| Patent application number | Description | Published |
|---|
| 20080209124 | SYSTEM, METHOD AND APPARATUS TO AGGREGATE HETEROGENEOUS RAID SETS - A method according to one embodiment may include partitioning a plurality of core processors into a main partition comprising at least one processor core capable of executing an operating system and an embedded partition comprising at least one different processor core. The main partition and embedded partition may communicate with each other through a bridge. The embedded partition of this embodiment may be capable of: mapping two or more mass storage systems, coupled to the embedded partition, into a single logical device; presenting the logical device to the bridge; and receiving at least one I/O request, generated by the main partition and directed to the logical device, and in response to the I/O request, the embedded partition may be further capable of communicating with at least one of the two or more mass storage systems using at least one communication protocol to process said I/O request; and reporting the status of the I/O request to the main partition, via the bridge. | 08-28-2008 |
| 20080228971 | Device modeling in a multi-core environment - A method and apparatus for modeling devices in a multi-core environment is herein described. A hardware offload engine or add-in device is modeled by offload engine code or device model code stored in memory. An event agent in a hypervisor traps accesses to the offload engine or add-in device and routes them to at least one core of a multi-core processor to be serviced. The core of the multi-core processor executes the offload engine code or device model code to emulate the physical hardware offload engine or add-in device to service the access. Therefore, virtual devices may be provided by providing virtual device code, allowing upgrade of a computer system without adding physical hardware. | 09-18-2008 |
| 20080235436 | STORAGE ACCESS CONTROL - A system and device are disclosed. In one embodiment, the system includes a processor, system memory, chipset, flash memory, and flash memory controller. The flash memory controller includes a base address register for a flash memory hidden protected area (HPA) to store a flash memory HPA base address, a size register for a flash memory HPA to store a size of the flash memory HPA, and control logic to allocate a portion of the flash memory as a flash memory HPA using the flash memory HPA base address and the flash memory HPA size address. | 09-25-2008 |
| 20080244105 | ENHANCING PERFORMANCE OF INPUT-OUTPUT (I/O) COMPONENTS - A computing platform may comprise a flash memory that may operate as a cache to the transactions targeting the hard disk. The flash memory may increase the speed of fulfilling the transactions (or reduce the latency) and may consume lesser power compared to the hard disk fulfilling the transactions. The latency and higher power consumption of the hard disk may be associated with the physically moving parts of the hard disk. A host device and a chipset may send the transactions to the flash memory if the I/O routing is enabled, which otherwise may be routed to the hard disk. | 10-02-2008 |
| 20080244122 | Providing keyboard, video, mouse switching via software - A keyboard, video, mouse switch may be implemented by software. An agent in a sequestered partition may handle routing of input and output requests for handling by a remote, common, keyboard, video, or mouse used for a plurality of servers. | 10-02-2008 |
| 20080244212 | SYSTEM AND METHOD TO ENABLE HIERARCHICAL DATA SPILLING - In some embodiments, the invention involves managing access to firmware non-volatile storage which is currently an extremely limited resource. A system and method provide a seamless means by which to enable spilling of such access to an alternate non-volatile storage target. One embodiment uses a virtualization platform to proxy NV store I/O requests via a virtual machine manager (VMM). Another embodiment uses an embedded platform to proxy I/O requests. Another embodiment uses IDS redirection in an embedded microcontroller on the platform to proxy I/O requests. Non-priority data may be stored in the alternative medium, even when space is available on the firmware memory store, based on platform policy. Other embodiments are described and claimed. | 10-02-2008 |
| 20080244249 | Managed redundant enterprise basic input/output system store update - A basic input/output system may be stored on two different memories coupled to active management technology firmware and a trusted platform module. The trusted platform module ensures that access to the correct memory. One of the memories is selected to store an update of the basic input/output system. | 10-02-2008 |
| 20080244250 | Instant on video - In some embodiments, the invention involves speeding boot up of a platform by initializing the video card early on in the boot process. In an embodiment, processor cache memory is to be used as cache as RAM (CAR). Video graphics adapter (VGA) card initialization uses the CAR instead of system RAM to perform initialization. A portion of the firmware code, interrupt vector tables and handlers are mirrored in the CAR, from flash memory to mimic the behavior of system RAM during the video initialization. VGA initialization may occur before system RAM has initialized to enable early visual feedback to a user. Other embodiments are described and claimed. | 10-02-2008 |
| 20080244252 | USING PROTECTED/HIDDEN REGION OF A MAGNETIC MEDIA UNDER FIRMWARE CONTROL - A method and firmware for accessing a protected area of a magnetic storage device via firmware control. During early system initialization, various firmware components are loaded and executed to initialize a computer system. These firmware components include a firmware driver for accessing magnetic storage devices connected to the computer system. The system firmware enables a protected area on a magnetic storage device's media to be accessed under firmware control. After firmware accesses, the protected area is closed from access by non-firmware entities (e.g., operating systems) by “hiding” the true size of the media such that those entities are unaware of this area of the media. Mechanisms are disclosed for providing firmware access to the protected area only during pre-boot, and for both pre-boot and run-time operations. The firmware-controlled media access scheme may be used to load firmware stored on magnetic media during pre-boot and to store system information in the protected area during pre-boot and/or run-time operations. | 10-02-2008 |
| 20080244257 | Server active management technology (AMT) assisted secure boot - In some embodiments, the invention involves a system and method relating to secure booting of a platform. In at least one embodiment, the present invention is intended to securely boot a platform using one or more signature keys stored in a secure location on the platform, where access to the signature is by a microcontroller on the platform and the host processor has no direct access to alter the signature key. Other embodiments are described and claimed. | 10-02-2008 |
| 20080244259 | Component firmware integration in distributed systems - A plurality of platforms may be defined in a distributed system. Each of the platforms may include a processor and a chipset from a common source on a single motherboard. Extensible firmware interface drivers are provided for the processors and the chipsets. Each of the platforms may be defined pursuant to a system definition model where the system definition model defines the firmware for each of the platforms. As a result, any of the platforms can be updateable from a common source, such as an Internet web site. | 10-02-2008 |
| 20080244267 | Local and remote access control of a resource - Embodiments of the invention are generally directed to systems, methods, and apparatuses for local and remote access to a resource. In some embodiments, an integrated circuit includes a configurable hardware resource. In addition, the integrated circuit may also include access control logic to authenticate agents that attempt to configure the resource. In some embodiments, the agents may be in-band or out-of-band agents. Other embodiments are described and claimed. | 10-02-2008 |
| 20080313449 | Offloading the processing of a network protocol stack - A computer system is partitioned during a pre-boot phase of the computer system between a first partition and a second partition, wherein the first partition to include a first processing unit and the second partition to include a second processing unit. An Input/Output (I/O) operating system is booted on the first partition. A general purpose operating system is booted on the second partition. Network transactions are issued by the general purpose operating system to be performed by the I/O operating system. The network transactions are performed by the I/O operating system. | 12-18-2008 |
| 20090006717 | EMULATION OF READ-ONCE MEMORIES IN VIRTUALIZED SYSTEMS - The subject matter herein relates to computer systems and, more particularly, to emulation of read-once memories in virtualized systems. Various embodiments described herein provide systems, methods, and software that leverage the value of read-once memory for purposes such as keeping data or instructions secret and protected from unauthorized viewers, applications, hackers, and other processes. Some such embodiments include a virtual machine manager that emulates hardware memories in a system memory to facilitate virtual access to the hardware memories. | 01-01-2009 |
| 20090006827 | Firmware Processing for Operating System Panic Data - A processor includes firmware and at least one instance of an operating system (OS). When the OS encounters an unrecoverable error (a “panic”), data regarding the error is pushed to the firmware via capsule services, rather than immediately being displayed to the screen via legacy video INT10h services. The panic data may be provided to the OS and displayed by the OS after a reset. Other embodiments are also described and claimed. | 01-01-2009 |
| 20090006830 | ENCRYPTION ACCELERATION - The subject mater herein relates to data processing and, more particularly, to encryption acceleration. Various embodiments herein provide devices and systems including a standardized encryption application programming interface embedded in firmware to perform encryption services. Some such embodiments move encryption operations away from operating system processes into firmware. As a result, encryption operations are generally accelerated. | 01-01-2009 |
| 20090006834 | PROXIED FIRMWARE UPDATES - The subject mater herein relates to computing systems and, more particularly, to proxied firmware updates. Some embodiments provide one or more of systems, methods, software, and firmware that, upon receiving a source of power, initialize an out-of-band controller that, may initialize a network interface to facilitate communication by the out-of-band controller with network resources and receive a firmware update payload from a remote network source over the network interface. These, and other embodiments may also include powering on a computing system including a BIOS and initializing at least a portion of the BIOS. If the computing system supports proxied firmware updates and a firmware update exists in a memory, such embodiments retrieve the payload and launching the payload to implement the firmware update. | 01-01-2009 |
| 20090006837 | METHOD AND APPARATUS FOR IMPROVED MEMORY RELIABILITY, AVAILABILITY AND SERVICEABILITY - Methods and apparatus dynamically reconfigure storage or channel capacities in a memory system. A fully-buffered dual in-line memory module (DIMM) is configured for a particular storage capacity and a particular channel capacity. An error may be detected at a memory address in some portion of the DIMM. To resolve the problem, the storage capacity or the channel capacity may be reduced and the DIMM may be dynamically reconfigured according to the reduced capacity. For one embodiment the DIMM may be reconfigured by mapping the portion of the DIMM containing the error as unavailable and taking that portion off-line without taking the entire DIMM off-line. For another embodiment the DIMM may be reconfigured by throttling the DIMM at a reduced frequency. The portion of the DIMM containing the error may be retested at the reduced frequency. If no errors are detected, the DIMM may be made available at the reduced frequency. | 01-01-2009 |
| 20090006859 | SYSTEM AND METHOD FOR OUT-OF-BAND ASSISTED BIOMETRIC SECURE BOOT - In some embodiments, the invention involves using a dedicated service processor with out-of-band capabilities to enable a secure boot using biometric data to authenticate the user. In some embodiments, at least a secondary token is used enhance the secure boot. An off-line database may be accessed by the service processor during boot to store or retrieve biometric templates to compare with scanned, live, biometric data. Other embodiments are described and claimed. | 01-01-2009 |
| 20090007089 | Method and Apparatus to Enable Dynamically Activated Firmware Updates - Dynamic updating of firmware in a processing system without performing a system reset may be accomplished by allocating memory space for updated firmware in a dynamic random access memory of the processing system during the system initialization process for the processing system; receiving the updated firmware during runtime of the processing system; validating the updated firmware; storing the updated firmware into the allocated memory space when the updated firmware is validated; and setting a pointer variable indicating the start of a portion of the firmware to point to the start of the updated firmware stored in the allocated memory space. | 01-01-2009 |
| 20090007104 | PARTITIONED SCHEME FOR TRUSTED PLATFORM MODULE SUPPORT - The subject mater herein relates to processing of sensitive data and, more particularly, to a partitioned scheme for trusted platform module support. Various embodiments provide systems, methods, and software that instantiate one or more emulated trusted platform modules in respective sequestered processor cores. In some embodiments, a trusted platform module in instantiated in a processor core, sequestered for the trusted platform module, for each operating system or virtual machine operating on a computing device. The operating system may then communicate with the appropriate trusted platform module over a secure communication channel, such as an interpartition bridge. | 01-01-2009 |
| 20090023414 | Software-Defined Radio Support in Sequestered Partitions - A software-defined radio (SDR) capability may be provided in a general purpose, many core processing system by sequestering one or more partitions running on one or more cores and instantiating a communications capability by having discrete SDR functions performed by the sequestered partitions. Each SDR module embodied in a sequestered partition may be independently upgraded without modifying the hardware of the underlying processing system. By executing SDR modules in cores not accessible by application programs and/or an operating system (OS), a better Quality of Service (QoS) may be provided for wireless communications on the general purpose, multi-core processing system. An embodiment comprises isolating a core of a many core processing system as a sequestered partition, loading a software-defined radio module onto the core, and executing the software-defined module to implement wireless communications. | 01-22-2009 |
| 20090031010 | OS Independent Device Management Methods and Apparatuses - An apparatus adapted to facilitate remote configuration and/or management of a system, independent of its operating system, is disclosed. In various embodiments, the apparatus includes a first and a second interface coupled to an input device and a network interface of the system respectively, and a controller. | 01-29-2009 |
| 20090037719 | Enabling a heterogeneous blade environment - In one embodiment, the present invention includes a method for receiving a request for power-up of a first blade of a chassis, enabling the first blade to power-up in a reduced boot mode and receiving a communication including characteristic information and policy information associated with the first blade, and analyzing the characteristic information and the policy information to determine a policy and a boot configuration for the first blade. Other embodiments are described and claimed. | 02-05-2009 |
| 20090063835 | Method for firmware isolation - In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed. | 03-05-2009 |
| 20090063836 | Extended fault resilience for a platform - In one embodiment, the present invention includes a method for allocating a fail-over memory region, determining if multiple processors have reached a rendezvous state, and verifying a memory failure in a system software memory region associated with a non-rendezvousing processor and sending a message to the non-rendezvousing processor to update a range register to the fail-over memory region. Other embodiments are described and claimed. | 03-05-2009 |
| 20090064274 | Dual non-volatile memories for a trusted hypervisor - In one embodiment, the present invention includes a method for executing a first code portion of a pre-boot environment from a first non-volatile memory, authenticating a trusted hypervisor in the first non-volatile memory using the first code portion, executing the trusted hypervisor if the trusted hypervisor is authenticated, and authenticating a basic input/output system (BIOS) present in a second non-volatile memory with the trusted hypervisor and transferring control from the trusted hypervisor to the BIOS if the BIOS is authenticated. Other embodiments are described and claimed. | 03-05-2009 |
| 20090070574 | Remote diagnostic apparatus - Example apparatus and methods associated with remote diagnostics are described. One apparatus embodiment includes a logic to determine a state of a device associated with a computing platform to which the apparatus is operably connected. The apparatus embodiment may include logic to provide a signal to a remote logic regardless of the state of the computing platform. The apparatus embodiment may also include logic to receive a signal from a remote logic regardless of the state of the computing platform. The apparatus may facilitate actions associated with remote diagnostics including, inventorying add-on devices, controlling add-on device diagnostic execution, and selectively configuring the computing platform based on add-on device diagnostic results. | 03-12-2009 |
| 20090083528 | SYSTEM INFORMATION SYNCHRONIZATION IN A LINKS-BASED MULTI-PROCESSOR SYSTEM - Various embodiments described herein include one or more of systems, methods, firmware, and software to synchronize system information between processors during system boot in a links-based multi-processor system. Some embodiments synchronize data block by block through memory rather than piece by piece through registers by allowing a System Bootstrap Processor (“SBSP”) to directly access synchronization data in local memory of each of one or more Application Processors. These and other embodiments are described in greater detail below. | 03-26-2009 |
| 20090089467 | BUS COMMUNICATION EMULATION - Provided are a method, system, and program for initializing a processor of a computer system, to enumerate a remote bus and remote devices coupled to the remote bus, as operating components of the computer system. In another embodiment, a controller stores a message containing a directive in a memory shared by a processor of a computer system and the controller which may be operated independently of the state of said processor and said operating system. The processor may read a message stored in the shared memory by the controller and process the message. In addition, the processor may store a message intended for the controller to provide, for example, status information to be forwarded to another computer system. Other embodiments are described and claimed. | 04-02-2009 |
| 20090129597 | REMOTE PROVISIONING UTILIZING DEVICE IDENTIFIER - Embodiments of the present invention provide for remote provisioning using a device identifier. In some embodiments, a client device may transmit the device identifier to a provisioning server and, sometime after an association of the device identifier and the client device has been authenticated, receive an operating system boot image from the provisioning server. Other embodiments may be described and claimed. | 05-21-2009 |
| 20090132839 | Method and device to handle denial of service attacks on wake events - A method and device may selectively resume a computing device from a low power state according to a security policy. The security policy may be embedded in the hardware of the computing device and may be enforced even when the device is in a low power state. Such a policy may provide protection from hacker and virus based denial of service attacks using a flood of packets formatted to provide a wake event request. Other embodiments are described and claimed. | 05-21-2009 |
| 20090138875 | METHOD, PROGRAM AND SYSTEM TO UPDATE FILES IN A COMPUTER SYSTEM - Provided is a method, program and system to update files in a computer system. A patch is received for an installed program in a computer and message from a server over a network. Program files for the installed program are updated with contents of the patch. A determination is made as to whether the message indicates to automatically reboot the computer. Information is generated to a user indicating that the computer will be automatically rebooted. Operations are initiated in the computer to reboot the computer after a delay period to provide the user opportunity to close files and applications before the reboot. | 05-28-2009 |
| 20090144046 | METHOD TO ENCAPSULATE AN OPTION ROM FOR OPERATION IN MULTIPLE FIRMWARE AND PLATFORM ARCHITECTURES - A method and apparatus described herein are for providing a simplified option Read Only Memory (ROM) that is compatible in multiple firmware and platform architectures. Instead of providing multiple option ROM images for every variation of platform architecture and firmware architecture, a single code image is provided along with an interpreter stub. If the default code type of the code image is supported by a platform, then the option ROM is directly launched from the single code image without launching the interpreter stub. However, if a device including the option ROM is inserted in a different variation of platform or firmware architecture that does not support the single code image code type, then the interpreter is launched, which in turn interprets, translates, and/or launches the single code image. | 06-04-2009 |
| 20090144754 | BIOS ROUTINE AVOIDANCE - A method, computer readable medium, and device are disclosed. In one embodiment the method includes determining whether an entry exists in a firmware interface table to direct the processor to handle the event in a non-legacy mode. This is done after an event for a processor that triggers a legacy mode processor handling routine. The method also includes the processor handling the event in the non-legacy mode when the entry exists. | 06-04-2009 |
| 20090150594 | METHOD TO MINIMIZE FLASH WRITES ACROSS A RESET - A method and apparatus described herein are for minimizing flash writes across reset. When a commonly accessed variable is to be updated, an erase conscious value is written to minimize erase operations. As an example, the location for the commonly accessed variable holds consecutive values to represent a usable value instead of a binary representation. Furthermore, when the commonly accessed variable is to be read, the stored value is translated into the associated usable value for use by a system. | 06-11-2009 |
| 20090163226 | Device, system, and method of power saving using location sensing modules - A method, apparatus and system for, in a computing apparatus, periodically activating a location operating system detecting a substantial change in the location of the apparatus, selecting a computing environment from a predetermined set of computing environments based on the change in the location of the apparatus, where the selected computing environment may be the most appropriate computing environment for the changed location, and altering the power mode of one or more components of the apparatus, specified by the selected computing environment. | 06-25-2009 |
| 20090164770 | HYPERVISOR RUNTIME INTEGRITY SUPPORT - A method and system are disclosed. In one embodiment the method includes computing, during runtime, an active hash value of a hypervisor on a computer platform using an authenticated integrity agent. The method also includes comparing the active hash value to a registered hash reference value. The method also includes verifying the integrity of the hypervisor when the active hash value and the registered hash reference value match. | 06-25-2009 |
| 20090164772 | LOCATION BASED POLICY SYSTEM AND METHOD FOR CHANGING COMPUTING ENVIRONMENTS - A system and method for changing compute environments for a mobile platform device. The mobile platform includes a sensory and location determination engine coupled to a policy engine. The sensory and location determination engine determines a current location of the mobile platform device and the policy engine determines what applications to launch, what applications not to launch, and what core usage to invoke for the determined location of the mobile platform device. | 06-25-2009 |
| 20090164837 | Reliable memory for memory controller with multiple channels - One embodiment of the invention includes a memory RAS mode whereby a multi-channel memory controller utilizes both memory mirroring and memory sparing to form more complete memory redundancy loss protection. | 06-25-2009 |
| 20090169020 | Migration of full-disk encrypted virtualized storage between blade servers - A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed. | 07-02-2009 |
| 20090172125 | METHOD AND SYSTEM FOR MIGRATING A COMPUTER ENVIRONMENT ACROSS BLADE SERVERS - A method and system for migrating a computer environment, such as a virtual machine, from a first blade server to a second blade server includes storing data generated by the first and second blade servers on a shared hard drive and transferring a logic unit number from the first blade server to the second blade server. The logic unit number identifies a location of the shared hard drive used by the first blade server to store data. Additionally, the state of the central processing unit of the first blade server may be transferred to the second blade server. | 07-02-2009 |
| 20090172228 | METHOD AND SYSTEM FOR HANDLING A MANAGEMENT INTERRUPT EVENT IN A MULTI-PROCESSOR COMPUTING DEVICE - A method and system for handling a management interrupt, such as a system management interrupt (SMI) and/or a platform management interrupt (PMI), includes sequestering two or more processor cores from a plurality of processor cores to form a group of sequestered processor cores for handling the management interrupt. Generated management interrupts are directed to the group of sequestered processor cores and not to non-sequestered processor cores. At least one of the sequestered processor cores handles the management interrupt without disrupting the current operation of the non-sequestered processor cores. | 07-02-2009 |
| 20090172232 | METHOD AND SYSTEM FOR HANDLING A MANAGEMENT INTERRUPT EVENT - A method and system for handling a management interrupt, such as a system management interrupt (SMI) and/or a platform management interrupt (PMI), includes sequestering one or more processor cores for handling the management interrupt. Generated management interrupts are directed to the sequestered processor core and not to other processor cores allocated to a main partition. The sequestered processor core(s) handles the management interrupt without disrupting the current operation of the remaining processor cores. | 07-02-2009 |
| 20090172253 | Methods and apparatuses for nonvolatile memory wear leveling - Apparatuses, systems, and computer program products that enable wear leveling of nonvolatile memory devices, such as flash memory devices, are disclosed. One or more embodiments an apparatus that has a receiver and a wear leveling module. The receiver may receive low-level write requests to update direct-mapped values of nonvolatile memory. The wear leveling module may determine physical locations of the nonvolatile memory that correspond to logical locations of the write requests. Alternative embodiments may comprise systems or apparatuses that include one or more various types of additional modules, such as low-level driver modules, error correction code modules, queue modules, bad block management modules, and flash translation layer modules. Other embodiments comprise computer program products that receive a direct-mapped low-level write request, determine a physical write location of nonvolatile memory that corresponds to a logical write location of the low-level write request. | 07-02-2009 |
| 20090172379 | SYSTEM AND METHOD TO ENABLE PARALLELIZATION OF EARLY PLATFORM INITIALIZATION - In some embodiments, the invention involves reducing the time required for a platform to boot to its target application/operating-system using parallelization of firmware image content decompression and loading. An embodiment dispatches alternate processing agents as a means to intelligently assist in off-loading some of the initialization tasks so that the main processor may share the burden of boot tasks. In at least one embodiment, it is intended to build firmware images that facilitate parallelization, utilizing co-processing agents that can split these transactions across various processing agents. Other embodiments are described and claimed. | 07-02-2009 |
| 20090172381 | ENHANCED NETWORK AND LOCAL BOOT OF UNIFIED EXTENSIBLE FIRMWARE INTERFACE IMAGES - Techniques and architectures to provide high assurance image invocation in a pre-boot environment. These techniques may augment implementations of the Unified Extensible Firmware Interface (UEFI) to invoke UEFI images using Trusted Execution Technology (TXT). This can operate to combine pre-boot secure flows, such as UEFI image invocation, with the secure launch instruction set extensions of TXT. This may entail combination of the UEFI StartImage instruction with the SMX leaf SENTER instruction. This may operate to allow original equipment manufacturer (OEM) firmware as a guard and that uses UEFI and TXT access control logic at the same instance to pass control to the operating system (OS). | 07-02-2009 |
| 20090172443 | Methods and apparatuses for processing wake events of communication networks - Methods, apparatuses, and computer program products that respond to wake events of communication networks are disclosed. One or more embodiments comprise setting a wake password of a computing device, such as a notebook computer or a server. Some of the embodiments comprise receiving a wake request from a communications network, establishing a secure communication session, and setting the wake password with the secure communication session. Some embodiments comprise an apparatus having a network controller to allow a platform to communicate via a communications network, non-volatile memory that stores a wake password, and a management controller which may communicate with a management console via a secure communication session to update the wake password. One or more embodiments the network controller may wake management hardware and/or wake the management controller while keeping one or more of the devices in the power conservation mode. | 07-02-2009 |
| 20090172462 | METHOD AND SYSTEM FOR RECOVERY OF A COMPUTING ENVIRONMENT - A method and system for recovery of a computing environment includes monitoring during a pre-boot phase and a runtime phase of a computing device for selection of a hot key sequence by a user and performing a recovery action in response to the selection of the hot key sequence by the user. The recovery action may be any one of a number of predetermined and/or selectable actions such as restoring system defaults, migrating memory, displaying a menu of options, setting various software flags, restarting or rebooting the computing device, and/or the like. | 07-02-2009 |
| 20090172471 | METHOD AND SYSTEM FOR RECOVERY FROM AN ERROR IN A COMPUTING DEVICE - A method and system for supporting recovery of a computing device includes determining and storing a sub-set of firmware instructions used to establish a pre-boot environment and executing the sub-set of firmware instructions in response to an error. | 07-02-2009 |
| 20090172661 | METHOD AND SYSTEM FOR ESTABLISHING A ROBUST VIRTUALIZED ENVIRONMENT - A method and system for establishing a virtualized environment includes booting a first virtual machine monitor to establish a first virtual machine and booting a second virtual machine monitor in the first virtual machine. The first and second virtual machine monitors may be hypervisors. The method may also include directing management interrupts, such as system management interrupts and/or platform management interrupts, to the first virtual machine monitor. | 07-02-2009 |
| 20090172690 | System and Method for supporting metered clients with manycore - In some embodiments, the invention involves partitioning resources of a manycore platform for simultaneous use by multiple clients, or adding/reducing capacity to a single client. Cores and resources are activated and assigned to a client environment by reprogramming the cores' route tables and source address decoders. Memory and I/O devices are partitioned and securely assigned to a core and/or a client environment. Instructions regarding allocation or reallocation of resources is received by an out-of-band processor having privileges to reprogram the chipsets and cores. Other embodiments are described and claimed. | 07-02-2009 |
| 20090172698 | METHOD AND SYSTEM FOR PROVIDING KEYBOARD, VIDEO, AND MOUSE SWITCHING - A method and system for providing keyboard, video, and mouse switching includes establishing a basic input/output system (BIOS) agent and an operating system (OS) agent on a server of a plurality of servers. The basic input/output system agent routes input/output data between the server and a remote keyboard, remote video device, and/or remote mouse over a network during a pre-boot phase of the server. The operating system agent routes input/output data between the server and the remote keyboard, remote video device, and/or remote mouse over the network during a runtime phase of the server. The basic input/output agent may pass data to the operating system agent to indicate that a communication connection has been established between the server and the remote keyboard, remote video device, and/or remote mouse. | 07-02-2009 |
| 20090172712 | BIOS RUNTIME SERVICES INTERFACE - A method and article of manufacture for accessing at least one unexposed runtime service. | 07-02-2009 |
| 20090172797 | METHOD AND SYSTEM FOR SECURING APPLICATION PROGRAM INTERFACES IN UNIFIED EXTENSIBLE FIRMWARE INTERFACE - A method and system for securing an unified extensible firmware interface application program interface includes establishing a software hook for the application program interface during a pre-boot phase of a computing device and granting or denying access to the application program interface based on a comparison of a user token, which identifies the user, and an access control entry of an access control list associated with the application program interface. | 07-02-2009 |
| 20090240963 | Distributed advanced power management - Power management commands from virtual machines (VMs) in a VM environment may be trapped by a VM monitor. Depending on the current power states of the other VMs in the VM environment, the VMM may emulate increase or decrease in available resources as applied to the VM issuing the power management commands. The VMM may modify the actual hardware resources available in a platform when such modification may not affect the current power states of the VMs in the VM environment. | 09-24-2009 |
| 20090249053 | METHOD AND APPARATUS FOR SEQUENTIAL HYPERVISOR INVOCATION - In some embodiments, the invention involves a system and method for invoking a series of hypervisors on a platform. A hardware-based secure boot of a chained series of virtual machines throughout the life of the pre-operating system (OS) firmware/BIOS/loader/option ROM execution, with component-wise isolation of the pre-extensible firmware interface (PEI) and driver execution environment (DXE) cores is utilized. In an embodiment, a Cache-As-RAM (CAR) based hypervisor, executing directly from Flash memory manages sequential invocation of a next hypervisor. Other embodiments are described and claimed. | 10-01-2009 |
| 20090249120 | REMOTE FIRMWARE RECOVERY - Embodiments of the present invention provide methods, systems, and apparatus for instantiating, by a computing system, a firmware recovery module in response to a detected firmware failure during a system startup. The firmware recovery module establishes access to a remotely disposed recovery server and retrieves from it a replacement or update firmware to address the firmware failure. | 10-01-2009 |
| 20090254760 | DATA SECURITY - In one embodiment, a method is provided that may include encrypting, based least in part upon at least one key, one or more respective portions of input data to generate one or more respective portions of output data to be stored in one or more locations in storage. The method of this embodiment also may include generating, based at least in part upon the one or more respective portions of the output data, check data to be stored in the storage, and/or selecting the one or more locations in the storage so as to permit the one or more respective portions of the output data to be distributed among two or more storage devices comprised in the storage. Many modifications, variations, and alternatives are possible without departing from this embodiment. | 10-08-2009 |
| 20090271601 | METHOD, DEVICE, AND SYSTEM FOR PRE-MEMORY SYMMETRIC MULTIPROCESSING FLOW - A cache-as-RAM (CAR) system of a multi-processor system that includes a plurality of processors may be initialized. The CAR system may assign a physical data address range for each of the plurality of processors such that the physical data address ranges allocated to all of the plurality of processors overlap with each other. A boot code stream may be executed with the CAR appearing to the executing boot stream as a memory store for executing the boot code stream. Other embodiments are described and claimed. | 10-29-2009 |
| 20090271641 | Method and apparatus for quick resumption - When transitioning from sleep mode to active mode, a processing system loads first stage resume content and second stage resume content into a volatile memory of the processing system. The first stage resume content may contain contextual data for a first program that was in use before the processing system transitioned to sleep mode. The second stage resume content may contain contextual data for another program that was in use before the processing system transitioned to sleep mode. The processing system may provide a user interface for the first program before all of the second stage resume content has been loaded into the volatile memory. Other embodiments are described and claimed. | 10-29-2009 |
| 20090282486 | PRE-BOOT FIRMWARE BASED VIRUS SCANNER - The present disclosure relates to allowing the utilization of a virus scanner and cleaner that operates primarily in the pre-boot phase of computer operation and, more particularly, to allowing the utilization of a virus scanner and cleaner that operates primarily during the loading of an operating system. | 11-12-2009 |
| 20090300370 | Enabling byte-code based image isolation - In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed. | 12-03-2009 |
| 20090319759 | SEAMLESS FREQUENCY SEQUESTERING - A method and apparatus for seamless frequency sequestering is herein described. In response to a frequency throttle event, controlling software, such as an OS, is provided access to a throttled amount of frequency associated with the frequency throttle event, while another amount of frequency is transparently sequestered for performance of non-controlling software tasks. | 12-24-2009 |
| 20090319763 | NON-BLOCKING UEFI I/O CHANNEL ENHANCEMENTS - A method and apparatus for providing platform initialization enhancements is discussed herein. In one embodiment, buses, activities, devices, and/or nodes to be processed during boot, are processed in a non-blocking fashion, which potentially results in faster boot times. Moreover, some devices/nodes, such as root nodes, may be boot in an early phase of initialization to enhance both available resources and initialization times. Furthermore, early connects in an early phase of initialization may be performed to construct partial or entire device paths, which also potentially results in faster boot times. | 12-24-2009 |
| 20090319806 | Extensible pre-boot authentication - In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a full disk encryption disk in a pre-boot environment, executing the PBA using a chipset to obtain user credential information, authorizing the user based on the user credential information and stored credential information, and storing the user credential information in a PBA metadata region of the disk. Other embodiments are described and claimed. | 12-24-2009 |
| 20090327679 | OS-MEDIATED LAUNCH OF OS-INDEPENDENT APPLICATION - A system, method, and computer readable medium for an operating system (OS) mediated launch of an OS dependent application is disclosed. An application running within an OS may operate outside an OS environment by constructing for example a capsule file, passing the capsule file to firmware interface, and restarting the system. The firmware interface may load various drivers and applications contained within the capsule file and execute them to perform a task. Upon completion of the task, the OS is booted again and the original application may resume control, making use of any information stored by the firmware interface in a dedicated status table or file. Other embodiments may be employed, and other embodiments are described and claimed. | 12-31-2009 |
| 20090327684 | Apparatus and method for secure boot environment - In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed. | 12-31-2009 |
| 20090327741 | SYSTEM AND METHOD TO SECURE BOOT UEFI FIRMWARE AND UEFI-AWARE OPERATING SYSTEMS ON A MOBILE INTERNET DEVICE (MID) - In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed. | 12-31-2009 |
| 20100048173 | DYNAMIC PASSING OF WIRELESS CONFIGURATION PARAMETERS - Methods and apparatuses allow for wireless configuration parameters to be passed to a client to enable the client to configure a wireless network interface to connect to a wireless network. | 02-25-2010 |
| 20100079472 | METHOD AND SYSTEMS TO DISPLAY PLATFORM GRAPHICS DURING OPERATING SYSTEM INITIALIZATION - Methods and systems to display platform graphics during initialization of an computer system, including to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge platform graphics data with graphics generated by operating system initialization logic. The methods and systems include virtualization methods and systems and system management mode methods and systems. | 04-01-2010 |
| 20100082932 | HARDWARE AND FILE SYSTEM AGNOSTIC MECHANISM FOR ACHIEVING CAPSULE SUPPORT - Methods and apparatus relating to a hardware and file system agnostic mechanism for achieving capsule support are described. In one embodiment, content associate with a capsule are stored in a non-volatile memory prior to a cold reset. A capsule descriptor may also be constructed, prior to the reset, which includes information about the physical location of the capsule content on the non-volatile memory. Other embodiments are also described and claimed. | 04-01-2010 |
| 20100083002 | Method and System for Secure Booting Unified Extensible Firmware Interface Executables - A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module. | 04-01-2010 |
| 20100083260 | METHODS AND SYSTEMS TO PERFORM A COMPUTER TASK IN A REDUCED POWER CONSUMPTION STATE - Methods and systems to perform a computer task in a reduced power consumption state, including to virtualize physical resources with respect to an operating environment and service environment, to exit the operating environment and enter the service environment, to place a first set of one or more of the physical resources in a reduced power consumption state, and to perform a task in the service environment utilizing a processor and a second set of one or more of the physical resources. A physical resource may be assigned to an operating environment upon an initialization of the operating environment, and re-assigned to the service environment to be utilized by the service environment while other physical resources are placed in a reduced power consumption state. | 04-01-2010 |
| 20100088499 | SEAMLESS DATA MIGRATION - Provided are techniques for migrating data. Contents are sealed to one or more registers. In response to determining that secure backup is enabled, platform metrics are stored in a private store. An out-of-band request is received. A response to the out-of-band request is provided using the stored platform metrics. | 04-08-2010 |
| 20100095140 | System and method for power reduction by sequestering at least one device or partition in a platform from operating system access - In some embodiments, the invention involves a system and method relating to managing power utilization in partitioned systems. In at least one embodiment, the present invention is intended to control the sleeping/wakefulness of devices, as necessary, to minimize power utilization of devices whose accesses are routed away. Inter-partition communication is used to utilize devices in a sequestered partition while devices in the OS partition are put into a sleep state to save power. Other embodiments are described and claimed. | 04-15-2010 |
| 20100115202 | METHODS AND SYSTEMS FOR MICROCODE PATCHING - Methods and systems for performing microcode patching are presented. In one embodiment, a data processing system comprises a cache memory and a processor. The cache memory comprises a plurality of cache sections. The processor sequesters one or more cache sections of the cache memory and stores processor microcode therein. In one embodiment, the processor executes the microcode in the one or more cache sections. | 05-06-2010 |
| 20100125723 | METHOD AND SYSTEM TO ENABLE FAST PLATFORM RESTART - A method and system to perform a fast reset or restart of a platform by minimizing the hardware initialization of IO devices in the platform during a restart of the platform. The basic input/output system (BIOS) of the platform traps any software initiated reset request (SIRR) or warm reset. The BIOS restores the input/output (IO) devices coupled with the platform to their previous hardware state to avoid the full platform initialization when the SIRR is trapped. The restart of the platform can be performed in a fast manner as the full platform initialization is minimized. | 05-20-2010 |
| 20100153603 | Share Resources and Increase Reliability in a Server Environment - Methods and systems for a low-cost high density compute environment with increased fail-over support through resource sharing and resources chaining. In one embodiment, one of a number of servers qualified to share resources is elected as a resource server. The shared resource can be firmware memory, hard-drive, co-processor, etc. The elected server responds to requests from individual requesters and provides the responses, such as firmware images. In one embodiment, all the blade servers on a rack use an image server for their firmware image so that these blade servers can automatically adopt a common personality across the entire rack. If the elected image server fails, a dynamic process elects an alternate image server. In one embodiment, among a set of qualified servers, only one is actively elected at a given time. | 06-17-2010 |
| 20100169631 | AUTHENTICATION FOR RESUME BOOT PATH - Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation. | 07-01-2010 |
| 20100169634 | SYSTEM AND METHOD FOR SELF-CLOCKING OS KERNEL BOOT - In some embodiments, the invention involves a system and method to enable a mobile device to utilize self-clocking during boot. In at least one embodiment, a platform has at least one processor core coupled to an internal timer. For an X86 processor, the internal timer may reside in an advanced programmable interrupt controller. A boot kernel executing on the platform is configured to use the internal timer early in the boot phase, when the platform is not compliant with legacy PC/AT architecture. If the platform does conform to the legacy architecture, then the boot may use an external clock for timing and clocking early in boot. In both cases, the internal timer is calibrated to the external clock before completing the boot phase. Other embodiments are described and claimed. | 07-01-2010 |
| 20100169967 | Apparatus and method for runtime integrity verification - In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a code block, and code which is executable by the processor-based system to cause the processor-based system to generate integrity information for the code block upon a restart of the processor-based system, securely store the integrity information, and validate the integrity of the code block during a runtime of the processor-based system using the securely stored integrity information. Other embodiments are disclosed and claimed. | 07-01-2010 |
| 20100250916 | Component Firmware Integration in Distributed Systems - A plurality of platforms may be defined in a distributed system. Each of the platforms may include a processor and a chipset from a common source on a single motherboard. Extensible firmware interface drivers are provided for the processors and the chipsets. Each of the platforms may be defined pursuant to a system definition model where the system definition model defines the firmware for each of the platforms. As a result, any of the platforms can be updateable from a common source, such as an Internet web site. | 09-30-2010 |
| 20100262743 | System management mode inter-processor interrupt redirection - A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt. | 10-14-2010 |
| 20100275016 | DATA SECURITY - In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment. | 10-28-2010 |
| 20100318993 | METHOD AND APPARATUS FOR PROVIDING VIRTUAL SERVER LADES - Methods and apparatus to provide virtual server blades are described. In one embodiment, a first virtual machine (VM) in a processing system may emulate a first server blade, and a second VM in the processing system may emulate a second server blade. The emulated server blades may be referred to as virtual server blades. A virtual machine monitor (VMM) in the processing system may provide a communication channel to at least one of the virtual server blades. Other embodiments are described and claimed. | 12-16-2010 |
| 20100332813 | SYSTEM AND METHOD FOR UTILIZING A PROTECTED/HIDDEN REGION OF SEMICONDUCTOR BASED MEMORY/STORAGE - A method for accessing a protected area of a solid-state storage device via firmware control is described. During system initialization, firmware components are loaded and executed to initialize a computer system. These firmware components include a firmware driver for accessing solid-state storage devices connected to the computer system. The system firmware enables a protected area on a solid-state storage device's media to be accessed under firmware control. After firmware accesses, the protected area is closed from access by non-firmware entities by “hiding” the true size of the media such that those entities are unaware of this area of the media. Mechanisms are disclosed for providing firmware access to the protected area only during pre-boot, and for both pre-boot and run-time operations. The firmware-controlled media access scheme may be used to load firmware stored on solid-state media during pre-boot and to store system information in the protected area during pre-boot and/or run-time operations. | 12-30-2010 |
| 20110004715 | METHOD AND SYSTEM FOR HANDLING A MANAGEMENT INTERRUPT EVENT IN A MULTI-PROCESSOR COMPUTING DEVICE - A method and system for handling a management interrupt, such as a system management interrupt (SMI) and/or a platform management interrupt (PMI), includes sequestering two or more processor cores from a plurality of processor cores to form a group of sequestered processor cores for handling the management interrupt. Generated management interrupts are directed to the group of sequestered processor cores and not to non-sequestered processor cores. At least one of the sequestered processor cores handles the management interrupt without disrupting the current operation of the non-sequestered processor cores. | 01-06-2011 |
| 20110083005 | Enabling a heterogeneous blade environment - In one embodiment, the present invention includes a method for receiving a request for power-up of a first blade of a chassis, enabling the first blade to power-up in a reduced boot mode and receiving a communication including characteristic information and policy information associated with the first blade, and analyzing the characteristic information and the policy information to determine a policy and a boot configuration for the first blade. Other embodiments are described and claimed. | 04-07-2011 |
| 20110134912 | SYSTEM AND METHOD FOR PLATFORM RESILIENT VOIP PROCESSING - A system and method for platform resilient VoIP (Voice over Internet Protocol) processing in a partitioned environment. The system comprises a plurality of soft partitions. At least one soft partition is a sequestered partition. The sequestered partition includes one or more core processors having a controlled, real-time operating system and at least one network interface card (NIC) coupled to the one or more core processors. The NIC is dedicated to the sequestered partition, and the one or more core processors are used as an offload engine solely dedicated to Voice over Internet Protocol (VoIP) processing. | 06-09-2011 |
| 20110138166 | Extensible Pre-Boot Authentication - In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed. | 06-09-2011 |
| 20110154065 | OPERATING SYSTEM INDEPENDENT NETWORK EVENT HANDLING - Methods and apparatuses for re-instantiating a firmware environment that includes one or more firmware functions available at pre-boot time when transitioning the computing device from a wake state to a sleep state. A network event received by the computing device while in a sleep state may be handled by the firmware environment independent of the operating system and without returning the entire computing device to the wake state. | 06-23-2011 |
| 20110161726 | SYSTEM RAS PROTECTION FOR UMA STYLE MEMORY - In some embodiments, the invention involves a system and method relating to system recovery in a fault resilient manner by isolating errors associated with the management engine (ME) UMA memory. BIOS logs errors occurring on memory within the system. The ME UMA is invisible to the host OS, so the OS will not be notified about the errors occurring in the ME UMA range. When an error threshold has been reached for a memory unit in which ME UMA resides, ME UMA data is migrated to a previously reserved backup region of memory and the ME is notified of the new ME UMA location. The faulty memory is flagged for replacement at a next maintenance cycle. Embodiments may be applied to workstations that utilize ECC memory protection which utilize AMT (Active Management Technology) and ME UMA. Other embodiments are described and claimed. | 06-30-2011 |
