-
公开(公告)号:US20170277530A1
公开(公告)日:2017-09-28
申请号:US15079725
申请日:2016-03-24
Applicant: Intel Corporation
Inventor: Nicholas J. Adams , Krishnakumar Narasimhan , Vincent J. Zimmer
CPC classification number: G06F8/65 , G06F8/654 , G06F9/4403 , G06F12/10 , G06F12/1081 , G06F12/14 , G06F12/1441 , G06F13/28 , G06F13/4282 , G06F2212/1052 , G06F2212/65 , G06F2213/0024 , G06F2213/0042 , G06F2213/28
Abstract: Technologies for performing a secure firmware update include a compute device that includes a memory device to store firmware update payload, one or more devices that have direct memory access (DMA) to the memory, a DMA remap module, and a firmware update module. The DMA remap module is to create a memory isolation domain for each of the one or more devices. Each memory isolation domain comprises a physical address space in the memory that is mutually exclusive to the physical address spaces of the other memory isolation domains. The firmware update module is to (i) analyze the firmware update payload to identify one or more of the devices associated with the firmware update payload and (ii) move the firmware update payload to the memory isolation domains of each associated device to enable secure transmission of the firmware update payload to the associated devices.
-
公开(公告)号:US09740492B2
公开(公告)日:2017-08-22
申请号:US14666219
申请日:2015-03-23
Applicant: INTEL CORPORATION
Inventor: Nicholas J. Adams , Vincent J. Zimmer , Lee G. Rosenbaum , Giri P. Mudusuru
CPC classification number: G06F9/30189 , G06F9/34 , G06F21/44 , G06F21/57 , G06F21/74
Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.
-
公开(公告)号:US09417801B2
公开(公告)日:2016-08-16
申请号:US14227735
申请日:2014-03-27
Applicant: Intel Corporation
CPC classification number: G06F3/0611 , G06F3/0659 , G06F3/0673 , G06F13/105 , G06F13/24 , G06F13/385
Abstract: Technologies for virtual general purpose I/O (GPIO) include a computing device having a virtual GPIO controller driver, a virtual GPIO controller firmware interface, and a virtual GPIO controller. The driver receives a GPIO command from an operating system of the computing device. The GPIO command specifies an operation to be performed by a GPIO pin. The driver sends the GPIO command to the firmware interface. In response to the firmware interface receiving the command, the virtual GPIO controller emulates a virtual GPIO pin to implement the GPIO command. The firmware interface may trigger an interrupt that can be received by the operating system. The virtual GPIO controller may emulate the virtual GPIO pin using firmware-reserved backing memory, an embedded controller, or an interface to a peripheral device of the computing device. The firmware interface may be an ACPI control method. Other embodiments are described and claimed.
Abstract translation: 用于虚拟通用I / O(GPIO)的技术包括具有虚拟GPIO控制器驱动程序,虚拟GPIO控制器固件接口和虚拟GPIO控制器的计算设备。 驱动程序从计算设备的操作系统接收GPIO命令。 GPIO命令指定要由GPIO引脚执行的操作。 驱动程序将GPIO命令发送到固件界面。 响应固件接口接收命令,虚拟GPIO控制器仿真虚拟GPIO引脚来实现GPIO命令。 固件接口可能会触发操作系统可以接收的中断。 虚拟GPIO控制器可以使用固件保留后备内存,嵌入式控制器或与计算设备的外围设备的接口来模拟虚拟GPIO引脚。 固件接口可以是ACPI控制方法。 描述和要求保护其他实施例。
-
公开(公告)号:US10402281B2
公开(公告)日:2019-09-03
申请号:US15086293
申请日:2016-03-31
Applicant: INTEL CORPORATION
Inventor: Krishnakumar Narasimhan , Nicholas J. Adams , Karunakara Kotary , Brett P Wang
Abstract: A mechanism is described for facilitating dynamic capsule generation and recovery in computing environments according to one embodiment. A method of embodiments, as described herein, includes accessing a current firmware and a capsule driver binary file (“capsule file”) from a storage device, and merging the current firmware with the capsule file and a capsule header into a capsule payload. The method may further include assigning a security protocol to the capsule payload to ensure a secured capsule payload, and storing the secured capsule payload at the storage device for subsequent updates.
-
公开(公告)号:US10139882B2
公开(公告)日:2018-11-27
申请号:US15174779
申请日:2016-06-06
Applicant: Intel Corporation
Inventor: Ryan D. Wells , Sanjeev S. Jahagirdar , Inder M. Sodhi , Jeremy J. Shrall , Stephen H. Gunther , Daniel J. Ragland , Nicholas J. Adams
Abstract: According to one embodiment of the invention, a processor includes a power control unit, an interface to software during runtime that permits the software to set a plurality of power management constraint parameters for the power control unit during runtime of the processor without a reboot of the processor, and a storage element to store a respective lock bit for each of the plurality of power management constraint parameters to disable the interface from changing a respective constraint parameter when set.
-
Patent Agency Ranking
公开(公告)号:US20170083305A1
公开(公告)日:2017-03-23
申请号:US14856865
申请日:2015-09-17
Applicant: Intel Corporation
Inventor: Krishna Kumar Ganesan , Sudhakar Otturu , Nicholas J. Adams
CPC classification number: H04L67/34 , G06F1/3206 , G06F1/3265 , G06F1/3287 , G06F8/654 , G06F21/572 , H04L63/126 , H04L63/145 , H04W52/0296 , Y02D10/153 , Y02D10/171 , Y02D10/42 , Y02D70/00 , Y02D70/142 , Y02D70/144 , Y02D70/166 , Y02D70/26
Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.
-
公开(公告)号:US20160292423A1
公开(公告)日:2016-10-06
申请号:US14778000
申请日:2014-06-25
Applicant: Intel Corporation
Inventor: Jiewen Yao , Vincent J. Zimmer , Brian S. Payne , Nicholas J. Adams
CPC classification number: G06F21/577 , G06F8/65 , G06F9/4401 , G06F9/4411 , G06F9/445 , G06F21/53
Abstract: Embodiments related to hardware configuration reporting and arbitration are disclosed herein. For example, an apparatus for hardware configuration reporting may include: a processing device having a trusted execution environment (TEE) and a non-trusted execution environment (non-TEE); request service logic, stored in the memory, to operate within the TEE to receive an indication of a request from arbiter logic, wherein the request represents a hardware configuration register; and reporting logic, stored in the memory, to operate within the TEE and to report an indicator of a value of the hardware configuration register represented by the request to the arbiter logic. Other embodiments may be disclosed and/or claimed.
Abstract translation: 本文公开了与硬件配置报告和仲裁相关的实施例。 例如,用于硬件配置报告的装置可以包括:具有可信执行环境(TEE)和不可信执行环境(非TEE)的处理设备; 请求服务逻辑,存储在存储器中,以在TEE内操作以接收来自仲裁器逻辑的请求的指示,其中该请求表示硬件配置寄存器; 和存储在存储器中的报告逻辑,以在TEE内操作,并将由请求表示的硬件配置寄存器的值的指示符报告给仲裁器逻辑。 可以公开和/或要求保护其他实施例。
-
公开(公告)号:US10831934B2
公开(公告)日:2020-11-10
申请号:US15709047
申请日:2017-09-19
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Nicholas J. Adams , Giri P. Mudusuru , Lee G. Rosenbaum , Michael A. Rothman
Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.
-
公开(公告)号:US10331453B2
公开(公告)日:2019-06-25
申请号:US15682531
申请日:2017-08-21
Applicant: INTEL CORPORATION
Inventor: Nicholas J. Adams , Vincent J. Zimmer , Lee G. Rosenbaum , Giri P. Mudusuru
Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.
-
公开(公告)号:US10198274B2
公开(公告)日:2019-02-05
申请号:US14670939
申请日:2015-03-27
Applicant: Intel Corporation
Inventor: Nicholas J. Adams , Erik C. Bjorge , Giri P. Mudusuru
IPC: G06F1/32 , G06F9/4401 , G06F13/24 , G06F21/57 , G06F21/79
Abstract: Technologies for hybrid sleep power management include a computing device with a processor supporting a low-power idle state. In a pre-boot firmware environment, the computing device reserves a memory block for firmware use and copies platform wake code to a secure memory location, such as system management RAM (SMRAM). At runtime, an operating system may execute with the processor in protected mode. In response to a request to enter a sleep or suspend state, the computing device generates a system management interrupt (SMI). In an SMI handler, the computing device copies the wake code from SMRAM to the reserved memory block. The computing device resumes from the SMI handler to the wake code with the processor in real mode. The wake code enters the low-power idle state and then jumps to a wake vector of the operating system after receiving a wake event. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
22
records
(took 0.013 seconds)
