公开(公告)号：US20160378576A1

公开(公告)日：2016-12-29

申请号：US14751733

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： SARATHY JAYAKUMAR ,  MOHAN J. KUMAR ,  VINCENT J. ZIMMER ,  RAJESH POORNACHANDRAN

IPC: G06F9/54

CPC classification number: G06F9/544 ,  G06F9/542

Abstract: This disclosure is directed to firmware-related event notification. A device may comprise an operating system (OS) configured to operate on a platform. During initialization of the device a firmware module in the platform may load at least one globally unique identifier (GUID) into a firmware configuration table. When the platform notifies the OS, the firmware module may load at least one GUID into a platform notification table and may set a platform notification bit in a platform notification table status field. Upon detecting the notification, an OS management module may establish a source of the notification by querying the platform notification table. The platform notification bit may cause the OS management module to compare GUIDs in the platform notification table and the firmware configuration table. Services may be called based on any matching GUIDs. If no GUIDs match, the services may be called based on firmware variables in the device.

Abstract translation: 本公开涉及固件相关事件通知。 设备可以包括被配置为在平台上操作的操作系统（OS）。 在设备初始化期间，平台中的固件模块可以将至少一个全局唯一标识符（GUID）加载到固件配置表中。 当平台通知OS时，固件模块可以将至少一个GUID加载到平台通知表中，并且可以在平台通知表状态字段中设置平台通知位。 在检测到通知之后，OS管理模块可以通过查询平台通知表来建立通知的源。 平台通知位可能导致OS管理模块比较平台通知表中的GUID和固件配置表。 可以根据任何匹配的GUID来调用服务。 如果没有GUID匹配，则可以基于设备中的固件变量来调用服务。

公开(公告)号：US20150370302A1

公开(公告)日：2015-12-24

申请号：US14312017

申请日：2014-06-23

Applicant: Intel Corporation

Inventor： GIRI P. MUDUSURU ,  VINCENT J. ZIMMER ,  KARUNAKARA KOTARY ,  RONALD N. STORY ,  ROBERT C. SWANSON ,  ISAAC W. ORAM

IPC: G06F1/30 ,  G06F13/32 ,  G11C14/00 ,  G11C7/10 ,  G11C11/00 ,  G06F11/14 ,  G06F12/02

CPC classification number: G06F1/30 ,  G06F11/1441 ,  G06F11/2015 ,  G06F12/0246 ,  G06F12/0804 ,  G06F12/0866 ,  G06F12/0875 ,  G06F12/1416 ,  G06F12/1491 ,  G06F13/32 ,  G06F2212/1024 ,  G06F2212/222 ,  G11C5/141

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for a Unified Extensible Firmware Interface (UEFI) with durable storage to provide memory write persistence, for example, in the event of power loss. The system may include a processor to host the firmware interface which may be configured to control access to system variables in a protected region of a volatile memory. The system may also include a power management circuit to provide power to the processor and further to provide a power loss indicator to the firmware interface. The system may also include a reserve energy storage module to provide power to the processor in response to the power loss indicator. The firmware interface is further configured to copy the system variables from the volatile memory to a non-volatile memory in response to the power loss indicator.

Abstract translation: 通常，本公开提供了用于具有耐用存储器的统一可扩展固件接口（UEFI）的系统，设备，方法和计算机可读介质，以提供例如在电力丢失的情况下的存储器写持续性。 该系统可以包括用于托管固件接口的处理器，其可被配置为控制对易失性存储器的受保护区域中的系统变量的访问。 该系统还可以包括电源管理电路，以向处理器提供电力，并进一步向固件接口提供功率损耗指示符。 系统还可以包括备用能量存储模块，以响应于功率损耗指示器向处理器提供电力。 固件接口还被配置为响应于功率损耗指示器将系统变量从易失性存储器复制到非易失性存储器。

公开(公告)号：US20190278611A1

公开(公告)日：2019-09-12

申请号：US16410252

申请日：2019-05-13

Applicant: Intel Corporation

Inventor： KEVIN Y. LI ,  VINCENT J. ZIMMER ,  XIAOHU ZHOU ,  PING WU ,  ZIJIAN YOU ,  MICHAEL A. ROTHMAN

IPC: G06F9/4401 ,  G06F21/74 ,  G06F9/455 ,  H04L9/08

Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.

公开(公告)号：US20190014113A1

公开(公告)日：2019-01-10

申请号：US16116145

申请日：2018-08-29

Applicant: INTEL CORPORATION

Inventor： HORMUZD M. KHOSRAVI ,  BASSAM N. COURY ,  VINCENT J. ZIMMER

IPC: H04L29/06 ,  G06F21/32 ,  G06F21/57 ,  G06F21/60

CPC classification number: H04L63/0876 ,  G06F21/32 ,  G06F21/57 ,  G06F21/606 ,  H04L63/0861 ,  H04L63/102

Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.

公开(公告)号：US20180129502A1

公开(公告)日：2018-05-10

申请号：US15682531

申请日：2017-08-21

Applicant: INTEL CORPORATION

Inventor： NICHOLAS J. ADAMS ,  VINCENT J. ZIMMER ,  LEE G. ROSENBAUM ,  GIRI P. MUDUSURU

IPC: G06F9/30 ,  G06F21/57 ,  G06F21/74 ,  G06F9/34 ,  G06F21/44

CPC classification number: G06F9/30189 ,  G06F9/34 ,  G06F21/44 ,  G06F21/57 ,  G06F21/74

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

公开(公告)号：US20170161124A1

公开(公告)日：2017-06-08

申请号：US15435444

申请日：2017-02-17

Applicant: Intel Corporation

Inventor： SARATHY JAYAKUMAR ,  MOHAN J. KUMAR ,  VINCENT J. ZIMMER ,  RAJESH POORNACHANDRAN

IPC: G06F9/54

CPC classification number: G06F9/544 ,  G06F9/542

Abstract: This disclosure is directed to firmware-related event notification. A device may comprise an operating system (OS) configured to operate on a platform. During initialization of the device a firmware module in the platform may load at least one globally unique identifier (GUID) into a firmware configuration table. When the platform notifies the OS, the firmware module may load at least one GUID into a platform notification table and may set a platform notification bit in a platform notification table status field. Upon detecting the notification, an OS management module may establish a source of the notification by querying the platform notification table. The platform notification bit may cause the OS management module to compare GUIDs in the platform notification table and the firmware configuration table. Services may be called based on any matching GUIDs. If no GUIDs match, the services may be called based on firmware variables in the device.

公开(公告)号：US20160378507A1

公开(公告)日：2016-12-29

申请号：US14748656

申请日：2015-06-24

Applicant: Intel Corporation

Inventor： SAURABH GUPTA ,  VINCENT J. ZIMMER ,  RAJESH POORNACHANDRAN

IPC: G06F9/44 ,  G06F21/44 ,  G06F9/50

CPC classification number: G06F9/4403 ,  G06F9/4401 ,  G06F9/5011 ,  G06F21/44 ,  G06F21/572

Abstract: The present disclosure is directed to firmware block dispatch based on fusing. A device may determine firmware blocks to load during initialization of the device based on fuses set in a processing module in the device. A firmware module may comprise at least a nonvolatile (NV) memory including boot code and a firmware information table (FIT). During initialization the boot code may cause the processing module to read fuse information from a fuse module and to determine at least one firmware block to load based on the fuse information. For example, the fuse information may comprise a fuse string and the processing module may compare the fuse string to the FIT table, determine at least one pointer in the FIT table associated with the fuse string and load at least one firmware block based on a location (e.g., offset) in the NV memory identified by the at least one pointer.

Abstract translation: 本公开涉及基于融合的固件块调度。 设备可以基于设备中的处理模块中设置的熔丝来确定在设备的初始化期间加载的固件块。 固件模块可以包括至少包括引导代码和固件信息表（FIT）的非易失性（NV）存储器。 在初始化期间，引导代码可能导致处理模块从保险丝模块读取熔丝信息，并且基于熔丝信息来确定要加载的至少一个固件块。 例如，熔丝信息可以包括熔丝串，并且处理模块可以将熔丝串与FIT表进行比较，确定与熔丝串相关联的FIT表中的至少一个指针，并基于位置加载至少一个固件块 （例如，偏移）在由至少一个指针所识别的NV存储器中。