公开(公告)号：US20250053424A1

公开(公告)日：2025-02-13

申请号：US18806750

申请日：2024-08-16

Applicant: Intel Corporation

Inventor： Rajesh POORNACHANDRAN ,  Vincent J. ZIMMER ,  Nilesh K. JAIN

IPC: G06F9/445

Abstract: An apparatus, method, and computer-readable medium for reconfiguring a support package for initializing firmware. The apparatus comprises memory, machine-readable instructions, and processor circuitry configured to execute the machine-readable instructions to intercept a write operation to a register of the processor circuitry requesting a configuration profile for the support package. The apparatus further selects an applet for the support package corresponding to the requested configuration profile, reconfigures the support package with the selected applet, and initializes firmware based on the reconfigured support package.

公开(公告)号：US20160246510A1

公开(公告)日：2016-08-25

申请号：US14129791

申请日：2013-10-30

Applicant: INTEL CORPORATION

Inventor： Michael A. ROTHMAN ,  Vincent J. ZIMMER ,  Daniel M. KROGH

IPC: G06F3/06 ,  G06F12/02

CPC classification number: G06F3/0607 ,  G06F3/0655 ,  G06F3/0688 ,  G06F9/44505 ,  G06F12/0246 ,  G06F21/575 ,  G06F21/79 ,  G06F2212/7202

Abstract: Technologies for providing services to a non-volatile store include a computing device having a non-volatile store policy that defines a minimum amount of reserved space in the non-volatile store. The mobile computing device receives a call for services to the non-volatile store, determines useable free space in the non-volatile store based on the non-volatile store policy, and responds to the call for services based on the useable free space. Technologies for platform configuration include a computing device having a firmware environment and an operating system. The firmware environment determines information on configuration settings inaccessible to the operating system and exports the information to the operating system. The operating system determines a new configuration setting based on the exported information, and may configure the computing device at runtime. The operating system may securely pass a configuration directive to the firmware environment for configuration during boot. Other embodiments are described and claimed.

Abstract translation: 向非易失性存储器提供服务的技术包括具有非易失性存储策略的计算设备，该非易失性存储策略定义非易失性存储器中的最小保留空间量。 移动计算设备接收对非易失性存储的服务的呼叫，基于非易失性存储策略确定非易失性存储器中的可用空闲空间，并且基于可用的可用空间来响应对服务的呼叫。 用于平台配置的技术包括具有固件环境和操作系统的计算设备。 固件环境确定关于操作系统无法访问的配置设置的信息，并将信息导出到操作系统。 操作系统基于导出的信息确定新的配置设置，并且可以在运行时配置计算设备。 操作系统可以安全地将配置指令传递给固件环境，以便在引导期间进行配置。 描述和要求保护其他实施例。

公开(公告)号：US20160188881A1

公开(公告)日：2016-06-30

申请号：US14982697

申请日：2015-12-29

Applicant: Intel Corporation

Inventor： Guo DONG ,  Jiewen YAO ,  Vincent J. ZIMMER ,  Michael A. ROTHMAN

IPC: G06F21/57 ,  G06F21/71

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/71 ,  G06F2221/034 ,  G09C1/00 ,  H04L2209/127

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

公开(公告)号：US20160231804A1

公开(公告)日：2016-08-11

申请号：US14915353

申请日：2013-10-31

Applicant: INTEL CORPORATION

Inventor： Mallik BULUSU ,  Vincent J. ZIMMER

IPC: G06F1/32 ,  G06F9/445 ,  G06F9/44

CPC classification number: G06F1/3287 ,  G06F1/3234 ,  G06F8/654 ,  G06F8/656 ,  G06F9/4401 ,  G06F9/4411 ,  Y02D10/171 ,  Y02D10/40 ,  Y02D10/42

Abstract: Technologies for updating firmware in a pre-boot environment include a mobile computing device having a firmware environment and an operating system. In the pre-boot environment, the mobile computing device extracts a firmware update from a capsule previously generated by the operating system and determines a power consumption setting for a hardware component as a function of the firmware update. The mobile computing device configures the hardware component based on the power consumption setting and applies the firmware update in response to configuring the hardware component. The firmware update may include a firmware driver executable in the firmware environment. The hardware component may include a peripheral device or a device controller of the mobile computing device. The mobile computing device may determine a power policy as a function of the firmware update, and determine the power consumption setting as a function of the power policy. Other embodiments are described and claimed.

Abstract translation: 用于在预引导环境中更新固件的技术包括具有固件环境和操作系统的移动计算设备。 在预引导环境中，移动计算设备从先前由操作系统生成的胶囊中提取固件更新，并根据固件更新确定硬件组件的功耗设置。 移动计算设备基于功耗设置配置硬件组件，并响应于配置硬件组件应用固件更新。 固件更新可以包括在固件环境中可执行的固件驱动程序。 硬件组件可以包括移动计算设备的外围设备或设备控制器。 移动计算设备可以根据固件更新来确定功率策略，并且根据功率策略确定功耗设置。 描述和要求保护其他实施例。

公开(公告)号：US20160216974A1

公开(公告)日：2016-07-28

申请号：US14776619

申请日：2014-06-24

Applicant: Ulf R. HANEBUTTE ,  Jiewen YAO ,  Vincet J. ZIMMER ,  INTEL CORPORATION

Inventor： Ulf R. HANEBUTTE ,  Jiewen YAO ,  Vincent J. ZIMMER

IPC: G06F9/44 ,  G06F21/62

CPC classification number: G06F9/4401 ,  G06F21/575 ,  G06F21/62

Abstract: Computing devices, computer-readable storage media, and methods associated with providing an operating system (OS)-absent firmware sensor layer to support a boot process are disclosed herein. In embodiments, a computing device may include a processor and firmware to be operated on the processor. The firmware may include one or more modules and a sensor layer. The sensor layer may be configured to receive, in the OS-absent environment, sensor data produced by a plurality of sensors. The sensor layer may be further configured to selectively provide the sensor data to the one or more modules via an interface of the sensor layer that abstracts the plurality of sensors. Other embodiments may be described and/or claimed.

Abstract translation: 本文公开了计算设备，计算机可读存储介质和与提供操作系统（OS）的固件传感器层相关联以支持引导过程的方法。 在实施例中，计算设备可以包括要在处理器上操作的处理器和固件。 固件可以包括一个或多个模块和传感器层。 传感器层可以被配置为在不存在OS的环境中接收由多个传感器产生的传感器数据。 传感器层可以被进一步配置成经由传感器层的接口抽取多个传感器来选择性地将传感器数据提供给一个或多个模块。 可以描述和/或要求保护其他实施例。

公开(公告)号：US20180144105A1

公开(公告)日：2018-05-24

申请号：US15572767

申请日：2015-06-17

Applicant: Intel Corporation

Inventor： Jiewen YAO ,  Vincent J. ZIMMER ,  Rajesh POORNACHANDRAN

IPC: G06F21/10 ,  G06F21/57 ,  G06F1/14 ,  G06F21/72

Abstract: Apparatuses, methods and storage media associated with managing a computing platform in view of an expiration date are described herein. In embodiments, an apparatus may include a computing platform that includes one or more processors to execute applications; and a trusted execution environment that includes a tamper-proof storage to store an expiration date of the computing platform, and a firmware module to be operated in a secure system management mode to regulate operation of the computing platform in view of at least whether a current date is earlier than the expiration date. Other embodiments may be described or claimed.

公开(公告)号：US20170331814A1

公开(公告)日：2017-11-16

申请号：US15585670

申请日：2017-05-03

Applicant: Intel Corporation

Inventor： Vincent J. ZIMMER ,  Michael A. ROTHMAN

IPC: H04L29/06 ,  G06F21/71 ,  G06F13/40 ,  G06F21/80 ,  G06F21/72 ,  G06F21/57 ,  H04L9/32

CPC classification number: H04L63/0823 ,  G06F13/4068 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/08

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment

公开(公告)号：US20180349631A1

公开(公告)日：2018-12-06

申请号：US15777721

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Ajith K. ILLENDULA ,  Kshitij A. DOSHI ,  Vincent J. ZIMMER

IPC: G06F21/62 ,  G06F17/30 ,  H04L29/06

CPC classification number: G06F15/16 ,  G06F17/30076 ,  G06F21/6227

Abstract: Systems, apparatuses and methods may provide for a memory apparatus that includes a client-side address space dedicated to an accessor of obfuscated multi-tenant data, wherein an executable view generation library is stored to the client-side address space. In one example, the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data.

公开(公告)号：US20180341774A1

公开(公告)日：2018-11-29

申请号：US15778980

申请日：2015-12-24

Applicant: INTEL CORPORATION

Inventor： Jiewen YAO ,  Vincent J. ZIMMER ,  Wei LI ,  Rajesh POORNACHANDRAN ,  Giri P. MUDUSURU

IPC: G06F21/57 ,  G06F21/53 ,  G06F21/44

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F9/547 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/572

Abstract: Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.

公开(公告)号：US20180165144A1

公开(公告)日：2018-06-14

申请号：US15372734

申请日：2016-12-08

Applicant: INTEL CORPORATION

Inventor： Ashok RAJ ,  Narayan RANGANATHAN ,  Mohan J. KUMAR ,  Vincent J. ZIMMER

IPC: G06F11/07 ,  G06F9/30

CPC classification number: G06F11/0787 ,  G06F9/3016 ,  G06F11/0766

Abstract: A processor includes an instruction decoder to receive an instruction to perform a machine check operation, the instruction having a first operand and a second operand. The processor further includes a machine check logic coupled to the instruction decoder to determine that the instruction is to determine a type of a machine check bank based on a command value stored in a first storage location indicated by the first operand, to determine a type of a machine check bank identified by a machine check bank identifier (ID) stored in a second storage location indicated by the second operand, and to store the determined type of the machine check bank in the first storage location indicated by the first operand.