-
公开(公告)号:US20210096838A1
公开(公告)日:2021-04-01
申请号:US16584138
申请日:2019-09-26
Applicant: DELL PRODUCTS L.P.
Inventor: Balasingh P. Samuel , Zhaohui Yu , Bibby Yeh
Abstract: A system for sequencing firmware updates comprising a sequenced payload creation system operating on a processor and configured to receive two or more firmware payload sets and to generate a payload sequence for the two or more firmware payload sets. A BIOS payload system operating on the processor and configured to receive the two or more firmware payload sets and the payload sequence and to generate a basic input/output system (BIOS) payload. A BIOS locking system operating on the processor and configured to receive the BIOS payload and to generate a secure BIOS executable.
-
公开(公告)号:US10684913B2
公开(公告)日:2020-06-16
申请号:US15962665
申请日:2018-04-25
Applicant: DELL PRODUCTS L.P.
Inventor: Craig L. Chaiken , Balasingh P. Samuel , Zhao Hui Yu
Abstract: Systems and methods are provided that may be implemented to detect and optionally recover corrupted system configuration data written to non-volatile random access memory (NVRAM). The disclosed systems and methods may be implemented by writing a copy of the NVRAM data to volatile system memory (e.g., RAM) while the system is active. Error correction code (ECC) data may written to the NVRAM when the system enters a lower power state. When the system resumes from the low power state, the copy of data is made in system RAM from the NVRAM, and the ECC data is used to determine whether there are errors in NVRAM data, in which case the ECC data may be used to correct data in the copy on RAM before writing the corrected data to NVRAM from the system RAM.
-
43.发明申请公开(公告)号:US20250156194A1
公开(公告)日:2025-05-15
申请号:US18505170
申请日:2023-11-09
Applicant: Dell Products, L.P.
Inventor: Ibrahim Sayyed , Balasingh P. Samuel , Daniel L. Hamlin
IPC: G06F9/4401
Abstract: Systems and methods for resuming pre-boot and service Operating System (OS) applications are described. In some embodiments, an Information Handling System (IHS) may include an Embedded Controller (EC), and a memory coupled to, or integrated into, the EC, where the memory comprises program instructions that, upon execution by the EC, cause the EC to record a state of a pre-boot or Service Operating System (SOS) application and, in response to a reboot of the IHS, resume the pre-boot or SOS application in the recorded state.
-
公开(公告)号:US11960372B2
公开(公告)日:2024-04-16
申请号:US17686651
申请日:2022-03-04
Applicant: Dell Products L.P.
Inventor: Balasingh P. Samuel , Sungsup Lee
CPC classification number: G06F11/2284 , G06F21/575 , G06F21/577 , G06F21/64
Abstract: An information handling system includes a memory and a processor. The memory stores a basic input/output system (BIOS). The processor monitors the BIOS for a unified extensible firmware interface (UEFI) event. In response to a detection of the UEFI event, the processor reads a preauthorized event callback order. The processor compares a callback order for the UEFI event with the preauthorized event callback order. Based on the callback order for the UEFI event not matching the preauthorized event callback order, the processor detects a potential vulnerability in the UEFI event. In response to the detected potential vulnerability in the UEFI event, the processor dispatches one or more callback functions from the preauthorized event callback order.
-
公开(公告)号:US11921858B2
公开(公告)日:2024-03-05
申请号:US17341567
申请日:2021-06-08
Applicant: Dell Products L.P.
Inventor: Balasingh P. Samuel , Adolfo S. Montero
CPC classification number: G06F21/575 , H04L9/3236 , H04L9/3265
Abstract: A system for protecting an information handling system from alterations in chain sequencing uses a root of trust to secure transition points between entities in a sequence according to a chain of trust stored in a chain of trust database. Before transitioning control from a first entity transferring control to a second entity receiving control, the root of trust validates the transferring entity and the receiving entity. Failure to validate both entities results in the root of trust stopping the boot process to prevent malicious code from interfering with the BIOS executing the correct steps in the process.
-
Patent Agency Ranking
公开(公告)号:US11915015B2
公开(公告)日:2024-02-27
申请号:US17459557
申请日:2021-08-27
Applicant: Dell Products, L.P.
Inventor: Balasingh P. Samuel , Vivek Viswanathan Iyer
CPC classification number: G06F9/44505 , G06F1/26 , G06F13/4068
Abstract: Systems and methods provide isolated workspaces operating on an IHS (Information Handling System) with use of pre-boot resources of the IHS that are not directly accessible by the workspaces. Upon notification of a workspace initialization, a segregated variable space, such as a segregated memory utilized by a UEFI (Unified Extensible Firmware Interface) of the IHS, is specified for use by the workspace. The segregated variable space is initialized and populated with pre-boot variables, such as UEFI variables, that are allowed for configuration by the workspace. Upon a workspace issuing a request to configure a pre-boot variable, the segregated variable space is identified that was mapped for use by the workspace. The requested pre-boot variable configuration is allowed based on whether the pre-boot variable is populated in the segregated variable space. When the requested pre-boot variable configuration is allowed, the pre-boot variable is configured on behalf of the workspace.
-
公开(公告)号:US11876900B2
公开(公告)日:2024-01-16
申请号:US17747160
申请日:2022-05-18
Applicant: DELL PRODUCTS L.P.
Inventor: Nicholas D. Grobelny , Richard M. Tonry , Balasingh P. Samuel
CPC classification number: H04L9/0869 , G06F21/12 , G06F21/52 , G06F21/54 , G06F21/64 , H04L9/0643 , H04L9/0877 , H04L9/0897
Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.
-
公开(公告)号:US11741231B2
公开(公告)日:2023-08-29
申请号:US16857567
申请日:2020-04-24
Applicant: Dell Products L.P.
Inventor: Balasingh P. Samuel , Baris Tas
IPC: G06F21/57
CPC classification number: G06F21/572 , G06F2221/033
Abstract: A BIOS may include a plurality of protocol drivers and a protocol notification manager configured to receive a protocol notification registration from a consumer driver of the plurality of protocol drivers, receive a unique key associated with the consumer driver, receive a pre-authorized list from a producer driver of the plurality of protocol drivers, the pre-authorized list comprising one or more signed consumer identifiers, each of the one or more signed consumer identifiers identifying a respective one of the plurality of protocol drivers authorized to receive a protocol notification from the producer driver, determine if the unique key successfully decrypts a signed consumer identifier associated with the consumer driver, and perform access control of protocol notification from the producer driver to the consumer driver based on whether the unique key successfully decrypts the signed consumer identifier associated with the consumer driver.
-
公开(公告)号:US11663344B2
公开(公告)日:2023-05-30
申请号:US17332184
申请日:2021-05-27
Applicant: Dell Products L.P.
Inventor: Balasingh P. Samuel , Richard Martin Tonry , Adolfo S. Montero , Jacob Vincent Mink
CPC classification number: G06F21/604 , G06F21/44 , G06F21/572
Abstract: A method for binding applications to a platform root of trust includes pre-provisioning application binding components in an information handling system. An application requesting OS access sends its access control list (ACL) and application metadata to the BIOS, which performs initial checks. The BIOS responds with platform metadata and a first nonce. The application communicates the metadata, the first nonce and a second nonce to a server. The server checks the nonces and metadata, creates a third nonce and an application binding object (ABO). The application checks the nonces and sends a binding certificate to the BIOS. The BIOS checks the nonces, creates a binding certificate, verifies the binding certificate and sends a binding session credential (BSC) to the application. The application binds the BSC with platform credentials.
-
50.发明授权公开(公告)号:US11657158B2
公开(公告)日:2023-05-23
申请号:US17328466
申请日:2021-05-24
Applicant: Dell Products L.P.
Inventor: Balasingh P. Samuel , Richard M. Tonry
CPC classification number: G06F21/575 , G06F21/54 , G06F21/554 , G06F21/64 , G06F21/72
Abstract: A method may comprise, on a basic input/output system (BIOS), executing a hardware attestation verification application configured to: (a) during a first boot session of the information handling system comprising the BIOS, execute a first stage of an update to the information handling system and securely record a platform state record associated with beginning of execution of a second stage of the update; and (b) during a second boot session of the information handling system: (i) obtain the platform state record; (ii) compare the platform state record to an actual platform state during boot process of the second boot session; and (iii) if the platform state record matches the actual platform state during boot process of the second boot session, permit execution of the second state of the update.
-
-
-
-
-
-
-
-
-
Search Results
53
records
(took 0.021 seconds)
