

01074-mumnp-2003-claims(granted)-(24-11-2003).pdf

01074-mumnp-2003-correspondence(28-01-2005).pdf

01074-mumnp-2003-correspondence(ipo)-(24-01-2004).pdf

01074-mumnp-2003-correspondence(ipo)-(29-01-2004).pdf

01074-mumnp-2003-drawing(24-11-2003).pdf

01074-mumnp-2003-form 19(24-11-2003).pdf

01074-mumnp-2003-form 1a(24-11-2003).pdf

01074-mumnp-2003-form 1a(24-11-2004).pdf

01074-mumnp-2003-form 2(granted)-(24-11-2003).doc

01074-mumnp-2003-form 2(granted)-(24-11-2003).pdf

01074-mumnp-2003-form 3(24-11-2003).pdf

01074-mumnp-2003-form 3(27-01-2005).pdf

01074-mumnp-2003-form 5(24-11-2003).pdf

01074-mumnp-2003-form-pct-ipea-409(24-11-2003).pdf

01074-mumnp-2003-form-pct-isa-210(24-11-2003).pdf

01074-mumnp-2003-petition under rule 137(28-01-2005).pdf

01074-mumnp-2003-power of authority(24-11-2003).pdf

01074-mumnp-2003-power of authority(28-01-2005).pdf

1074-mumnp-2003-affidavit.pdf

1074-mumnp-2003-assignment.pdf

1074-mumnp-2003-claims.doc

1074-mumnp-2003-claims.pdf

1074-mumnp-2003-correspondence(ipo).pdf

1074-mumnp-2003-correspondence.pdf

1074-mumnp-2003-description(granted).doc

1074-mumnp-2003-description(granted).pdf

1074-mumnp-2003-form 19.pdf

1074-mumnp-2003-form 1a.pdf

1074-mumnp-2003-form 2(granted).doc

1074-mumnp-2003-form 2(granted).pdf

1074-mumnp-2003-form 2(title page).pdf

1074-mumnp-2003-form 3.pdf

1074-mumnp-2003-form 5.pdf

1074-mumnp-2003-international search report.pdf

1074-mumnp-2003-pct document.pdf

1074-mumnp-2003-petition 137.pdf

1074-mumnp-2003-power of authority.pdf

1074-mumnp-2003-us patent.pdf

abstract1.jpg

« Previous Patent

Next Patent »

Patent Number

205365

Indian Patent Application Number

1074/MUMNP/2003

PG Journal Number

31/2008

Publication Date

01-Aug-2008

Grant Date

29-Mar-2007

Date of Filing

24-Nov-2003

Name of Patentee

INTEL CORPORATION

Applicant Address

2200 MISSION COLLEGE BOULEVARD, SANTA CLARA, CALIFORNIA 95052,

Inventors:

#	Inventor's Name	Inventor's Address
1	MATTHEW HAEDING	71 CHUPAARROSA DRIVE, SAN LUIS OBISPO, CALIFORNIA 93401,
2	PETER HAWKINS	1593 TANGLEWOOD DRIVE, SAN LUIS OBISPO, CALIFORNIA 93401

PCT International Classification Number

G06F 11/14

PCT International Application Number

PCT/US02/20019

PCT International Filing date

2002-06-21

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	09 / 895,981	2001-06-29	U.S.A.