公开(公告)号：US10389851B2

公开(公告)日：2019-08-20

申请号：US14856865

申请日：2015-09-17

Applicant: Intel Corporation

Inventor： Krishna Kumar Ganesan ,  Sudhakar Otturu ,  Nicholas J. Adams

IPC: G06F1/00 ,  G06F1/26 ,  H04L29/08 ,  G06F21/57 ,  G06F1/3206 ,  H04L29/06 ,  H04W52/02 ,  G06F8/654 ,  G06F1/3234 ,  G06F1/3287

Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

公开(公告)号：US20190095623A1

公开(公告)日：2019-03-28

申请号：US15715773

申请日：2017-09-26

Applicant: INTEL CORPORATION

Inventor： Krishnakumar Narasimhan ,  Sudhakar Otturu ,  Karunakara Kotary ,  Vincent J. Zimmer

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/44

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F21/44 ,  G06F21/6209

Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.

公开(公告)号：US20170083305A1

公开(公告)日：2017-03-23

申请号：US14856865

申请日：2015-09-17

Applicant: Intel Corporation

Inventor： Krishna Kumar Ganesan ,  Sudhakar Otturu ,  Nicholas J. Adams

IPC: G06F9/445 ,  H04L29/08 ,  G06F1/26

CPC classification number: H04L67/34 ,  G06F1/3206 ,  G06F1/3265 ,  G06F1/3287 ,  G06F8/654 ,  G06F21/572 ,  H04L63/126 ,  H04L63/145 ,  H04W52/0296 ,  Y02D10/153 ,  Y02D10/171 ,  Y02D10/42 ,  Y02D70/00 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/166 ,  Y02D70/26

Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

公开(公告)号：US10552613B2

公开(公告)日：2020-02-04

申请号：US15715773

申请日：2017-09-26

Applicant: INTEL CORPORATION

Inventor： Krishnakumar Narasimhan ,  Sudhakar Otturu ,  Karunakara Kotary ,  Vincent J. Zimmer

IPC: G06F21/57 ,  G06F21/44 ,  G06F21/62 ,  G06F8/65

Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.

公开(公告)号：US10282538B2

公开(公告)日：2019-05-07

申请号：US14583656

申请日：2014-12-27

Applicant: Intel Corporation

Inventor： Sudhakar Otturu ,  Krishna Kumar Ganesan ,  Erik Holt

IPC: G06F21/44 ,  G06F21/57 ,  G06F9/445 ,  H04L12/24 ,  G06F9/4401 ,  G06F8/654

Abstract: Technologies to enable, disable and control hardware subscription features. Computing devices communicate over a network to a subscription server to provide hardware platform information for each of the computing devices. As the subscription server receives hardware platform information, the subscription server determines the hardware features that are enabled, and further determines what hardware subscription options are available for each of the computing devices. When a hardware subscription option is selected/purchased by a computing device, subscription server provides a pre-boot update mechanism, such as a Unified Extensible Firmware Interface (UEFI) capsule, to act as a boot level program that enables hardware features on the computing device. Hardware subscription features are also securely protected using cryptographic engine modules.

公开(公告)号：US09606853B2

公开(公告)日：2017-03-28

申请号：US14229345

申请日：2014-03-28

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Sudhakar Otturu

IPC: G06F11/07

CPC classification number: G06F11/0787 ,  G06F11/073 ,  G06F11/0775

Abstract: In an embodiment, a computing device may include a memory device that may be rendered unusable after a certain number of operations are performed on the memory device. The computing device may incorporate one or more techniques for protecting the memory device. Processing logic contained in the computing device may be configured to implement the techniques. The techniques may include, for example, acquiring a request to write or erase information stored in a memory device contained in a first computing device, saving the request for execution after a user visible event has been generated on the first computing device, generating the user visible event on the first computing device, and executing the saved request after the user visible event has been generated. In addition, the techniques may include reporting the request. The request may be reported to, for example, an anti-malware agent.