-
1.发明申请TECHNIQUES FOR PRE-OS IMAGE REWRITING TO PROVIDE CROSS-ARCHITECTURE SUPPORT, SECURITY INTROSPECTION, AND PERFORMANCE OPTIMIZATION 审中-公开用于提供跨架构支持,安全入侵和性能优化的前瞻性图像优化技术
公开(公告)号:WO2015060853A1
公开(公告)日:2015-04-30
申请号:PCT/US2013/066608
申请日:2013-10-24
Applicant: INTEL CORPORATION , ZIMMER, Vincent J. , ROTHMAN, Michael A. , BAHNSEN, Robert B. , SWANSON, Robert C.
Inventor: ZIMMER, Vincent J. , ROTHMAN, Michael A. , BAHNSEN, Robert B. , SWANSON, Robert C.
CPC classification number: G06F9/445 , G06F8/52 , G06F8/65 , G06F8/654 , G06F9/22 , G06F9/24 , G06F9/4403 , G06F9/4411 , G06F9/45516 , G06F21/572 , G06F21/575 , G06F2221/033
Abstract: Methods and apparatus relating to pre-OS (pre Operating System) image rewriting to provide cross-architecture support, security introspection, and/or performance optimization are described. In an embodiment, logic rewrites a non-native firmware interface driver into a native firmware interface driver in response to a determination that sufficient space is available in an integrity cache storage device to store the native firmware interface driver. The logic rewrites the non-native firmware interface driver into the native firmware interface driver by performing one or more of its operations during operating system runtime. Other embodiments are also claimed and described.
Abstract translation: 描述与前OS(预操作系统)图像重写相关以提供交叉架构支持,安全内省和/或性能优化的方法和装置。 在一个实施例中,响应于在完整性高速缓存存储设备中有足够的空间可用于存储本地固件接口驱动程序的确定,逻辑将非本地固件接口驱动程序重写为本机固件接口驱动程序。 逻辑通过在操作系统运行时执行其一个或多个操作,将非本地固件接口驱动程序重写为本机固件接口驱动程序。 还要求保护和描述其它实施例。
-
2.发明申请
公开(公告)号:WO2012045038A1
公开(公告)日:2012-04-05
申请号:PCT/US2011/054419
申请日:2011-09-30
Applicant: INTEL CORPORATION , SAKTHIKUMAR, Palsamy , SWANSON, Robert C. , ROTHMAN, Michael A. , BULUSU, Mallik , ZIMMER, Vincent J.
Inventor: SAKTHIKUMAR, Palsamy , SWANSON, Robert C. , ROTHMAN, Michael A. , BULUSU, Mallik , ZIMMER, Vincent J.
CPC classification number: G06F13/105 , G06F9/4812 , G06F21/572 , G06F2221/2105
Abstract: A method, apparatus, system, and computer program product for secure server system management. A payload containing system software and/or firmware updates is distributed in an on-demand, secure I/O operation. The I/O operation is performed via a secured communication channel inaccessible by the server operating system to an emulated USB drive. The secure communication channel can be established for the I/O operation only after authenticating the recipient of the payload, and the payload can be protected from access by a potentially-infected server operating system. Furthermore, the payload can be delivered on demand rather than relying on a BIOS update schedule, and the payload can be delivered at speeds of a write operation to a USB drive.
Abstract translation: 一种用于安全服务器系统管理的方法,设备,系统和计算机程序产品。 包含系统软件和/或固件更新的有效载荷以按需安全I / O操作分发。 I / O操作通过服务器操作系统无法访问到模拟USB驱动器的安全通信通道执行。 只有在验证有效负载的收件人之后,才能为I / O操作建立安全通信通道,并且可以保护有效负载免受潜在感染的服务器操作系统的访问。 此外,有效载荷可以按需传送,而不是依赖于BIOS更新计划,并且有效载荷可以以写入操作的速度传送到USB驱动器。
-
公开(公告)号:WO2012040675A2
公开(公告)日:2012-03-29
申请号:PCT/US2011/053165
申请日:2011-09-24
Applicant: INTEL CORPORATION , SWANSON, Robert C. , DIAMANT, Nimrod , ZIMMER, Vincent J. , BULUSU, Mallik
Inventor: SWANSON, Robert C. , DIAMANT, Nimrod , ZIMMER, Vincent J. , BULUSU, Mallik
CPC classification number: G06F9/4401 , G06F21/575 , G06F2221/2153
Abstract: Some aspects include beginning a power on self test (POST) by a BIOS for a computer system; enumerating the computer system by the BIOS; providing, based on the enumeration of the computer system by the BIOS, at least one configuration setting of the computer system to a management engine (ME) of the computer system; and applying a lock to the at least one configuration setting by the ME to manage a change to the at least one configuration setting, all prior to an ending of the POST.
Abstract translation: 某些方面包括由计算机系统的BIOS启动开机自检(POST); 通过BIOS列举计算机系统; 基于由计算机系统BIOS列举的计算机系统,将计算机系统的至少一个配置设置提供给计算机系统的管理引擎(ME); 以及由ME在至少一个配置设置上应用锁以管理对至少一个配置设置的改变,全部在POST结束之前。
-
公开(公告)号:WO2015147986A1
公开(公告)日:2015-10-01
申请号:PCT/US2015/013942
申请日:2015-01-30
Applicant: INTEL CORPORATION
Inventor: SWANSON, Robert C. , NEMIROFF, Daniel , ZIMMER, Vincent J. , BULUSU, Mallik , LINDSLEY, John R. , CONE, Robert W. , TRIVEDI, Malay , KWIDZINSKI, Piotr
CPC classification number: H04L63/10 , G06F3/0622 , G06F3/0637 , G06F3/0683 , G06F13/28 , G06F21/554 , G06F21/57 , G06F21/572
Abstract: Embodiments of multinode hubs for trust operations are disclosed herein. In some embodiments, a multinode hub may include a plurality of memory regions, a trapping module, and a trusted platform module (TPM) component. Each memory region may be associated with and receive trust operation data from a coherent computing node. The trapping module may generate trap notifications in response to accesses to the plurality of memory regions by the associated coherent computing nodes. The trap notifications may indicate which of the plurality of memory locations has been accessed, and the TPM component may process the trust operation data in a memory region indicated by a trap notification. Other embodiments may be disclosed and/or claimed.
Abstract translation: 本文公开了用于信任操作的多节点集线器的实施例。 在一些实施例中,多节点集线器可以包括多个存储器区域,陷阱模块和可信平台模块(TPM)组件。 每个存储器区域可以与相干计算节点相关联并接收来自相干计算节点的信任操作数据。 捕获模块可以响应于相关联的相干计算节点对多个存储器区域的访问而产生陷阱通知。 陷阱通知可以指示已经访问了多个存储器位置中的哪一个,并且TPM组件可以处理由陷阱通知指示的存储器区域中的信任操作数据。 可以公开和/或要求保护其他实施例。
-
公开(公告)号:WO2013048487A1
公开(公告)日:2013-04-04
申请号:PCT/US2011/054409
申请日:2011-09-30
Applicant: INTEL CORPORATION , ALTMAN, Asher M. , SCHMISSEUR, Mark A. , SWANSON, Robert C. , SLAIGHT, Thomas M.
Inventor: ALTMAN, Asher M. , SCHMISSEUR, Mark A. , SWANSON, Robert C. , SLAIGHT, Thomas M.
CPC classification number: G06F12/14 , G06F3/0622 , G06F3/0667 , G06F3/0679 , G06F9/545 , G06F21/6281
Abstract: Techniques and mechanisms for providing access to a storage device of a computer platform. In an embodiment, an agent executing on the platform may be registered for access to the storage device, the agent being allocated a memory space by a host operating system of the platform. Registration of the agent may result in a location in the allocated memory space being mapped to a location in the storage device. In another embodiment, the agent may write to the location in the allocated memory space to request access to the storage device, wherein the request is independent of any system call to the host OS which describes the requested access.
Abstract translation: 用于提供对计算机平台的存储设备的访问的技术和机制。 在一个实施例中,可以登记在平台上执行的代理以访问存储设备,代理由平台的主机操作系统分配存储空间。 代理的注册可能导致分配的存储器空间中的位置被映射到存储设备中的位置。 在另一个实施例中,代理可以写入分配的存储器空间中的位置以请求对存储设备的访问,其中该请求独立于描述所请求的访问的对主机OS的任何系统调用。
-
Patent Agency Ranking
公开(公告)号:WO2012018889A2
公开(公告)日:2012-02-09
申请号:PCT/US2011/046380
申请日:2011-08-03
Applicant: INTEL CORPORATION , SWANSON, Robert C. , BULUSU, Mallik , ZIMMER, Vincent J.
Inventor: SWANSON, Robert C. , BULUSU, Mallik , ZIMMER, Vincent J.
CPC classification number: G06F21/572 , G06F21/72 , G06F21/74 , G06F21/79 , G06F21/85 , G06F2221/2107 , G06F2221/2113 , G06F2221/2115
Abstract: In one embodiment, a peripheral controller coupled to a processor can include a storage controller. This storage controller can control access to a non-volatile storage coupled to the peripheral controller. The storage may include both secure and open partitions, and the storage controller can enable access to the secure partition only when the processor is in a secure mode. In turn, during unsecure operation such as third party code execution, visibility of the secure partition can be prevented. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,耦合到处理器的外围控制器可以包括存储控制器。 该存储控制器可以控制对耦合到外围控制器的非易失性存储器的访问。 存储器可以包括安全和打开的分区,并且只有当处理器处于安全模式时,存储控制器才能够访问安全分区。 反过来,在诸如第三方代码执行的不安全操作期间,可以防止安全分区的可见性。 描述和要求保护其他实施例。
-
公开(公告)号:WO2012018529A2
公开(公告)日:2012-02-09
申请号:PCT/US2011/044744
申请日:2011-07-20
Applicant: INTEL CORPORATION , SWANSON, Robert C. , WEHAGE, Eric R. , ZIMMER, Vincent J. , BULUSU, Mallik
Inventor: SWANSON, Robert C. , WEHAGE, Eric R. , ZIMMER, Vincent J. , BULUSU, Mallik
CPC classification number: G06F11/004 , G06F11/1008
Abstract: Methods and apparatus to protect segments of memory are disclosed herein. An example method includes intercepting an interrupt request indicating an error; determining whether a first segment of memory is corrupt, the first segment of memory being designated as a protected region of memory; when the protected region of memory is corrupt, repairing the corrupted region of memory using a parity block of code; and in response to validating the protected region of memory, generating an interrupt enabling a utilization of code stored in the protected region of memory to handle the error associated with the interrupt request.
Abstract translation: 本文公开了保护存储器段的方法和装置。 示例方法包括拦截指示错误的中断请求; 确定第一存储段是否被破坏,所述第一存储段被指定为存储器的受保护区域; 当存储器的受保护区域被破坏时,使用奇偶校验码块修复已损坏的存储器区域; 并且响应于验证存储器的受保护区域,产生中断,使得能够利用存储在存储器的受保护区域中的代码来处理与中断请求相关联的错误。
-
公开(公告)号:WO2015199830A1
公开(公告)日:2015-12-30
申请号:PCT/US2015/030700
申请日:2015-05-14
Applicant: INTEL CORPORATION
Inventor: MUDUSURU, Giri P. , ZIMMER, Vincent J. , KOTARY, Karunakara , STORY, Ronald N. , SWANSON, Robert C. , ORAM, Isaac W.
CPC classification number: G06F1/30 , G06F11/1441 , G06F11/2015 , G06F12/0246 , G06F12/0804 , G06F12/0866 , G06F12/0875 , G06F12/1416 , G06F12/1491 , G06F13/32 , G06F2212/1024 , G06F2212/222 , G11C5/141
Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for a Unified Extensible Firmware Interface (UEFI) with durable storage to provide memory write persistence, for example, in the event of power loss. The system may include a processor to host the firmware interface which may be configured to control access to system variables in a protected region of a volatile memory. The system may also include a power management circuit to provide power to the processor and further to provide a power loss indicator to the firmware interface. The system may also include a reserve energy storage module to provide power to the processor in response to the power loss indicator. The firmware interface is further configured to copy the system variables from the volatile memory to a non-volatile memory in response to the power loss indicator.
Abstract translation: 通常,本公开提供了用于具有耐用存储器的统一可扩展固件接口(UEFI)的系统,设备,方法和计算机可读介质,以提供例如在电力丢失的情况下的存储器写持续性。 该系统可以包括用于托管固件接口的处理器,其可被配置为控制对易失性存储器的受保护区域中的系统变量的访问。 该系统还可以包括电源管理电路,以向处理器提供电力,并进一步向固件接口提供功率损耗指示符。 系统还可以包括备用能量存储模块,以响应于功率损耗指示器向处理器提供电力。 固件接口还被配置为响应于功率损耗指示器将系统变量从易失性存储器复制到非易失性存储器。
-
公开(公告)号:WO2015147981A1
公开(公告)日:2015-10-01
申请号:PCT/US2015/013317
申请日:2015-01-28
Applicant: INTEL CORPORATION
Inventor: SWANSON, Robert C. , TRAW, C. Brendan , ZIMMER, Vincent J. , BULUSU, Mallik , LINDSLEY, John R. , NATU, Mahesh S. , ZIAKAS, Dimitrios , CONE, Robert W. , RANGARAJAN, Madhusudhan , NIKJOU, Babak , BRANNOCK, Kirk D. , WUNDERLICH, Russell J. , SCHWARTZ, Miles F. , PAWLOWSKI, Stephen S.
CPC classification number: G06F11/3476 , G06F9/4403 , G06F9/4416 , G06F11/1417 , G06F21/575 , G06F2201/84
Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, initialize the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.
Abstract translation: 平台控制器,计算机可读存储介质以及与计算设备的初始化相关联的方法。 在实施例中,平台控制器可以包括与引导控制器耦合的引导控制器和一个或多个非易失性存储器模块。 在实施例中,一个或多个非易失性存储器模块可以具有存储在其上的第一和第二指令。 当由托管平台控制器的计算设备的处理器执行时,第一指令可以初始化计算设备。 第二指令在由引导控制器执行时可能导致引导控制器监视计算设备执行第一指令的至少一部分,并且可以生成第一指令的执行的监视部分的跟踪。 在实施例中,迹线可以存储在一个或多个非易失性存储器模块中。 可以描述和/或要求保护其他实施例。
-
10.发明申请MANAGEABILITY REDUNDANCY FOR MICRO SERVER AND CLUSTERED SYSTEM-ON-A-CHIP DEPLOYMENTS 审中-公开微服务器和集群系统在线部署的可管理性冗余
公开(公告)号:WO2015023192A1
公开(公告)日:2015-02-19
申请号:PCT/PL2013/000104
申请日:2013-08-14
Applicant: INTEL CORPORATION
Inventor: SWANSON, Robert C. , JURSKI, Janusz , SAWICKI, Piotr , CONE, Robert W. , O'SULLIVAN, William J. , STEPKA, Mariusz , NIKJOU, Babak , RANGARIAN, Madhusudhan , SZYMANSKI, Pawel , KWIDZINSKI, Piotr , BAHNSEN, Robert , BULUSU, Mallik , ORIOL, Mariusz
CPC classification number: G06F11/142 , G06F1/3296 , G06F9/4881 , G06F9/5027 , G06F9/5088 , G06F11/14 , G06F11/2023 , G06F11/2028 , G06F11/203 , G06F11/2033 , G06F11/2035 , G06F11/2043 , G06F2201/805 , G06F2201/85
Abstract: Technologies for providing manageability redundancy for micro server and clustered System-on-a-Chip (SoC) deployments are presented. A configurable multi-processor apparatus may include multiple integrated circuit (IC) blocks where each IC block includes a task block to perform one or more assignable task functions and a management block to perform management functions with respect to the corresponding IC block. Each task block and each management block may include one or more instruction processors and corresponding memory. Each IC block may be controllable to perform a function of one or more other IC blocks. The IC blocks may communicate with each other via a management communication infrastructure that may include a communication path from each of the management blocks to each of the other management blocks. Via the management communication infrastructure, the management blocks may bridge communication paths between pairs of management blocks.
Abstract translation: 介绍了为微服务器和集群系统级芯片(SoC)部署提供可管理性冗余的技术。 可配置的多处理器装置可以包括多个集成电路(IC)块,其中每个IC块包括执行一个或多个可分配任务功能的任务块和用于执行相对于IC块的管理功能的管理块。 每个任务块和每个管理块可以包括一个或多个指令处理器和对应的存储器。 每个IC块可以是可控制的,以执行一个或多个其它IC块的功能。 IC块可以经由管理通信基础设施相互通信,管理通信基础设施可以包括从每个管理块到每个其他管理块的通信路径。 通过管理通信基础设施,管理块可以跨越管理块对之间的通信路径。
-
-
-
-
-
-
-
-
-
Search Results
43
records
(took 0.023 seconds)
