公开(公告)号：US20140380033A1

公开(公告)日：2014-12-25

申请号：US14478603

申请日：2014-09-05

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F9/44 ,  H04L12/24

CPC分类号： G06F9/4408 ,  G06F9/4401 ,  H04L41/0803 ,  H04L69/32

摘要： A computer system is partitioned during a pre-boot phase of the computer system between a first partition and a second partition, wherein the first partition to include a first processing unit and the second partition to include a second processing unit. An Input/Output (I/O) operating system is booted on the first partition. A general purpose operating system is booted on the second partition. Network transactions are issued by the general purpose operating system to be performed by the I/O operating system. The network transactions are performed by the I/O operating system.

摘要翻译： 计算机系统在计算机系统的预引导阶段在第一分区和第二分区之间进行分区，其中第一分区包括第一处理单元，第二分区包括第二处理单元。 在第一个分区上引导输入/输出（I / O）操作系统。 通用操作系统在第二个分区上启动。 网络事务由通用操作系统由I / O操作系统执行。 网络事务由I / O操作系统执行。

公开(公告)号：US11360907B2

公开(公告)日：2022-06-14

申请号：US16490523

申请日：2017-03-30

申请人： Intel Corporation

发明人： Junjing Shi ,  Qin Long ,  Liming Gao ,  Michael A. Rothman ,  Vincent J. Zimmer

IPC分类号： G06F12/0893 ,  G06F21/12 ,  G06F12/14 ,  G06F8/41

摘要： A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.

公开(公告)号：US10684865B2

公开(公告)日：2020-06-16

申请号：US16410252

申请日：2019-05-13

申请人： Intel Corporation

发明人： Kevin Y. Li ,  Vincent J. Zimmer ,  Xiaohu Zhou ,  Ping Wu ,  Zijian You ,  Michael A. Rothman

IPC分类号： G06F21/74 ,  G06F9/4401 ,  G06F9/455 ,  H04L9/08

摘要： The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.

公开(公告)号：US10585702B2

公开(公告)日：2020-03-10

申请号：US14171509

申请日：2014-02-03

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman ,  Mark Doran

IPC分类号： G06F9/46 ,  G06F13/00 ,  G06F15/00 ,  G06F9/50

摘要： In some embodiments, the invention involves partitioning resources of a manycore platform for simultaneous use by multiple clients, or adding/reducing capacity to a single client. Cores and resources are activated and assigned to a client environment by reprogramming the cores' route tables and source address decoders. Memory and I/O devices are partitioned and securely assigned to a core and/or a client environment. Instructions regarding allocation or reallocation of resources is received by an out-of-band processor having privileges to reprogram the chipsets and cores. Other embodiments are described and claimed.

公开(公告)号：US10289425B2

公开(公告)日：2019-05-14

申请号：US14772605

申请日：2014-03-19

申请人： Intel Corporation

发明人： Kevin Y. Li ,  Vincent J. Zimmer ,  Xiaohu Zhou ,  Ping Wu ,  Zijian You ,  Michael A. Rothman

IPC分类号： G06F21/74 ,  G06F9/4401 ,  G06F9/455 ,  H04L9/08

摘要： The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.

公开(公告)号：US10007528B2

公开(公告)日：2018-06-26

申请号：US13683748

申请日：2012-11-21

申请人： Intel Corporation

发明人： Guy M. Therien ,  Paul Diefenbaugh ,  Anil Aggarwal ,  Andrew D. Henroid ,  Jeremy J. Shrall ,  Efraim Rotem ,  Krishnakanth V. Sistla ,  Eliezer Weissmann ,  Mohan Kumar ,  Sarathy Jayakumar ,  Jose Andy Vargas ,  Neelam Chandwani ,  Michael A. Rothman ,  Robert Gough ,  Mark Doran

IPC分类号： G06F17/30 ,  G06F9/4401 ,  G06F9/44 ,  G06F9/445 ,  G06F1/28 ,  G06F11/36 ,  G06F1/26 ,  G06F9/22 ,  G06F11/30 ,  G06F11/34 ,  G06F9/30 ,  G06F1/20 ,  G06F15/78 ,  G06F1/32 ,  G06F9/38

CPC分类号： G06F9/4403 ,  G06F1/206 ,  G06F1/26 ,  G06F1/28 ,  G06F1/32 ,  G06F1/3203 ,  G06F1/3234 ,  G06F1/324 ,  G06F1/3275 ,  G06F1/3296 ,  G06F9/22 ,  G06F9/30098 ,  G06F9/3012 ,  G06F9/384 ,  G06F9/44 ,  G06F9/4401 ,  G06F9/4418 ,  G06F9/445 ,  G06F11/3024 ,  G06F11/3409 ,  G06F11/3447 ,  G06F11/3466 ,  G06F11/3664 ,  G06F11/3672 ,  G06F11/3688 ,  G06F15/7871 ,  G06F16/2282 ,  G06F2209/501 ,  G06F2217/78 ,  Y02D10/126 ,  Y02D10/172

摘要： In some embodiments, a PPM interface may be provided with functionality to facilitate to an OS memory power state management for one or more memory nodes, regardless of a particular platform hardware configuration, as long as the platform hardware is in conformance with the PPM interface.

公开(公告)号：US09942219B2

公开(公告)日：2018-04-10

申请号：US15585670

申请日：2017-05-03

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： H04L29/06 ,  G06F13/40 ,  G06F21/57 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F13/4068 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/08

摘要： In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

公开(公告)号：US09626196B2

公开(公告)日：2017-04-18

申请号：US14222014

申请日：2014-03-21

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： H04L29/06 ,  G06F9/24 ,  G06F9/44

CPC分类号： G06F9/4416 ,  G06F9/4401 ,  G06F21/575 ,  H04L1/0041 ,  H04L9/3268 ,  H04L63/0823 ,  H04L65/4076 ,  H04L67/34

摘要： Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

公开(公告)号：US09563775B2

公开(公告)日：2017-02-07

申请号：US14982697

申请日：2015-12-29

申请人： Intel Corporation

发明人： Guo Dong ,  Jiewen Yao ,  Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F3/00 ,  G06F21/57 ,  G06F21/71 ,  G06F9/44

CPC分类号： G06F21/575 ,  G06F9/4401 ,  G06F21/71 ,  G06F2221/034 ,  G09C1/00 ,  H04L2209/127

摘要： Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

摘要翻译： 用于在计算设备上改进平台初始化的技术包括使用计算设备的基本输入/输出系统（BIOS）开始初始化计算设备的平台。 当从BIOS模块接收到安全处理器命令时，安全协处理器驱动程序模块将一个安全协处理器命令添加到命令列表中。 计算设备建立平台的初始化的周期性中断，以向安全协处理器询问关于先前提交的安全协处理器命令的响应的可用性，将由安全协处理器驱动器模块接收的任何响应转发到 BIOS模块，并将命令列表中的下一个安全协处理器命令提交给安全协处理器。

公开(公告)号：US08786622B2

公开(公告)日：2014-07-22

申请号：US13722088

申请日：2012-12-20

申请人： Intel Corporation

发明人： Jerry Zhao ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Qian Ouyang

IPC分类号： G09G5/00

CPC分类号： G06F9/45533 ,  G06F9/451

摘要： Methods and apparatus to provide dynamic messaging services are disclosed. An example method includes determining, in a pre-boot environment, supported dimensions for display of information on the display screen; generating, in the pre-boot environment, restricted dimensions that are less than the supported dimensions; providing the restricted dimensions to an operating system of a virtual machine supported by a virtual machine manager, wherein the restricted dimensions define a boundary between a first screen portion and a second screen portion; displaying first information in the first screen portion and displaying second information in the second screen portion; and preventing, via the virtual machine manager, elimination of the first screen portion from the display screen.

摘要翻译： 公开了提供动态消息接发服务的方法和装置。 示例性方法包括在预引导环境中确定用于在显示屏幕上显示信息的支持尺寸; 在预引导环境中生成小于所支持尺寸的限制尺寸; 向所述虚拟机管理器支持的虚拟机的操作系统提供所述限制的维度，其中所述受限维度定义了第一屏幕部分和第二屏幕部分之间的边界; 在第一屏幕部分显示第一信息并在第二屏幕部分显示第二信息; 并且经由虚拟机管理器防止从显示屏幕消除第一屏幕部分。