摘要:
A method for rebalancing bandwidth allocations to peripheral and other devices, particularly for isochronous communications, connected to a computer system via a bus in order to accommodate bandwidth requirements of a newly added device or newly launched application is described. The method is particularly useful in the context of buses such as the Universal Serial Bus (USB) and the IEEE 1394 bus (FireWire) which allow a plurality of devices to be connected to a computer system and even be powered by the bus. The method utilizes a Policy to identify preferred configurations and, furthermore, extends the USB and other standards to specify devices that can dynamically respond to commands to change their bandwidth to another setting.
摘要:
The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
摘要:
Systems and methods for specifying extended configuration descriptor information in a Universal Serial Bus (USB) device are described. In one aspect, an extended configuration descriptor is provided in firmware of a USB device. The extended configuration descriptor includes a set of non-standard class codes. Responsive to receiving a host-specific device request, the USB device communicates the extended configuration descriptor to a requestor.
摘要:
The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
摘要:
The following system and procedure for specifying an extended configuration descriptor includes a USB device that responds to device requests from a host. In response to receiving a host-specific device request that specifies a predetermined index, the USB device returns an extended configuration descriptor to the requester. The extended configuration descriptor includes information that can be used by the requestor to control the USB device. When the USB device is a composite device, the extended configuration descriptor includes function information corresponding to a plurality of sub-devices. Each function comprises one or more interfaces.
摘要:
The invention described in the instant application provides for a failure-recovery module, which permits automatic investigation of possible reasons for the failure and takes corrective action in a manner transparent to the user. The failure-recovery module, which is a software module, is useful in evaluating a device connected to a master-slave bus to determine whether it has failed. In the event the device is still connected to the master-slave bus but is non-responsive, the failure-recovery module resets the device, e.g., by turning off the power to the affected device and rebooting the device with a cold start. The failure-recovery module diagnoses the failure of a device by determining if the device is still connected to the master-slave bus. Then, the failure-recovery module sets a flag to mark the device as having failed while disabling access to devices downstream of the failed device. If the failure-recovery module is unable to execute successfully, it assumes that the failure causing condition still exists. In some embodiments this results in rescheduling the execution of the failure-recovery module while in other embodiments a general failure may be declared or the failed device left in its disconnected state. On the other hand, if the failure-recovery module executes successfully, the affected device is reinitialized and the flags marking it as failed are cleared with access to the device being restored. Subsequently, downstream devices are reinitialized and resources, if available, allocated to them along with enumeration of the devices.
摘要:
A USB device is configured to support a non-USB-defined device request that is specific to an application program or operating system. The device request is supported by using a device-specific or vendor-specific request code, which is allowed to vary from device to device. To determine the proper request code, the host performs a GET_DESCRIPTOR device request, specifying a predetermined string descriptor. The requested string descriptor designates the request code to be used in the non-USB-defined device request.
摘要:
Automatic protocol migration when upgrading operating systems includes checking, after upgrading at least a portion of an operating system of a host device, whether a new driver supporting enhanced functionality for a portable device is now available, where a driver supporting base functionality would have been previously used for communicating with the portable device. If such a new driver supporting enhanced functionality for the portable device is now available, then the host device installs the new driver supporting enhanced functionality for the portable device.
摘要:
Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.
摘要:
Safe mode operation for portable devices supporting multiple protocols includes a portable device that supports multiple protocols, such as a base functionality protocol and an enhanced functionality protocol, reporting to a host device that the portable device supports only a single protocol (e.g., the base functionality protocol). This single protocol will be used for subsequent communication between the host device and the portable device. This reporting to the host device that the portable device supports only a single protocol can be triggered, for example, by an appropriate button(s) on the portable device being pressed when the portable device is powered on.