公开(公告)号：US12130924B2

公开(公告)日：2024-10-29

申请号：US17134329

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Jiewen Yao ,  Murugasamy K Nachimuthu ,  Ruixia Li ,  Siyuan Fu

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/79

CPC classification number: G06F21/572 ,  G06F21/31 ,  G06F21/575 ,  G06F21/79

Abstract: Methods and apparatus for seamless SMM (System Management Mode) global driver update base on SMM Root-of-Trust. Mechanisms are provided to load and replace SMM drivers at runtime in a secure manner, without requiring an SMM firmware update and platform reset. SMM code is executed by BIOS during boot in a hidden area of memory called SMRAM space. Seamless update using an SMM Global Driver Update provides a method to load and replace all SMM drivers (including SMM infrastructure) on an already shipped platform production for purposes such as bug fixes. The principles and teachings may also be applied to update other types of secure execution mode code in addition to SMM code.

公开(公告)号：US12164906B2

公开(公告)日：2024-12-10

申请号：US16801382

申请日：2020-02-26

Applicant: Intel Corporation

Inventor： Mohan J. Kumar ,  Sarathy Jayakumar ,  Chuan Song ,  Ruixia Li ,  Siyuan Fu ,  Jiaxin Wu ,  Lui He

IPC: G06F8/656 ,  G06F8/654 ,  G06F21/57

Abstract: A modular microcode (uCode) patch method to support runtime persistent update and associated apparatus. The method enables BIOS uCode patches to be received during platform runtime operations and written to first and second uCode extension regions as uCode images for a firmware device layout that further includes a uCode base region in which a current uCode image is stored. Following a platform reset, the first and second uCode extension regions are inspected to determine if one or more valid and newer uCode images (than the current uCode image) are present. If so, the newest uCode image is booted rather than the current uCode image. Following a successful boot, the newest uCode image is copied to the uCode base region to sync-up the current uCode image to the newest version. In one aspect, received uCode images are written to the first and second uCode extension regions in an alternating manner to support roll-back.

公开(公告)号：US20210365559A1

公开(公告)日：2021-11-25

申请号：US17392012

申请日：2021-08-02

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Jiewen Yao ,  Murugasamy Nachimuthu ,  Ruixia Li ,  Siyuan Fu ,  Chuan SONG ,  Wei Xu

IPC: G06F21/57

Abstract: Methods and apparatus for seamless system management mode (SMM) code injection. A code injection listener is installed in BIOS during booting of the computer system or platform. During operating system (OS) runtime operation a secure execution mode code injection image comprising injected code is received and delivered to the BIOS. The processor execution mode is switched to a secure execution mode such as SMM, and while in the secure execution mode the injected code is accessed and executed on the processor to effect one or more changes such as patching processor microcode, a profile or policy reconfiguration, and a security fix. The solution enables platform changes to be effected during OS runtime without having to reboot the system.