公开(公告)号：US11222119B2

公开(公告)日：2022-01-11

申请号：US16392863

申请日：2019-04-24

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Mohan J. Kumar ,  Ron Story ,  Mahesh Natu

IPC: G06F9/04 ,  G06F21/57 ,  G06F9/455 ,  G06F9/448 ,  G06F9/4401

Abstract: Technologies for secure native code invocation include a computing device having an operating system and a firmware environment. The operating system executes a firmware method in an operating system context using a virtual machine. In response to invoking the firmware method, the operating system invokes a callback to a bridge driver in the operating system context. In response to the callback, the bridge driver invokes a firmware runtime service in the operating system context. The firmware environment executes a native code handler in the operating system context in response to invoking the firmware runtime service. The native code handler may be executed in a de-privileged container. The firmware method may process results data stored in a firmware mailbox by the native code handler, which may include accessing a hardware resource using a firmware operation region.

公开(公告)号：US20190251264A1

公开(公告)日：2019-08-15

申请号：US16392863

申请日：2019-04-24

Applicant: Intel Corporation

Inventor： Sarathy Jayakumar ,  Mohan J. Kumar ,  Ron Story ,  Mahesh Natu

IPC: G06F21/57 ,  G06F9/455 ,  G06F9/4401 ,  G06F9/448

CPC classification number: G06F21/572 ,  G06F9/4411 ,  G06F9/449 ,  G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583

Abstract: Technologies for secure native code invocation include a computing device having an operating system and a firmware environment. The operating system executes a firmware method in an operating system context using a virtual machine. In response to invoking the firmware method, the operating system invokes a callback to a bridge driver in the operating system context. In response to the callback, the bridge driver invokes a firmware runtime service in the operating system context. The firmware environment executes a native code handler in the operating system context in response to invoking the firmware runtime service. The native code handler may be executed in a de-privileged container. The firmware method may process results data stored in a firmware mailbox by the native code handler, which may include accessing a hardware resource using a firmware operation region. Other embodiments are described and claimed.