公开(公告)号：US11875147B2

公开(公告)日：2024-01-16

申请号：US17412806

申请日：2021-08-26

Applicant: Intel Corporation

Inventor： Vincent Zimmer ,  Jiewen Yao

IPC: G06F8/71 ,  G06F8/65

CPC classification number: G06F8/71 ,  G06F8/65

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine version information for a new firmware component, read dependency information corresponding to the firmware component, and determine if dependency is satisfied between the new firmware component and one or more other firmware components based on the version information and the dependency information of the new firmware component. Other embodiments are disclosed and claimed.

公开(公告)号：US11249748B2

公开(公告)日：2022-02-15

申请号：US16649911

申请日：2017-09-27

Applicant: Intel Corporation

Inventor： Vincent Zimmer ,  Jiewen Yao

IPC: G06F8/71 ,  G06F8/65

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine version information for a new firmware component, read dependency information corresponding to the firmware component, and determine if dependency is satisfied between the new firmware component and one or more other firmware components based on the version information and the dependency information of the new firmware component. Other embodiments are disclosed and claimed.

公开(公告)号：US10394295B2

公开(公告)日：2019-08-27

申请号：US15598032

申请日：2017-05-17

Applicant: Intel Corporation

Inventor： Michael A. Rothman ,  Vincent J. Zimmer ,  Jiewen Yao

IPC: G06F1/24 ,  G06F9/44 ,  G06F9/455 ,  G06F1/32 ,  G06F21/57 ,  H04L9/08 ,  G06F9/4401 ,  G06F1/3206 ,  G06F9/445

Abstract: Apparatuses, methods and storage medium associated with streamlined physical reset are described herein. In embodiments, an apparatus for computing, including streamlined physical reset, may comprise one or more processor cores; memory having a plurality of memory locations; and a basic input/output system (BIOS) to provide basic input/output system services, wherein the BIOS stays within a range of memory locations during each initialization of the BIOS, including an initialization of the BIOS that is part of a physical reset of the apparatus, to streamline the physical reset. Other embodiments may be described and/or claimed.

公开(公告)号：US09870475B2

公开(公告)日：2018-01-16

申请号：US14778000

申请日：2014-06-25

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent J. Zimmer ,  Brian S. Payne ,  Nicholas J. Adams

IPC: G06F21/44 ,  G06F21/57 ,  G06F21/53

CPC classification number: G06F21/577 ,  G06F8/65 ,  G06F9/4401 ,  G06F9/4411 ,  G06F9/445 ,  G06F21/53

Abstract: Embodiments related to hardware configuration reporting and arbitration are disclosed herein. For example, an apparatus for hardware configuration reporting may include: a processing device having a trusted execution environment (TEE) and a non-trusted execution environment (non-TEE); request service logic, stored in the memory, to operate within the TEE to receive an indication of a request from arbiter logic, wherein the request represents a hardware configuration register; and reporting logic, stored in the memory, to operate within the TEE and to report an indicator of a value of the hardware configuration register represented by the request to the arbiter logic. Other embodiments may be disclosed and/or claimed.

公开(公告)号：US09589138B2

公开(公告)日：2017-03-07

申请号：US14860640

申请日：2015-09-21

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent J. Zimmer

IPC: G06F9/24 ,  G06F9/00 ,  G06F15/177 ,  H04L29/06 ,  H04L9/32 ,  G06F12/14 ,  G06F7/04 ,  G06F17/30 ,  G06F21/57 ,  H04L9/30 ,  G06F21/79 ,  G06F9/44 ,  G06F21/60 ,  G06F21/51 ,  G06F21/64 ,  G06F21/44

CPC classification number: G06F21/572 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/4416 ,  G06F21/44 ,  G06F21/51 ,  G06F21/575 ,  G06F21/60 ,  G06F21/64 ,  G06F21/79 ,  H04L9/30 ,  H04L9/3247 ,  H04L63/0442 ,  H04L63/0853

Abstract: Various embodiments are generally directed to authenticating a chain of components of boot software of a computing device. An apparatus comprises a processor circuit and storage storing an initial boot software component comprising instructions operative on the processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component; authenticate a first boot software component of the first set of boot software components; and execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components. Other embodiments are described and claimed herein.

Abstract translation: 各种实施例通常涉及认证计算设备的引导软件的组件链。 一种装置包括处理器电路和存储存储包括在处理器电路上操作的指令的初始引导软件组件的存储器，以选择多组引导软件组件的第一组引导软件组件，每组引导软件组件定义了从 初始引导软件组件，并在后一个引导软件组件中重新加入; 验证第一组引导软件组件的第一引导软件组件; 以及执行所述第一引导软件组件的指令序列以验证所述第一组引导软件组件的第二引导软件组件，以通过由所述第一组引导软件组件定义的第一路径形成认证链。 在此描述和要求保护的其它实施例。

公开(公告)号：US09323541B2

公开(公告)日：2016-04-26

申请号：US13976504

申请日：2013-02-25

Applicant: Intel Corporation

Inventor： Qin Long ,  Ting Ye ,  Vincent Zimmer ,  Jiewen Yao

IPC: G06F9/00 ,  G06F9/44 ,  G06F9/445 ,  G06F21/51 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F9/445 ,  G06F21/51 ,  G06F21/575

Abstract: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.

Abstract translation: 在示例实施例中提供技术，用于确定要加载模块，模块与模块代码相关联，确定模块是冻结模块，冻结模块与冻结的模块代码相关联，确定模块的模块指纹 模块不能对应于冻结模块的冻结模块指纹，并导致加载冻结模块代码而不是模块代码。

公开(公告)号：US20240168754A1

公开(公告)日：2024-05-23

申请号：US18522526

申请日：2023-11-29

Applicant: Intel Corporation

Inventor： Vincent Zimmer ,  Jiewen Yao

IPC: G06F8/71 ,  G06F8/65

CPC classification number: G06F8/71 ,  G06F8/65

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine version information for a new firmware component, read dependency information corresponding to the firmware component, and determine if dependency is satisfied between the new firmware component and one or more other firmware components based on the version information and the dependency information of the new firmware component. Other embodiments are disclosed and claimed.

公开(公告)号：US11068276B2

公开(公告)日：2021-07-20

申请号：US16431444

申请日：2019-06-04

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent Zimmer ,  Nicholas Adams ,  Willard Wiseman ,  Giri Mudusuru ,  Nuo Zhang

IPC: G06F9/00 ,  G06F15/177 ,  G06F9/4401 ,  G06F9/445 ,  G06F21/57

Abstract: The present disclosure is directed to controlled customization of silicon initialization. A device may comprise, for example, a boot module including a memory on which boot code is stored, the boot code including at least an initial boot block (IBB) module that is not customizable and a global platform database (GPD) module including customizable data. The IBB module may include a pointer indicating GPD module location. The customizable data may comprise configurable parameters and simple configuration language (SCL) to cause the device to execute at least one logical operation during execution of the boot code. The GPD module may further comprise a pointer indicating SCL location. The boot code may be executed upon activation of the device, which may cause the IBB module to load an interpreter for executing the SCL. The interpreter may also verify access request operations in the SCL are valid before executing the access request operations.

公开(公告)号：US10205750B2

公开(公告)日：2019-02-12

申请号：US13799294

申请日：2013-03-13

Applicant: Intel Corporation

Inventor： Brian Cockrell ,  Jacob J. Gauthier ,  Jiewen Yao ,  Vincent J. Zimmer ,  Elmer A. Amaya

IPC: H04L29/06 ,  G06F21/57 ,  H04L29/08 ,  G06F9/4401

Abstract: A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed.

公开(公告)号：US20150220738A1

公开(公告)日：2015-08-06

申请号：US13976041

申请日：2013-03-15

Applicant: Guo DONG ,  Jiewen YAO ,  Vincent J. ZIMMER ,  Michael A. ROTHMAN ,  INTEL CORPORATION

Inventor： Guo Dong ,  Jiewen Yao ,  Vincent J. Zimmer ,  Michael A. Rothman

IPC: G06F21/57 ,  G06F21/71

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/71 ,  G06F2221/034 ,  G09C1/00 ,  H04L2209/127

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract translation: 用于在计算设备上改进平台初始化的技术包括使用计算设备的基本输入/输出系统（BIOS）开始初始化计算设备的平台。 当从BIOS模块接收到安全处理器命令时，安全协处理器驱动程序模块将一个安全协处理器命令添加到命令列表中。 计算设备建立平台的初始化的周期性中断，以向安全协处理器询问关于先前提交的安全协处理器命令的响应的可用性，将由安全协处理器驱动器模块接收的任何响应转发到 BIOS模块，并将命令列表中的下一个安全协处理器命令提交给安全协处理器。