-
公开(公告)号:US20140325197A1
公开(公告)日:2014-10-30
申请号:US14016995
申请日:2013-09-03
发明人: Timothy A. LEWIS , Jinson TSAI , Derek HSU
IPC分类号: G06F9/44
CPC分类号: G06F9/4418
摘要: A specialized boot path for speeding up resume from a sleep state is discussed. In a UEFI-compliant system, a specially constructed alternate firmware volume is created which contains only the code modules used during resumption from an S3 sleep state. This alternate firmware volume is copied into Random Access Memory (RAM) during a normal boot. When the system subsequently enters the S3 sleep state and then begins the resume boot process, code in the boot sequence detects it is a resume from an S3 sleep state, restores a RAM configuration and jumps execution to a Pre-EFI Initialization (PEI) core entry point in the alternate firmware volume in RAM instead of to a firmware volume in ROM. This alternate firmware volume performs specified S3 resume tasks and then returns control to the operating system.
摘要翻译: 讨论了一种用于从睡眠状态加速恢复的专用启动路径。 在符合UEFI标准的系统中,创建了一个专门构建的备用固件卷,仅包含从S3休眠状态恢复期间使用的代码模块。 在常规引导期间,此替代固件卷被复制到随机存取存储器(RAM)中。 当系统随后进入S3休眠状态,然后开始恢复引导过程时,引导顺序中的代码检测到它是从S3休眠状态的恢复,恢复RAM配置并跳转执行到EFI初始化(PEI)内核 RAM中的备用固件卷中的入口点,而不是ROM中的固件卷。 此备用固件卷执行指定的S3恢复任务,然后将控制权返回给操作系统。
-
公开(公告)号:US20140289436A1
公开(公告)日:2014-09-25
申请号:US14204704
申请日:2014-03-11
发明人: Timothy Andrew LEWIS
IPC分类号: G06F13/24
CPC分类号: G06F13/24
摘要: A mechanism for reducing the cost of providing network-based remote platform management by allowing system firmware to communicate with a remote platform administrator or process by sharing a NIC that is also used for normal network traffic is discussed. The dual use of the NIC reduces the cost of remote platform management by removing the need for a secondary controller or CPU core on the computing device that is dedicated to remote management tasks. Additionally, performance in the computing device improves as a byproduct of a CPU core or thread not being dedicated to the management task and instead being available for handling of other tasks.
摘要翻译: 讨论了通过允许系统固件与远程平台管理员或进程通信共享一个也用于正常网络流量的NIC来降低提供基于网络的远程平台管理成本的机制。 NIC的双重使用通过消除对专用于远程管理任务的计算设备上的辅助控制器或CPU核心的需要来降低远程平台管理的成本。 此外,计算设备中的性能作为CPU核心或线程的副产品而不是专用于管理任务而改进,而是可用于处理其他任务。
-
公开(公告)号:US20140136828A1
公开(公告)日:2014-05-15
申请号:US14074270
申请日:2013-11-07
发明人: Timothy Andrew LEWIS , Jeremy WANG , Peter YU , Lawrence CHIU
IPC分类号: G06F9/44
摘要: A technique for managing a Unified Extensible Firmware Interface (UEFI) Basic Input/Output System (BIOS)-controlled computing device from a separate mobile computing device is discussed.
摘要翻译: 讨论了用于从单独的移动计算设备管理统一的可扩展固件接口(UEFI)基本输入/输出系统(BIOS)控制的计算设备的技术。
-
公开(公告)号:US20130104188A1
公开(公告)日:2013-04-25
申请号:US13657003
申请日:2012-10-22
发明人: Trevor WESTERN , Jeffery Jay BOBZIN
IPC分类号: G06F21/00
CPC分类号: G06F21/57
摘要: A mechanism for controlling the execution of Option ROM code on a Unified Extensible Firmware Interface (UEFI)-compliant computing device is discussed. A security policy enforced by the firmware may be configured by the computing platform designer/IT administrator to take different actions for different types of detected expansion cards or other devices due to the security characteristics of Option ROM drivers associated with the expansion card or device. The security policy may specify whether authorized signed UEFI Option ROM drivers, unauthorized but signed UEFI Option ROM drivers, unsigned UEFI Option ROM drivers and legacy Option ROM drivers are allowed to execute on the UEFI-compliant computing device.
摘要翻译: 讨论了在统一的可扩展固件接口(UEFI)兼容计算设备上控制Option ROM代码执行的机制。 由固件执行的安全策略可由计算平台设计人员/ IT管理员配置,以对不同类型的检测到的扩展卡或其他设备采取不同的操作,这是由于与扩展卡或设备相关的Option ROM驱动程序的安全特性。 安全策略可以指定是否允许授权签名的UEFI选件ROM驱动程序,未经授权但签名的UEFI选件ROM驱动程序,未签名的UEFI选件ROM驱动程序和传统Option ROM驱动程序在符合UEFI的计算设备上执行。
-
45.发明申请SYSTEM AND METHOD FOR PROCESSING REQUESTS TO ALTER SYSTEM SECURITY DATABASES AND FIRMWARE STORES IN A UNIFIED EXTENSIBLE FIRMWARE INTERFACE-COMPLIANT COMPUTING DEVICE 有权用于处理要求的系统和方法,用于在统一的可扩展固件接口兼容计算设备中更改系统安全数据库和固件存储公开(公告)号:US20120260082A1
公开(公告)日:2012-10-11
申请号:US13441198
申请日:2012-04-06
申请人: Jeffery Jay BOBZIN
发明人: Jeffery Jay BOBZIN
IPC分类号: G06F9/44
CPC分类号: G06F9/4411 , G06F21/572
摘要: A mechanism for allowing firmware in a UEFI-compliant device to implement the UEFI specification driver signing and Authenticated Variable elements while at the same time protecting the system security database holding the library of approved keys and lists of allowed and forbidden programs from unauthorized modifications is discussed.
摘要翻译: 讨论了允许UEFI兼容设备中的固件实现UEFI规范驱动程序签名和已认证可变元素的机制,同时保护保存已批准密钥库的系统安全数据库和允许和禁止的程序列表免遭未经授权的修改 。
-
公开(公告)号:US08181020B2
公开(公告)日:2012-05-15
申请号:US11344856
申请日:2006-02-01
申请人: Rex A. Flynn
发明人: Rex A. Flynn
IPC分类号: H04L29/06
CPC分类号: G06F8/66 , G06F9/4406 , G06F12/1408 , G06F21/572 , G06F21/575
摘要: A mechanism for creating and accessing a secure storage area for firmware that stores a “Virtual ROM” module reference or pointer in the actual ROM that includes a unique identifier for the virtual ROM module to be retrieved is discussed. The actual ROM image also contains a generated unique identifier for the whole machine. In retrieving a Virtual ROM module, both the module identifier and the machine identifier are used. Once retrieved, the module is validated using a message digest stored in the Virtual ROM module reference. If required, the Virtual ROM module is then decrypted using a secret key that is stored elsewhere in the actual ROM. Updates to the Virtual ROM module are made in memory by pre-boot code. At a point in time when these updates are complete, the Virtual ROM module is written back out to the location from which it was retrieved. The Virtual ROM module reference that is in the actual ROM is updated to reflect the new message digest value and the module reference and the machine identifier used for the PC are write-disabled. Additionally, if the storage has been encrypted, and a secret key is being used, the region of the actual ROM that contains the secret key is read-disabled.
摘要翻译: 讨论了一种用于创建和访问固件的安全存储区域的机制,其将包含用于要检索的虚拟ROM模块的唯一标识符的“虚拟ROM”模块引用或指针存储在实际ROM中。 实际的ROM映像还包含一个为整个机器生成的唯一标识符。 在检索虚拟ROM模块时,使用模块标识符和机器标识符。 一旦检索到,则使用存储在虚拟ROM模块引用中的消息摘要来验证模块。 如果需要,则使用存储在实际ROM中的其他地方的密钥对虚拟ROM模块进行解密。 虚拟ROM模块的更新通过预引导代码在内存中进行。 在这些更新完成的时间点,虚拟ROM模块将被写回到它被检索的位置。 实际ROM中的虚拟ROM模块引用被更新以反映新的消息摘要值,并且用于PC的模块引用和机器标识符被写禁用。 此外,如果存储器已被加密,并且正在使用秘密密钥,则包含秘密密钥的实际ROM的区域被读取禁用。
-
公开(公告)号:US20110161646A1
公开(公告)日:2011-06-30
申请号:US12654618
申请日:2009-12-24
申请人: David Yu , Lawrence Chiu , Jeremy Wang , Sam Lo , Giant Liang , Susan Su
发明人: David Yu , Lawrence Chiu , Jeremy Wang , Sam Lo , Giant Liang , Susan Su
CPC分类号: G06F9/4401 , G06F9/4411
摘要: A method for performing a quick boot and a general boot at a basic input output system (BIOS) stage is described. A computer is powered on. An embedded controller firmware or a BIOS determines whether a quick boot key is pressed. If the quick boot key is not pressed, a boot flag is changed from Quick Boot to General Boot. If the quick boot key is pressed, the BIOS determines whether the boot flag is set to Quick Boot. If it is determined that the boot flag is set to Quick Boot, an initialization of drivers preset by the quick boot is performed, and uninitialized drivers are initialized at a stage when an operating system is started. If it is determined that the boot flag is set to General Boot, an initialization of all drivers is performed.
摘要翻译: 描述了在基本输入输出系统(BIOS)阶段执行快速启动和一般启动的方法。 计算机已通电。 嵌入式控制器固件或BIOS确定是否按下快速启动键。 如果未按快速启动键,则引导标志将从快速引导更改为常规引导。 如果按下快速启动键,BIOS会确定引导标志是否设置为快速启动。 如果确定引导标志设置为快速引导,则执行通过快速引导预设的驱动程序的初始化,并且未初始化的驱动程序在操作系统启动的阶段被初始化。 如果确定引导标志设置为通用引导,则会执行所有驱动程序的初始化。
-
公开(公告)号:US11836254B2
公开(公告)日:2023-12-05
申请号:US16130039
申请日:2018-09-13
发明人: Timothy Andrew Lewis
CPC分类号: G06F21/572 , G06F9/4411 , G06F9/545 , G06F21/44 , G06F21/57 , G06F21/606 , H04L9/0869 , H04L9/3213
摘要: A mechanism for securing a series of related function calls for firmware services using session tokens is discussed.
-
公开(公告)号:US11815944B2
公开(公告)日:2023-11-14
申请号:US17176273
申请日:2021-02-16
发明人: Timothy Andrew Lewis
CPC分类号: G06F21/572 , G06F21/45 , G06F21/54 , G06F21/554 , G06F21/602 , G06F2221/0751
摘要: Systems and methods for securing firmware function calls are discussed. More particularly, mechanisms for reducing the chance of tampering and information disclosure attacks against firmware function calls implemented in SMM/MM are described. Data may be passed to and from a calling entity to platform firmware via a communication channel where both the data and the means of decrypting the data are protected from potential snooping OS applications, drivers or DMA-enabled hardware devices.
-
50.发明授权公开(公告)号:US11507700B2
公开(公告)日:2022-11-22
申请号:US17062927
申请日:2020-10-05
发明人: Timothy Andrew Lewis
摘要: A secure computing platform and method for securely enabling inserted or replacement hardware devices during boot of a computing platform are discussed. More particularly, an authorized list holding identifying information associated with approved insertable or replaceable hardware devices is maintained in non-volatile storage and checked by the firmware during a platform boot sequence against identifying information provided by the inserted or replacement hardware devices. Only devices whose information matches the stored authorized list information are enabled.
-
-
-
-
-
-
-
-
-
搜索结果
91 条记录 (耗时 0.012 秒)
