Patent application number | Description | Published |
20090063835 | Method for firmware isolation - In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed. | 03-05-2009 |
20090119748 | System management mode isolation in firmware - A system, method, and computer-readable medium with instructions for capturing a system management interrupt instruction by trusted system management mode code running in a system. The system management interrupt instruction is dispatched to other system management mode code, which may be untrusted. In response to an attempt to access a protected resource of the system by the other system management mode code, a determination is made whether the second system management mode code is authorized to access the protected resource. If the second system management mode code is not authorized to access the protected resource, access to the protected resource by the other system management mode code is prevented. Other embodiments are described and claimed. | 05-07-2009 |
20090144754 | BIOS ROUTINE AVOIDANCE - A method, computer readable medium, and device are disclosed. In one embodiment the method includes determining whether an entry exists in a firmware interface table to direct the processor to handle the event in a non-legacy mode. This is done after an event for a processor that triggers a legacy mode processor handling routine. The method also includes the processor handling the event in the non-legacy mode when the entry exists. | 06-04-2009 |
20090150660 | PRE-BOOT ENVIRONMENT POWER MANAGEMENT - A pre-boot environment is disclosed that manages power of a computing device prior to an operating system runtime phase. The pre-boot environment may be implemented in a computing device having a storage device to store an operating system, a firmware device to store firmware having a boot loader to load and initiate execution of the operating system, and a processor to execute the firmware and the operating system. The firmware in response to being executed by the processor may result in the computing device monitoring operating conditions of the computing device, and initiating a power management response based upon the operating conditions of the computing device and a power management policy. | 06-11-2009 |
20090172797 | METHOD AND SYSTEM FOR SECURING APPLICATION PROGRAM INTERFACES IN UNIFIED EXTENSIBLE FIRMWARE INTERFACE - A method and system for securing an unified extensible firmware interface application program interface includes establishing a software hook for the application program interface during a pre-boot phase of a computing device and granting or denying access to the application program interface based on a comparison of a user token, which identifies the user, and an access control entry of an access control list associated with the application program interface. | 07-02-2009 |
20090249053 | METHOD AND APPARATUS FOR SEQUENTIAL HYPERVISOR INVOCATION - In some embodiments, the invention involves a system and method for invoking a series of hypervisors on a platform. A hardware-based secure boot of a chained series of virtual machines throughout the life of the pre-operating system (OS) firmware/BIOS/loader/option ROM execution, with component-wise isolation of the pre-extensible firmware interface (PEI) and driver execution environment (DXE) cores is utilized. In an embodiment, a Cache-As-RAM (CAR) based hypervisor, executing directly from Flash memory manages sequential invocation of a next hypervisor. Other embodiments are described and claimed. | 10-01-2009 |
20090249120 | REMOTE FIRMWARE RECOVERY - Embodiments of the present invention provide methods, systems, and apparatus for instantiating, by a computing system, a firmware recovery module in response to a detected firmware failure during a system startup. The firmware recovery module establishes access to a remotely disposed recovery server and retrieves from it a replacement or update firmware to address the firmware failure. | 10-01-2009 |
20090300370 | Enabling byte-code based image isolation - In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed. | 12-03-2009 |
20090327684 | Apparatus and method for secure boot environment - In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed. | 12-31-2009 |
20100079472 | METHOD AND SYSTEMS TO DISPLAY PLATFORM GRAPHICS DURING OPERATING SYSTEM INITIALIZATION - Methods and systems to display platform graphics during initialization of an computer system, including to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge platform graphics data with graphics generated by operating system initialization logic. The methods and systems include virtualization methods and systems and system management mode methods and systems. | 04-01-2010 |
20100083002 | Method and System for Secure Booting Unified Extensible Firmware Interface Executables - A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module. | 04-01-2010 |
20100169631 | AUTHENTICATION FOR RESUME BOOT PATH - Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation. | 07-01-2010 |
20100169633 | SYSTEM AND METHOD TO SECURE BOOT BOTH UEFI AND LEGACY OPTION ROM'S WITH COMMON POLICY ENGINE - In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed. | 07-01-2010 |
20100262743 | System management mode inter-processor interrupt redirection - A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt. | 10-14-2010 |
20120159028 | System Management Mode Inter-Processor Interrupt Redirection - A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt. | 06-21-2012 |
20140089651 | COMPUTING DEVICE BOOT SOFTWARE AUTHENTICATION - Various embodiments are generally directed to authenticating a chain of components of boot software of a computing device. An apparatus comprises a processor circuit and storage storing an initial boot software component comprising instructions operative on the processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component; authenticate a first boot software component of the first set of boot software components; and execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components. Other embodiments are described and claimed herein. | 03-27-2014 |
20140146183 | METHODS AND APPARATUS FOR DISPLAYING VIDEO DESPITE A NONFUNCTIONAL OPERATING SYSTEM - A first video messaging service, running on top of an operating system in a data processing system, automatically presents a first video message. After using the first video messaging service to present the first video message, the data processing system automatically determines whether the first video messaging service has become nonfunctional. In response to determining that the first video messaging service has become nonfunctional, the data processing system automatically uses a backup video messaging service to present a second video message. The backup video messaging service operates in a boot environment. In one embodiment, the data processing system is configured to provide digital signage, the first video messaging service presents content for the digital signage when the operating system is operational, and the second video messaging service presents content for the digital signage when the operating system is nonfunctional. Other embodiments are described and claimed. | 05-29-2014 |
20140250293 | METHOD, APPARATUS, SYSTEM, AND MACHINE READABLE STORAGE MEDIUM FOR PROVIDING SOFTWARE SECURITY - Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code. | 09-04-2014 |
20140282815 | POLICY-BASED SECURE WEB BOOT - A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed. | 09-18-2014 |