公开(公告)号：US20050160159A1

公开(公告)日：2005-07-21

申请号：US10746533

申请日：2003-12-24

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06F9/445 ,  G06F15/173 ,  G06F15/177

CPC分类号： G06F15/177 ,  G06F9/4403

摘要： Methods and systems to support XML-based consoles in pre-boot and post OS execution environments. In an embodiment, during pre-boot, XML console in and console out interfaces are loaded, and corresponding API's are published to enable use of the interfaces by various firmware and software components. An XML schema is employed to provide templates for system management console user interface screens and to map various system components to corresponding settings and related data. A system management console host application is run on a remote host or the local system. XML content is passed between the system and the console host application via the XML console interfaces. The XML content is used to generate user interfaces via the console host application and to identify user navigation/menu selection within the user interface screens. The XML console interfaces are also available during OS runtime and OS afterlife, enabling a seamless integration between console appearance during pre-boot, OS runtime, and afterlife.

摘要翻译： 在启动前和后期操作系统执行环境中支持基于XML的控制台的方法和系统。 在一个实施例中，在预引导期间，加载XML控制台和控制台接口，并且发布相应的API以使得能够通过各种固件和软件组件使用接口。 采用XML模式为系统管理控制台用户界面屏幕提供模板，并将各种系统组件映射到相应的设置和相关数据。 系统管理控制台主机应用程序在远程主机或本地系统上运行。 XML内容通过XML控制台界面在系统和控制台主机应用程序之间传递。 XML内容用于通过控制台主机应用程序生成用户界面，并在用户界面屏幕中识别用户导航/菜单选择。 在操作系统运行时间和操作系统后备时间内，还可以使用XML控制台界面，实现在启动前，操作系统运行时和后备时间之间的控制台外观之间的无缝集成。

公开(公告)号：US20050105761A1

公开(公告)日：2005-05-19

申请号：US10713294

申请日：2003-11-14

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06K9/00 ,  G06T1/00 ,  H04L9/00

CPC分类号： G06T1/0035

摘要： Methods for providing and extracting hidden information in firmware images using steganographic processes. Information is hidden in binary firmware images, such as drivers, using a steganographic process in which the functionality of the binaries do not change, and the size is not increased. During a pre-boot phase of a computer system, binary firmware drivers containing hidden steganographic data are identified, and a steganographic extraction process is performed to extract the hidden data. In one embodiment, a hash is employed on an authentic binary image to uniquely identify the op code content. The digest from the hash is stored in the steganographic data. In one embodiment, a vendor's private key and optional signature is used to encrypt the hash. A similar hash is performed on the binary image of a discovered binary firmware driver, and the authentic hash digest is extracted from the steganographic data. The hash digests are compared to authenticate the binary firmware driver.

摘要翻译： 使用隐写处理提供和提取固件图像中的隐藏信息的方法。 信息隐藏在二进制固件映像（如驱动程序）中，使用二进制文件的功能不会更改的隐写过程，并且大小不会增加。 在计算机系统的预启动阶段，识别包含隐藏隐写数据的二进制固件驱动程序，并执行隐写提取处理以提取隐藏数据。 在一个实施例中，在真实二进制图像上采用散列来唯一地识别操作码内容。 来自哈希的摘要存储在隐写数据中。 在一个实施例中，供应商的私钥和可选签名用于加密散列。 对所发现的二进制固件驱动程序的二进制图像执行类似的散列，并从隐写数据中提取真实的散列摘要。 比较哈希摘要来验证二进制固件驱动程序。

公开(公告)号：US20050076196A1

公开(公告)日：2005-04-07

申请号：US10681505

申请日：2003-10-07

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06F9/445 ,  G06F15/177

CPC分类号： G06F9/4411

摘要： A system and method is described that takes an existing operating system (OS) level driver and transforms it into a firmware extension, in one embodiment, for the extensible firmware interface (EFI). In one embodiment, an existing driver is stored in flash memory, without modification. When initializing the system, a mapping driver examines this image. Based on a determined image format and subtype, it is known whether the existing driver is compatible with Linux, Windows, fcode, or another type. Based on the type, the mapping driver either fills in the blanks and maps directly to the EFI services, or rewrites some of the flash with binary (in memory). The driver is typically compressed when in flash memory. Once the OS is booted, the OS uses its own driver.

摘要翻译： 描述了一种采用现有操作系统（OS）级别驱动器并在一个实施例中将其转换为固件扩展的可扩展固件接口（EFI）的系统和方法。 在一个实施例中，现有的驱动程序被存储在闪速存储器中，而无需修改。 当初始化系统时，映射驱动程序会检查此映像。 基于确定的图像格式和子类型，已知驱动程序是否与Linux，Windows，fcode或其他类型兼容。 基于类型，映射驱动程序填充空白并直接映射到EFI服务，或用二进制（内存）重写一些闪存。 驱动程序通常在闪存中被压缩。 操作系统启动后，操作系统将使用自己的驱动程序。

公开(公告)号：US20050060526A1

公开(公告)日：2005-03-17

申请号：US10662110

申请日：2003-09-12

申请人： Michael Rothman ,  Vincent Zimmer

发明人： Michael Rothman ,  Vincent Zimmer

IPC分类号： G06F11/07 ,  G06F15/177

CPC分类号： G06F11/0787 ,  G06F9/4401 ,  G06F11/2289

摘要： An embodiment of the present invention bridges event data from the pre-boot environment to the operating system runtime environment. Event logs are stored in a memory buffer during pre-boot. Prior to launching the operating system (OS), the event log is registered to a known memory location accessible to the OS. A preferred embodiment uses the extensible firmware interface (EFI) configuration table to store the event log. A globally unique identifier (GUID) may be used to identify the memory buffer location. Once accessible to the OS, the event data may be displayed using standard extensible Markup Language (XML) forms, or via any other desired method.

摘要翻译： 本发明的实施例将事件数据从预引导环境桥接到操作系统运行时环境。 事件日志在预引导期间存储在内存缓冲区中。 在启动操作系统（OS）之前，将事件日志注册到操作系统可访问的已知存储位置。 优选实施例使用可扩展固件接口（EFI）配置表来存储事件日志。 可以使用全局唯一标识符（GUID）来标识内存缓冲器位置。 一旦OS可以访问，事件数据可以使用标准可扩展标记语言（XML）形式或通过任何其他所需的方法来显示。

公开(公告)号：US20050044363A1

公开(公告)日：2005-02-24

申请号：US10646606

申请日：2003-08-21

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06F21/00 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0442 ,  G06F21/572 ,  H04L63/0823

摘要： A method and system to access the firmware of a remote computer via a trusted process. The remote computer receives a request to perform a firmware service from a caller computer via a network. The caller computer and remote computer then interact to authenticate the caller computer, and, optionally, the remote computer. If authentication is successful, the firmware service is performed by the remote computer, otherwise access to the firmware service is denied. A cipher negotiation may also be employed to agree upon an encryption scheme to be used to encrypt and decrypt data traffic sent between the caller and remote computers. In one embodiment, the operations of the method are performed via execution of firmware of the remote computer that is configured in accordance with the Extensible Firmware Interface (EFI) framework standard.

摘要翻译： 一种通过可信过程访问远程计算机的固件的方法和系统。 远程计算机经由网络从呼叫者计算机接收执行固件服务的请求。 呼叫者计算机和远程计算机然后进行交互以对呼叫者计算机以及可选地远程计算机进行认证。 如果认证成功，则由远程计算机执行固件服务，否则拒绝对固件服务的访问。 还可以使用密码协商来同意用于加密和解密在呼叫者和远程计算机之间发送的数据业务的加密方案。 在一个实施例中，通过执行根据可扩展固件接口（EFI）框架标准配置的远程计算机的固件来执行该方法的操作。

公开(公告)号：US20050027954A1

公开(公告)日：2005-02-03

申请号：US10633010

申请日：2003-08-01

申请人： Michael Rothman ,  Vincent Zimmer ,  Greg McGrath

发明人： Michael Rothman ,  Vincent Zimmer ,  Greg McGrath

IPC分类号： G06F12/00

CPC分类号： G06F12/0246 ,  G06F2212/1044 ,  G06F2212/7205

摘要： A method and apparatus for managing memory usage. Whether a file stored on a user/hardware accessible portion of a non-volatile memory device in a computing system has been accessed within a predetermined period is determined. If the file has not been accessed within the pre-determined period, the file is purged to enable the recovery of storage space in the user/hardware accessible portion of the non-volatile memory device being occupied by unused or infrequently accessed files.

摘要翻译： 一种用于管理存储器使用的方法和装置。 确定在预定时间段内是否访问存储在计算系统中的非易失性存储器设备的用户/硬件可访问部分上的文件。 如果在预定时段内没有访问该文件，则该文件被清除以使得恢复非易失性存储器设备的用户/硬件可访问部分被未使用或不经常访问的文件占用的存储空间。

公开(公告)号：US20050021847A1

公开(公告)日：2005-01-27

申请号：US10808656

申请日：2004-03-24

申请人： Michael Rothman ,  Vincent Zimmer

发明人： Michael Rothman ,  Vincent Zimmer

IPC分类号： G06F9/40 ,  G06F15/16 ,  G06F15/173 ,  G06F15/177

CPC分类号： G06F9/4405 ,  G06F9/5011

摘要： Methods, apparatus, and systems for sharing resources across a plurality of computing platforms. Firmware provided on each platform is loaded for operating system runtime availability. Shared resources are presented to operating systems running on the platforms as local resources, while in reality they are generally hosted by other platforms. An operating system resource access request is received by a requesting platform and rerouted to another platform that actually hosts a target resource used to service the resource access request. Global resource maps are employed to determine the appropriate host platforms. Communications between the platforms is enabled via an out-of-band (OOB) communication channel or network. A hidden execution mode is implemented to effectuate data rerouting via the OOB channel such that the method is performed in a manner that is transparent to operating systems running on the platforms. The shared resources include storage, input, and video devices. The method can be used to support shared KVM (keyboard, video and mouse) resources.

摘要翻译： 用于在多个计算平台上共享资源的方法，装置和系统。 加载每个平台上提供的固件可用于操作系统运行时可用性。 共享资源被呈现给作为本地资源在平台上运行的操作系统，而实际上它们通常由其他平台承载。 操作系统资源访问请求由请求平台接收并重新路由到实际承载用于服务资源访问请求的目标资源的另一个平台。 采用全球资源图来确定适当的主机平台。 通过带外（OOB）通信信道或网络实现平台之间的通信。 执行隐藏执行模式以通过OOB通道来实现数据重新路由，使得以对平台上运行的操作系统透明的方式执行该方法。 共享资源包括存储，输入和视频设备。 该方法可用于支持共享的KVM（键盘，视频和鼠标）资源。

公开(公告)号：US20070186014A1

公开(公告)日：2007-08-09

申请号：US11689954

申请日：2007-03-22

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06F3/00 ,  G06F13/00

CPC分类号： G06F12/0223 ,  G06F12/0646

摘要： Methods and systems for allocating address space resources to resource requesting peripheral devices in an efficient manner. Resource requests are gathered for enumerated peripheral devices host by a computer platform. A map containing resource alignment requirements is built, and a virtual resource allocation map is computed based on aggregated resource requests and the alignment requirements. The resource aggregations are, in turn, based on a hierarchy of the peripheral devices. A bin-packing algorithm is employed to determine allocation of the resource requests so as to minimize resource address space allocations. The virtual resource map is then used to perform actual resource allocations. The resources include peripheral device I/O address allocation and peripheral device memory address allocations.

摘要翻译： 用于以有效的方式将地址空间资源分配给资源请求外围设备的方法和系统。 为计算机平台主持的枚举的外围设备收集资源请求。 构建了包含资源对齐要求的映射，并且基于聚合的资源请求和对齐要求来计算虚拟资源分配映射。 资源聚合又依赖于外围设备的层次结构。 采用二进制包装算法来确定资源请求的分配，以最小化资源地址空间分配。 然后，虚拟资源映射用于执行实际的资源分配。 资源包括外围设备I / O地址分配和外围设备内存地址分配。

公开(公告)号：US20070143555A1

公开(公告)日：2007-06-21

申请号：US11316068

申请日：2005-12-19

申请人： Daniel Nemiroff ,  Howard Herbert ,  Nimrod Diamant ,  Moshe Maor ,  Carey Smith ,  Amber Huffman ,  Fran Corrado ,  Michael Rothman ,  Vincent Zimmer

发明人： Daniel Nemiroff ,  Howard Herbert ,  Nimrod Diamant ,  Moshe Maor ,  Carey Smith ,  Amber Huffman ,  Fran Corrado ,  Michael Rothman ,  Vincent Zimmer

IPC分类号： G06F12/14

CPC分类号： G06F21/805

摘要： A computer system is disclosed. The computer system includes a storage device, a device controller and a chipset. The device controller includes lock registers having values that correspond to the ranges of locked sectors of the storage device. The lock registers verify if a storage device access request is targeted for ranges of sectors of the storage device that are locked. The chipset includes an embedded controller to authenticate the storage device access request and to manage configuration of the storage device.

摘要翻译： 公开了一种计算机系统。 计算机系统包括存储设备，设备控制器和芯片组。 设备控制器包括具有对应于存储设备的锁定扇区的范围的值的锁定寄存器。 锁定寄存器验证存储设备访问请求是否针对被锁定的存储设备的扇区范围。 该芯片组包括用于认证存储设备访问请求并管理存储设备的配置的嵌入式控制器。

公开(公告)号：US20070074226A1

公开(公告)日：2007-03-29

申请号：US11238177

申请日：2005-09-28

申请人： Vincent Zimmer ,  Michael Rothman

发明人： Vincent Zimmer ,  Michael Rothman

IPC分类号： G06F9/455 ,  G06F9/46

CPC分类号： G06F9/4411 ,  G06F9/45537

摘要： Systems and methods are described herein to provide for device driver isolation from a host operating system on a computing device. Other embodiments include apparatus and system for control of two or more virtual machines, each of the virtual machines isolated from all other virtual machines. Further embodiments include methods for executing an operating system wherein the device driver is isolated from the operating system. Other embodiments are described and claimed.

摘要翻译： 本文描述了系统和方法，以提供与计算设备上的主机操作系统的设备驱动器隔离。 其他实施例包括用于控制两个或多个虚拟机的装置和系统，每个虚拟机与所有其他虚拟机隔离。 另外的实施例包括用于执行操作系统的方法，其中设备驱动器与操作系统隔离。 描述和要求保护其他实施例。