公开(公告)号：US07668945B2

公开(公告)日：2010-02-23

申请号：US11506738

申请日：2006-08-18

申请人： Mark S. Doran ,  Vincent J. Zimmer ,  Michael A. Rothman

发明人： Mark S. Doran ,  Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F15/177 ,  G06F9/00 ,  G06F9/24 ,  H04L9/32

CPC分类号： H04L12/66 ,  H04L29/12216 ,  H04L61/2007

摘要： Embodiments of a system and method for enabling a target computer to download a boot image and operating system from a boot server computer over a network are described. The target computer system includes a host processor environment and a platform management coprocessor subsystem that includes a microcontroller for providing manageability of the target computer platform. During a network boot procedure, the platform management coprocessor code employs a network access channel to retrieve the boot server name and a network address for the target computer. The platform management coprocessor code implements security measures to help ensure secure interaction between the boot server and the target computer. Once the secure association is established, the network boot process uses the BIOS code for the successive bulk downloads of the operating system to be loaded onto the target computer. Other embodiments are described and claimed.

摘要翻译： 描述了一种用于使目标计算机能够通过网络从引导服务器计算机下载引导映像和操作系统的系统和方法的实施例。 目标计算机系统包括主处理器环境和平台管理协处理器子系统，其包括用于提供目标计算机平台的可管理性的微控制器。 在网络引导过程中，平台管理协处理器代码采用网络访问通道来检索目标计算机的引导服务器名称和网络地址。 平台管理协处理器代码实现安全措施，以确保引导服务器与目标计算机之间的安全交互。 一旦建立了安全关联，网络启动过程就会使用BIOS代码来连接大量下载的操作系统，以将其加载到目标计算机上。 描述和要求保护其他实施例。

公开(公告)号：US20090327741A1

公开(公告)日：2009-12-31

申请号：US12165593

申请日：2008-06-30

申请人： Vincent J. Zimmer ,  Michael A. Rothman

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F15/177 ,  H04K1/00

CPC分类号： G06F21/575 ,  G06F21/00 ,  H04W12/10

摘要： In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，本发明涉及为平台所有者或管理员添加能力，以确保固件仅以所有者授权的方式执行，例如由安全处理器管理的签名组件。 实施例可以通过使用耦合到移动因特网设备（MID）中的安全处理器的加密单元作为存储根（RTS）存储根密钥（SRK）的信任根源来扩展用于测量的信任核心根（CRTM） ），进入统一的可扩展固件接口（UEFI）平台初始化（PI）映像授权和引导管理器。 描述和要求保护其他实施例。

公开(公告)号：US20090319763A1

公开(公告)日：2009-12-24

申请号：US12142086

申请日：2008-06-19

申请人： Vincent J. Zimmer ,  Michael A. Rothman ,  Mark S. Doran

发明人： Vincent J. Zimmer ,  Michael A. Rothman ,  Mark S. Doran

IPC分类号： G06F9/00

CPC分类号： G06F9/4401

摘要： A method and apparatus for providing platform initialization enhancements is discussed herein. In one embodiment, buses, activities, devices, and/or nodes to be processed during boot, are processed in a non-blocking fashion, which potentially results in faster boot times. Moreover, some devices/nodes, such as root nodes, may be boot in an early phase of initialization to enhance both available resources and initialization times. Furthermore, early connects in an early phase of initialization may be performed to construct partial or entire device paths, which also potentially results in faster boot times.

摘要翻译： 本文讨论了一种用于提供平台初始化增强的方法和装置。 在一个实施例中，在引导期间要处理的总线，活动，设备和/或节点以非阻塞方式被处理，这可能导致更快的启动时间。 此外，一些设备/节点（例如根节点）可以在初始化的早期阶段被引导以增强可用资源和初始化时间。 此外，可以执行初始化的早期阶段中的早期连接以构建部分或整个设备路径，这也可能导致更快的启动时间。

公开(公告)号：US07594077B2

公开(公告)日：2009-09-22

申请号：US11530246

申请日：2006-09-08

申请人： Vincent J. Zimmer ,  Michael A. Rothman

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F12/00

CPC分类号： G06F11/1076 ,  G06F8/60 ,  G06F2211/1059

摘要： A method according to one embodiment may include partitioning a plurality of core processors into a main partition comprising at least one processor core capable of executing a main operating system and an embedded partition comprising at least one different processor core configured to execute an embedded operating system. The method may also include exchanging, by the embedded partition, commands and data with a redundant array of independent disk (RAID) system coupled to the embedded partition; and generating by the embedded partition parity (P) data related to the RAID system.

摘要翻译： 根据一个实施例的方法可以包括将多个核心处理器划分成主分区，所述主分区包括能够执行主操作系统的至少一个处理器核心和包括被配置为执行嵌入式操作系统的至少一个不同处理器核心的嵌入式分区。 该方法还可以包括通过嵌入式分区与耦合到嵌入式分区的独立盘（RAID）系统的冗余阵列交换命令和数据; 并通过与RAID系统相关的嵌入式分区奇偶校验（P）生成数据。

公开(公告)号：US07581037B2

公开(公告)日：2009-08-25

申请号：US11081238

申请日：2005-03-15

申请人： Vincent J. Zimmer ,  Michael D. Kinney ,  Michael A. Rothman ,  Andrew J. Fish

发明人： Vincent J. Zimmer ,  Michael D. Kinney ,  Michael A. Rothman ,  Andrew J. Fish

IPC分类号： G06F3/00 ,  G06F9/00 ,  G06F9/44 ,  G06F15/177

CPC分类号： G06F9/4403

摘要： Provided are a method, system and program for effecting a processor operating mode change to execute device code. A processor receives a call while the processor is operating in a first mode, wherein the call is made to effect execution of device code to control a device. The processor determines whether the call is intended to change a processor operating mode from the first mode to a second mode. The state of the processor is selectively changed to a second mode in which the processor executes second mode instructions loaded in a protected section of memory inaccessible to an operating system in response to determining that the call is intended to change the processor operating mode. The second mode instructions execute the device code to control the device.

摘要翻译： 提供了一种用于实现处理器操作模式改变以执行设备代码的方法，系统和程序。 当处理器以第一模式操作时，处理器接收呼叫，其中进行呼叫以实现设备代码的执行以控制设备。 处理器确定呼叫是否旨在将处理器操作模式从第一模式改变到第二模式。 处理器的状态被选择性地改变为第二模式，其中处理器执行加载在操作系统不可访问的存储器的受保护部分中的第二模式指令，以响应于确定呼叫旨在改变处理器操作模式。 第二模式指令执行设备代码来控制设备。

公开(公告)号：US20090172232A1

公开(公告)日：2009-07-02

申请号：US11966150

申请日：2007-12-28

申请人： Vincent J. Zimmer ,  Michael A. Rothman

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F13/24

CPC分类号： G06F13/24

摘要： A method and system for handling a management interrupt, such as a system management interrupt (SMI) and/or a platform management interrupt (PMI), includes sequestering one or more processor cores for handling the management interrupt. Generated management interrupts are directed to the sequestered processor core and not to other processor cores allocated to a main partition. The sequestered processor core(s) handles the management interrupt without disrupting the current operation of the remaining processor cores.

摘要翻译： 用于处理诸如系统管理中断（SMI）和/或平台管理中断（PMI）的管理中断的方法和系统包括隔离一个或多个处理器核以处理管理中断。 生成的管理中断指向隔离的处理器内核，而不是分配给主分区的其他处理器核心。 隔离处理器内核处理管理中断，而不会中断剩余处理器内核的当前操作。

公开(公告)号：US07543179B2

公开(公告)日：2009-06-02

申请号：US11385305

申请日：2006-03-21

申请人： Vincent J. Zimmer ,  Michael A. Rothman

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F11/00

CPC分类号： G06F11/0793 ,  G06F11/0712 ,  G06F11/0724 ,  G06F11/0727 ,  G06F11/1435 ,  G11B20/18 ,  G11B20/1883 ,  G11B2220/20 ,  G11B2220/2516

摘要： A method may include partitioning a plurality of processor cores into a main partition comprising at least one processor core capable of executing an operating system and an embedded partition comprising at least one different processor core. The embedded partition may be capable of: receiving a write request to write data on a target storage device; communicating with a remote system coupled to the embedded partition and remapping data corresponding to said write request to the remote system; detecting an error when attempting to write data to the storage device, leaving uncommitted data directed to the target storage device; and communicating with said remote system to retrieve the uncommitted data and writing the uncommitted data to the target storage device. The embedded partition of this embodiment may also be capable of performing these operations, at least in part, independently of said operating system being executed on said main partition.

摘要翻译： 一种方法可以包括将多个处理器核分成包括能够执行操作系统的至少一个处理器核心和包括至少一个不同处理器核心的嵌入式分区的主分区。 嵌入式分区可能能够：接收写入请求以在目标存储设备上写入数据; 与耦合到所述嵌入式分区的远程系统进行通信，并将对应于所述写入请求的数据重新映射到所述远程系统; 当尝试向存储设备写入数据时检测错误，将未提交的数据指向目标存储设备; 并与所述远程系统通信以检索未提交的数据并将未提交的数据写入目标存储设备。 该实施例的嵌入式分区还可能能够至少部分地独立于在所述主分区上执行的所述操作系统来执行这些操作。

公开(公告)号：US07543048B2

公开(公告)日：2009-06-02

申请号：US10302281

申请日：2002-11-22

申请人： Michael A. Rothman ,  Vincent J. Zimmer ,  Mark S. Doran ,  Andrew J. Fish

发明人： Michael A. Rothman ,  Vincent J. Zimmer ,  Mark S. Doran ,  Andrew J. Fish

IPC分类号： G06F15/177 ,  G06F15/173 ,  G06F9/00 ,  G06F9/24

CPC分类号： H04L67/34 ,  H04L69/329

摘要： Methods and apparatus for remotely managing a computer are disclosed. For example, a remote management agent is provided for use in a computer having a processor. The example remote management agent includes a communication agent in communication with the controller to contact a server before an operating system is loaded on the computer to obtain an initialization packet from a server and an initialization packet loader in communication with the controller to load the initialization packet in a protected memory area of the computer, before the operating system is loaded.The remote management agent also includes a monitoring agent, not associated with the operating system, in communication with the controller to monitor the computer for a communication from the server and a command line interface agent, also not associated with the operating system and in communication with the controller to interpret and respond to the communication from the server.

摘要翻译： 公开了用于远程管理计算机的方法和装置。 例如，提供远程管理代理用于具有处理器的计算机中。 示例性远程管理代理包括与控制器通信的通信代理，以在将操作系统加载到计算机之前联系服务器以获得来自服务器的初始化分组以及与控制器通信的初始化分组加载器以加载初始化分组 在计算机的受保护的存储区域中，在操作系统加载之前。 远程管理代理还包括与操作系统无关的监视代理，与控制器进行通信，以监视计算机与服务器的通信，以及命令行接口代理，也不与操作系统相关联并且与 控制器解释并响应来自服务器的通信。

公开(公告)号：US07478196B2

公开(公告)日：2009-01-13

申请号：US11231944

申请日：2005-09-21

申请人： Michael A. Rothman ,  Vincent J. Zimmer

发明人： Michael A. Rothman ,  Vincent J. Zimmer

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F13/28

CPC分类号： G06F3/0661 ,  G06F3/0607 ,  G06F3/0689

摘要： Disclosed is a system and method to provide a firmware enabled trap-based Redundant Array of Independent Disks (RAID) implementation for disk drives. A plurality of disk drives in a RAID system are coupled to a chipset. A trap is defined in the chipset for input/output (I/O) accesses to a disk drive of the RAID system. Firmware of the chipset determines if an I/O access is to one of the disk drives of the RAID system, and if so, commands a trapping operation. During the trapping operation, the firmware processes the I/O access to an appropriate disk drive of the RAID system.

摘要翻译： 公开了一种用于为磁盘驱动器提供基于固件的基于陷阱的独立磁盘冗余阵列（RAID）实现的系统和方法。 RAID系统中的多个磁盘驱动器耦合到芯片组。 在芯片组中定义了对RAID系统的磁盘驱动器的输入/输出（I / O）访问的陷阱。 芯片组的固件确定I / O访问是否是RAID系统的其中一个磁盘驱动器，如果是这样，则会进行陷阱操作。 在陷阱操作期间，固件处理对RAID系统的适当磁盘驱动器的I / O访问。

公开(公告)号：US07478176B2

公开(公告)日：2009-01-13

申请号：US11689954

申请日：2007-03-22

申请人： Vincent J. Zimmer ,  Michael A. Rothman

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F3/00

CPC分类号： G06F12/0223 ,  G06F12/0646

摘要： Methods and systems for allocating address space resources to resource requesting peripheral devices in an efficient manner. Resource requests are gathered for enumerated peripheral devices host by a computer platform. A map containing resource alignment requirements is built, and a virtual resource allocation map is computed based on aggregated resource requests and the alignment requirements. The resource aggregations are, in turn, based on a hierarchy of the peripheral devices. A bin-packing algorithm is employed to determine allocation of the resource requests so as to minimize resource address space allocations. The virtual resource map is then used to perform actual resource allocations. The resources include peripheral device I/O address allocation and peripheral device memory address allocations.

摘要翻译： 用于以有效的方式将地址空间资源分配给资源请求外围设备的方法和系统。 为计算机平台主持的枚举的外围设备收集资源请求。 构建了包含资源对齐要求的映射，并且基于聚合的资源请求和对齐要求来计算虚拟资源分配映射。 资源聚合又依赖于外围设备的层次结构。 采用二进制包装算法来确定资源请求的分配，以最小化资源地址空间分配。 然后，虚拟资源映射用于执行实际的资源分配。 资源包括外围设备I / O地址分配和外围设备内存地址分配。