公开(公告)号：US12008359B2

公开(公告)日：2024-06-11

申请号：US16790488

申请日：2020-02-13

申请人： Intel Corporation

发明人： Sarathy Jayakumar ,  Mohan J. Kumar ,  Murugasamy K. Nachimuthu ,  Michael A. Rothman

IPC分类号： G06F8/656 ,  G06F9/4401 ,  G06F21/57

CPC分类号： G06F8/656 ,  G06F9/4401 ,  G06F21/572 ,  G06F2221/033

摘要： Examples described herein provide a central processing unit (CPU) to reserve a region of memory for use to store both a boot firmware code and a second boot firmware code and to perform the second boot firmware code without reboot. The reserved region of memory can be a region that is not configured for access by an operating system (OS). The reserved region of memory comprises System Management Random Access Memory (SMRAM). If a first interrupt handler is not overwritten after a second boot firmware code is stored, the CPU can roll back to use of the first interrupt handler.

公开(公告)号：US10831934B2

公开(公告)日：2020-11-10

申请号：US15709047

申请日：2017-09-19

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Nicholas J. Adams ,  Giri P. Mudusuru ,  Lee G. Rosenbaum ,  Michael A. Rothman

IPC分类号： G06F21/57 ,  G06F21/72 ,  G09C1/00 ,  H04L9/32

摘要： An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

公开(公告)号：US10762216B2

公开(公告)日：2020-09-01

申请号：US15789607

申请日：2017-10-20

申请人： INTEL CORPORATION

发明人： Qian Ouyang ,  Jian J. Wang ,  Vincent J. Zimmer ,  Michael A. Rothman ,  Chao B. Zhang

IPC分类号： G06F12/14 ,  G06F21/60 ,  G06F21/32 ,  G06F21/57 ,  G06F9/4401

摘要： Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the bio-metric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

公开(公告)号：US10394295B2

公开(公告)日：2019-08-27

申请号：US15598032

申请日：2017-05-17

申请人： Intel Corporation

发明人： Michael A. Rothman ,  Vincent J. Zimmer ,  Jiewen Yao

IPC分类号： G06F1/24 ,  G06F9/44 ,  G06F9/455 ,  G06F1/32 ,  G06F21/57 ,  H04L9/08 ,  G06F9/4401 ,  G06F1/3206 ,  G06F9/445

摘要： Apparatuses, methods and storage medium associated with streamlined physical reset are described herein. In embodiments, an apparatus for computing, including streamlined physical reset, may comprise one or more processor cores; memory having a plurality of memory locations; and a basic input/output system (BIOS) to provide basic input/output system services, wherein the BIOS stays within a range of memory locations during each initialization of the BIOS, including an initialization of the BIOS that is part of a physical reset of the apparatus, to streamline the physical reset. Other embodiments may be described and/or claimed.

公开(公告)号：US10025934B2

公开(公告)日：2018-07-17

申请号：US15665669

申请日：2017-08-01

申请人： Intel Corporation

发明人： Michael A. Rothman ,  Vincent Zimmer ,  Mark S. Doran

IPC分类号： G06F21/57 ,  G06F21/62 ,  G06F21/60 ,  G06F9/4401

摘要： Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

公开(公告)号：US09785801B2

公开(公告)日：2017-10-10

申请号：US14317909

申请日：2014-06-27

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Nicholas J. Adams ,  Giri P. Mudusuru ,  Lee G. Rosenbaum ,  Michael A. Rothman

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F21/72 ,  G06F21/57 ,  G09C1/00 ,  H04L9/32

CPC分类号： G06F21/72 ,  G06F21/575 ,  G06F2221/034 ,  G09C1/00 ,  H04L9/3234 ,  H04L2209/12

摘要： An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

公开(公告)号：US09710647B2

公开(公告)日：2017-07-18

申请号：US13750679

申请日：2013-01-25

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F11/00 ,  G06F21/56 ,  G06F21/57

CPC分类号： G06F21/561 ,  G06F21/562 ,  G06F21/575

摘要： The present disclosure relates to allowing the utilization of a virus scanner and cleaner that operates primarily in the pre-boot phase of computer operation and, more particularly, to allowing the utilization of a virus scanner and cleaner that operates primarily during the loading of an operating system.

公开(公告)号：US20170185420A1

公开(公告)日：2017-06-29

申请号：US15454529

申请日：2017-03-09

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F9/44 ,  H04L29/08 ,  H04L29/06 ,  G06F21/57 ,  H04L9/32

CPC分类号： G06F9/4416 ,  G06F9/4401 ,  G06F21/575 ,  H04L1/0041 ,  H04L9/3268 ,  H04L63/0823 ,  H04L65/4076 ,  H04L67/34

摘要： Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

公开(公告)号：US09654464B2

公开(公告)日：2017-05-16

申请号：US14746469

申请日：2015-06-22

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： H04L29/06 ,  G06F21/57 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F13/40 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F13/4068 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/08

摘要： In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

公开(公告)号：US09465623B2

公开(公告)日：2016-10-11

申请号：US14478603

申请日：2014-09-05

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： G06F9/44 ,  H04L29/08 ,  H04L12/24

CPC分类号： G06F9/4408 ,  G06F9/4401 ,  H04L41/0803 ,  H04L69/32

摘要： A computer system is partitioned during a pre-boot phase of the computer system between a first partition and a second partition, wherein the first partition to include a first processing unit and the second partition to include a second processing unit. An Input/Output (I/O) operating system is booted on the first partition. A general purpose operating system is booted on the second partition. Network transactions are issued by the general purpose operating system to be performed by the I/O operating system. The network transactions are performed by the I/O operating system.

摘要翻译： 计算机系统在计算机系统的预引导阶段在第一分区和第二分区之间进行分区，其中第一分区包括第一处理单元，第二分区包括第二处理单元。 在第一个分区上引导输入/输出（I / O）操作系统。 通用操作系统在第二个分区上启动。 网络事务由通用操作系统由I / O操作系统执行。 网络事务由I / O操作系统执行。