公开(公告)号：EP2973139A4

公开(公告)日：2016-10-26

申请号：EP13877987

申请日：2013-03-15

Applicant: INTEL CORP

Inventor： DONG GUO ,  YAO JIEWEN ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A

IPC: G06F21/71 ,  G06F9/44 ,  G06F21/57 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/71 ,  G06F2221/034 ,  G09C1/00 ,  H04L2209/127

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract translation: 用于在计算设备上改进平台初始化的技术包括使用计算设备的基本输入/输出系统（BIOS）开始初始化计算设备的平台。 当从BIOS模块接收到安全处理器命令时，安全协处理器驱动程序模块将一个安全协处理器命令添加到命令列表中。 计算设备建立平台的初始化的周期性中断以查询安全协处理器关于对先前提交的安全协处理器命令的响应的可用性，将由安全协处理器驱动器模块接收的任何响应转发到 BIOS模块，并将命令列表中的下一个安全协处理器命令提交给安全协处理器。

公开(公告)号：EP2912588A4

公开(公告)日：2016-06-29

申请号：EP12887009

申请日：2012-10-25

Applicant: INTEL CORP

Inventor： OUYANG QIAN ,  WANG JIAN J ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  ZHANG CHAO B

IPC: G06F21/57 ,  G06F21/32

CPC classification number: G06F21/602 ,  G06F9/4406 ,  G06F21/32 ,  G06F21/575

公开(公告)号：EP2729896A4

公开(公告)日：2015-04-22

申请号：EP12807077

申请日：2012-07-05

Applicant: INTEL CORP

Inventor： HELD JAMES P ,  ROBINSON SCOTT H ,  ZIMMER VINCENT J

IPC: G06F21/57 ,  G06F21/64

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/64

Abstract: A system and method for BIOS flash attack protection and notification. A processor initialization module, including initialization firmware verification module may be configured to execute first in response to a power on and/or reset and to verify initialization firmware stored in non-volatile memory in a processor package. The initialization firmware is configured to verify the BIOS. If the verification of the initialization firmware and/or the BIOS fails, the system is configured to select at least one of a plurality of responses including, but not limited to, preventing the BIOS from executing, initiating recovery, reporting the verification failure, halting, shutting down and/or allowing the BIOS to execute and an operating system (OS) to boot in a limited functionality mode.

公开(公告)号：EP3192003A4

公开(公告)日：2018-05-16

申请号：EP15839311

申请日：2015-07-28

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  BARRY PETER J ,  POORNACHANDRAN RAJESH ,  VAN DE VEN ARJAN ,  DICE PETER A ,  SELVARAJE GOPINATTH ,  CARREÑO JULIEN ,  ROSENBAUM LEE G

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

公开(公告)号：EP3161716A4

公开(公告)日：2018-03-21

申请号：EP15812809

申请日：2015-06-25

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  ADAMS NICHOLAS J ,  MUDUSURU GIRI P ,  ROSENBAUM LEE G ,  ROTHMAN MICHAEL A

IPC: G06F21/57 ,  G06F21/72

CPC classification number: G06F21/72 ,  G06F21/575 ,  G06F2221/034 ,  G09C1/00 ,  H04L9/3234 ,  H04L2209/12

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

公开(公告)号：EP3063621A4

公开(公告)日：2017-07-12

申请号：EP13896605

申请日：2013-10-29

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  ANVIN H P ,  ROTHMAN MICHAEL A ,  ESTRADA DAVID C ,  YOKE NICHOLAS J ,  SELVARAJE GOPINATTH

IPC: G06F9/24 ,  G06F9/44

CPC classification number: G06F9/4401 ,  G06F9/4403 ,  G06F9/441

Abstract: The present disclosure is directed to flexible bootstrap code architecture. A device may comprise equipment for operating the device and an operating system (OS) for operating the equipment. A boot module may also be included in the device to execute boot operations. At least one flexible boot (FB) module in the boot module may interact with the equipment and/or OS during the boot operations to cause the boot operations to become device-specific. An example boot module may comprise a plurality of FB modules. An example FB module may verify a device/chipset identification and may control the boot operations based on the identification. Other example FB modules may select resources to load based on an OS type, may provide a boot configuration table location for use in OS runtime boot configuration or may load variables from a preload variable directory for use in configuring boot operations.

Abstract translation: 本公开涉及灵活的引导代码体系结构。 设备可以包括用于操作设备的设备和用于操作设备的操作系统（OS）。 引导模块也可以包含在设备中以执行引导操作。 引导模块中的至少一个弹性引导（FB）模块可以在引导操作期间与设备和/或OS交互以使引导操作变为设备特定的。 示例引导模块可以包括多个FB模块。 示例性FB模块可以验证设备/芯片组标识并且可以基于标识来控制引导操作。 其他示例FB模块可以基于OS类型选择要加载的资源，可以提供用于OS运行时引导配置的引导配置表位置，或者可以从预加载变量目录加载变量以用于配置引导操作。

公开(公告)号：EP3060980A4

公开(公告)日：2017-06-28

申请号：EP13895862

申请日：2013-10-24

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  BAHNSEN ROBERT B ,  SWANSON ROBERT C

IPC: G06F9/22 ,  G06F9/24 ,  G06F9/44 ,  G06F9/445 ,  G06F9/45 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F9/445 ,  G06F8/52 ,  G06F8/65 ,  G06F8/665 ,  G06F9/22 ,  G06F9/24 ,  G06F9/4403 ,  G06F9/4411 ,  G06F9/45516 ,  G06F21/572 ,  G06F21/575 ,  G06F2221/033

Abstract: Methods and apparatus relating to pre-OS (pre Operating System) image rewriting to provide cross-architecture support, security introspection, and/or performance optimization are described. In an embodiment, logic rewrites a non-native firmware interface driver into a native firmware interface driver in response to a determination that sufficient space is available in an integrity cache storage device to store the native firmware interface driver. The logic rewrites the non-native firmware interface driver into the native firmware interface driver by performing one or more of its operations during operating system runtime. Other embodiments are also claimed and described.

Abstract translation: 描述了与预操作系统（预操作系统）图像重写相关的方法和装置以提供跨架构支持，安全性内省和/或性能优化。 在一个实施例中，响应于确定在完整性缓存存储设备中有足够的空间可用于存储本地固件接口驱动程序，逻辑将非本地固件接口驱动程序重写入本机固件接口驱动程序。 该逻辑通过在操作系统运行时期间执行其一个或多个操作来将非本地固件接口驱动程序重写入本地固件接口驱动程序。 其他实施例也被要求和描述。

公开(公告)号：EP2656201A4

公开(公告)日：2016-03-16

申请号：EP11851655

申请日：2011-11-16

Applicant: INTEL CORP

Inventor： ROTHMAN MICHAEL A ,  SAKTHIKUMAR PALSAMY ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  SWANSON ROBERT C

IPC: G06F9/44 ,  G06F12/00 ,  G06F13/14

CPC classification number: G06F9/4418

Abstract: A method and apparatus for improving the resume time of a platform. In one embodiment of the invention, the context of the platform is saved prior to entering an inactive state of the platform. When the platform is switched back to an active state, it reads the saved context and restores the platform to its original state prior to entering the inactive state. In one embodiment of the invention, the platform determines whether it should compress the saved context before storing it in a non-volatile memory based on the operating condition of the platform. This allows the platform to select the optimum method to allow faster resume time of the platform.

公开(公告)号：EP2601587A4

公开(公告)日：2014-12-17

申请号：EP11814988

申请日：2011-07-18

Applicant: INTEL CORP

Inventor： SWANSON ROBERT C ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SAKTHIKUMAR PALSAMY

IPC: G06F13/14 ,  G06F9/22 ,  G06F11/27 ,  G06K17/00

CPC classification number: H04L45/02 ,  H04W4/008 ,  H04W84/18

Abstract: Radio frequency identification (RFID) tags embedded in processors within a computing system provide a separate communication path to other components of the computing system during initialization processing, apart from the system interconnect. Upon powering up, each processor causes its RFID tag to broadcast data regarding the processor's interconnect location and initialization status. A RFID receiver senses the RFID tags in the Platform Control Hub (PCH), and each processor's interconnect location and initialization status data is stored in registers within the PCH. During system initialization processing, the BIOS accesses these PCH registers to obtain the processor's data. The interconnect location and initialization status data is used by the BIOS to select the optimal routing table and configure the virtual network within the computing system based on the optimal routing table and the RFID tag data, without interrogating each processor individually over the system interconnect.

公开(公告)号：EP3123299A4

公开(公告)日：2018-01-24

申请号：EP15769354

申请日：2015-01-28

Applicant: INTEL CORP

Inventor： SWANSON ROBERT C ,  TRAW C BRENDAN ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  LINDSLEY JOHN R ,  NATU MAHESH S ,  ZIAKAS DIMITRIOS ,  CONE ROBERT W ,  RANGARAJAN MADHUSUDHAN ,  NIKJOU BABAK ,  BRANNOCK KIRK D ,  WUNDERLICH RUSSELL J ,  SCHWARTZ MILES F ,  PAWLOWSKI STEPHEN S

IPC: G06F9/22 ,  G06F9/44 ,  G06F11/14 ,  G06F11/30 ,  G06F11/34 ,  G06F21/56 ,  G06F21/57

CPC classification number: G06F11/3476 ,  G06F9/4403 ,  G06F9/4416 ,  G06F11/1417 ,  G06F21/575 ,  G06F2201/84

Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.