公开(公告)号：US10474473B2

公开(公告)日：2019-11-12

申请号：US15484513

申请日：2017-04-11

Applicant: Intel Corporation

Inventor： Michael A. Rothman ,  Vincent J. Zimmer ,  Giri P. Mudusuru ,  Jiewen Yao ,  Jie Lin

IPC: G06F15/177 ,  G06F9/4401 ,  G06F3/06 ,  G06F21/57

Abstract: A method for booting a data processing system (DPS) involves, during a boot process of the DPS, using a preliminary bootcode module from a low-speed nonvolatile memory (NVM) in the DPS to load a main bootcode module from a high-speed NVM in the DPS into a volatile random access memory (RAM) in the DPS, wherein the high-speed NVM supports a read speed that is faster than a maximum read speed of the low-speed NVM. The method also involves, during the boot process, after loading the main bootcode module from the high-speed NVM into the RAM, using the main bootcode module to boot the DPS to an operating system (OS). The method may also involve using the preliminary bootcode module to automatically determine whether the main bootcode module from the high-speed NVM has good integrity. Other embodiments are described and claimed.

公开(公告)号：US20170147357A1

公开(公告)日：2017-05-25

申请号：US15426722

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Giri P. Mudusuru ,  Rangasai V. Chaganty ,  Chasel Chiu ,  Satya P. Yarlagadda ,  Nivedita Aggarwal ,  Nuo Zhang

IPC: G06F9/44 ,  G06F3/06

CPC classification number: G06F9/4401 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/0679 ,  G06F9/4403

Abstract: Technologies for pre-memory phase initialization include a computing device having a processor with a cache memory. The computing device may determine whether a temporary memory different from the cache memory of the processor is present for temporary memory access prior to initialization of a main memory of the computing device. In response to determining that temporary memory is present, a portion of the basic input/output instructions may be copied from a non-volatile memory of the computing device to the temporary memory for execution prior to initialization of the main memory. The computing device may also initialize a portion of the cache memory of the processor as Cache as RAM for temporary memory access prior to initialization of the main memory in response to determining that temporary memory is not present. After initialization, the main memory may be configured for subsequent memory access. Other embodiments are described and claimed.

公开(公告)号：US09703346B2

公开(公告)日：2017-07-11

申请号：US14312017

申请日：2014-06-23

Applicant: Intel Corporation

Inventor： Giri P. Mudusuru ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Ronald N. Story ,  Robert C. Swanson ,  Isaac W. Oram

IPC: G06F1/30 ,  G06F11/14 ,  G06F13/32 ,  G06F12/02 ,  G11C5/14 ,  G06F11/20

CPC classification number: G06F1/30 ,  G06F11/1441 ,  G06F11/2015 ,  G06F12/0246 ,  G06F12/0804 ,  G06F12/0866 ,  G06F12/0875 ,  G06F12/1416 ,  G06F12/1491 ,  G06F13/32 ,  G06F2212/1024 ,  G06F2212/222 ,  G11C5/141

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for a Unified Extensible Firmware Interface (UEFI) with durable storage to provide memory write persistence, for example, in the event of power loss. The system may include a processor to host the firmware interface which may be configured to control access to system variables in a protected region of a volatile memory. The system may also include a power management circuit to provide power to the processor and further to provide a power loss indicator to the firmware interface. The system may also include a reserve energy storage module to provide power to the processor in response to the power loss indicator. The firmware interface is further configured to copy the system variables from the volatile memory to a non-volatile memory in response to the power loss indicator.

公开(公告)号：US09563437B2

公开(公告)日：2017-02-07

申请号：US14318129

申请日：2014-06-27

Applicant: Intel Corporation

Inventor： Giri P. Mudusuru ,  Rangasai V. Chaganty ,  Chasel Chiu ,  Satya P. Yarlagadda ,  Nivedita Aggarwal ,  Nuo Zhang

IPC: G06F9/00 ,  G06F15/177 ,  G06F9/44

CPC classification number: G06F9/4401 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/0679 ,  G06F9/4403

Abstract: Technologies for pre-memory phase initialization include a computing device having a processor with a cache memory. The computing device may determine whether a temporary memory different from the cache memory of the processor is present for temporary memory access prior to initialization of a main memory of the computing device. In response to determining that temporary memory is present, a portion of the basic input/output instructions may be copied from a non-volatile memory of the computing device to the temporary memory for execution prior to initialization of the main memory. The computing device may also initialize a portion of the cache memory of the processor as Cache as RAM for temporary memory access prior to initialization of the main memory in response to determining that temporary memory is not present. After initialization, the main memory may be configured for subsequent memory access. Other embodiments are described and claimed.

Abstract translation: 用于预存储器相位初始化的技术包括具有具有高速缓存存储器的处理器的计算设备。 在初始化计算设备的主存储器之前，计算设备可以确定是否存在与处理器的高速缓冲存储器不同的临时存储器用于临时存储器访问。 响应于确定存在临时存储器，可以在初始化主存储器之前将基本输入/输出指令的一部分从计算设备的非易失性存储器复制到临时存储器以供执行。 响应于确定临时存储器不存在，计算设备还可以在处理器的初始化之前将处理器的高速缓冲存储器的一部分初始化为高速缓冲存储器作为用于临时存储器访问的RAM。 初始化之后，可以将主存储器配置为用于后续存储器访问。 描述和要求保护其他实施例。

公开(公告)号：US10831934B2

公开(公告)日：2020-11-10

申请号：US15709047

申请日：2017-09-19

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Nicholas J. Adams ,  Giri P. Mudusuru ,  Lee G. Rosenbaum ,  Michael A. Rothman

IPC: G06F21/57 ,  G06F21/72 ,  G09C1/00 ,  H04L9/32

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

公开(公告)号：US10592253B2

公开(公告)日：2020-03-17

申请号：US15426722

申请日：2017-02-07

Applicant: Intel Corporation

Inventor： Giri P. Mudusuru ,  Rangasai V. Chaganty ,  Chasel Chiu ,  Satya P. Yarlagadda ,  Nivedita Aggarwal ,  Nuo Zhang

IPC: G06F9/4401 ,  G06F3/06

Abstract: Technologies for pre-memory phase initialization include a computing device having a processor with a cache memory. The computing device may determine whether a temporary memory different from the cache memory of the processor is present for temporary memory access prior to initialization of a main memory of the computing device. In response to determining that temporary memory is present, a portion of the basic input/output instructions may be copied from a non-volatile memory of the computing device to the temporary memory for execution prior to initialization of the main memory. The computing device may also initialize a portion of the cache memory of the processor as Cache as RAM for temporary memory access prior to initialization of the main memory in response to determining that temporary memory is not present. After initialization, the main memory may be configured for subsequent memory access. Other embodiments are described and claimed.

公开(公告)号：US10331453B2

公开(公告)日：2019-06-25

申请号：US15682531

申请日：2017-08-21

Applicant: INTEL CORPORATION

Inventor： Nicholas J. Adams ,  Vincent J. Zimmer ,  Lee G. Rosenbaum ,  Giri P. Mudusuru

IPC: G06F11/00 ,  G06F9/30 ,  G06F9/34 ,  G06F21/44 ,  G06F21/57 ,  G06F21/74

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

公开(公告)号：US10198274B2

公开(公告)日：2019-02-05

申请号：US14670939

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Nicholas J. Adams ,  Erik C. Bjorge ,  Giri P. Mudusuru

IPC: G06F1/32 ,  G06F9/4401 ,  G06F13/24 ,  G06F21/57 ,  G06F21/79

Abstract: Technologies for hybrid sleep power management include a computing device with a processor supporting a low-power idle state. In a pre-boot firmware environment, the computing device reserves a memory block for firmware use and copies platform wake code to a secure memory location, such as system management RAM (SMRAM). At runtime, an operating system may execute with the processor in protected mode. In response to a request to enter a sleep or suspend state, the computing device generates a system management interrupt (SMI). In an SMI handler, the computing device copies the wake code from SMRAM to the reserved memory block. The computing device resumes from the SMI handler to the wake code with the processor in real mode. The wake code enters the low-power idle state and then jumps to a wake vector of the operating system after receiving a wake event. Other embodiments are described and claimed.

公开(公告)号：US09785801B2

公开(公告)日：2017-10-10

申请号：US14317909

申请日：2014-06-27

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Nicholas J. Adams ,  Giri P. Mudusuru ,  Lee G. Rosenbaum ,  Michael A. Rothman

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/72 ,  G06F21/57 ,  G09C1/00 ,  H04L9/32

CPC classification number: G06F21/72 ,  G06F21/575 ,  G06F2221/034 ,  G09C1/00 ,  H04L9/3234 ,  H04L2209/12

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

公开(公告)号：US10747884B2

公开(公告)日：2020-08-18

申请号：US15778980

申请日：2015-12-24

Applicant: INTEL CORPORATION

Inventor： Jiewen Yao ,  Vincent J. Zimmer ,  Wei Li ,  Rajesh Poornachandran ,  Giri P. Mudusuru

IPC: G06F21/57 ,  G06F21/44 ,  G06F21/53 ,  G06F9/4401 ,  G06F9/54

Abstract: Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.