公开(公告)号：WO2007005924A1

公开(公告)日：2007-01-11

申请号：PCT/US2006/026117

申请日：2006-06-29

Applicant: INTEL CORPORATION ,  KINNEY, Michael, D. ,  BRANNOCK, Kirk, D.

Inventor： KINNEY, Michael, D. ,  BRANNOCK, Kirk, D.

IPC: G06F9/46 ,  G06F9/455 ,  G06F1/32

CPC classification number: G06F9/544 ,  G06F9/45558 ,  G06F2009/45583

Abstract: A method, apparatus and system enable bi-directional communications between a virtual machine monitor ("VMM") and an Advanced Configuration & Power Interface ("ACPI") compliant guest operating system. In one embodiment, a virtual machine ("VM") may be designated as the owner of the host platform ("Policy VM"). The Policy VM may communicate with the VMM to control all configuration and power management decisions on the platform.

Abstract translation: 一种方法，装置和系统使虚拟机监视器（“VMM”）和高级配置与电源接口（“ACPI”）兼容客户机操作系统之间能够进行双向通信。 在一个实施例中，可以将虚拟机（“VM”）指定为主机平台（“策略VM”）的所有者。 策略VM可以与VMM通信，以控制平台上的所有配置和电源管理决策。

公开(公告)号：WO2014043884A1

公开(公告)日：2014-03-27

申请号：PCT/CN2012/081721

申请日：2012-09-21

Applicant: INTEL CORPORATION ,  WISEMAN, Willard Monty ,  BRANNOCK, Kirk ,  DELGADO, Brian ,  YAO, Jiewen Jacques ,  ZIMMER, Vincent

Inventor： WISEMAN, Willard Monty ,  BRANNOCK, Kirk ,  DELGADO, Brian ,  YAO, Jiewen Jacques ,  ZIMMER, Vincent

IPC: G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/74 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: This disclosure is directed to isolated guest creation in a virtualized computing system. A memory in a computing device may be divided into isolated execution environments, allowing some software (e.g., guests) to be isolated in a high privilege execution environment. A virtual machine manager (VMM) of a low privilege execution environment may issue commands to a VMM of the high privilege execution environment to, for example, cause a guest loaded in the low privileged execution environment to be placed into the high privilege execution environment, to interact with the guest in the high privilege execution environment, to cause the guest to be removed from the high privilege execution environment, etc. The guest may include attributes configured to control guest behavior such as, for example, when to perform activities, how to respond to stop commands received from the VMM of the high privilege execution environment, etc.

Abstract translation: 本公开涉及虚拟化计算系统中的隔离客户机创建。 计算设备中的存储器可以被划分为隔离的执行环境，允许一些软件（例如客人）在高权限执行环境中被隔离。 低权限执行环境的虚拟机管理器（VMM）可以向高权限执行环境的VMM发出命令，例如使得加载在低特权执行环境中的客户端被放置在高权限执行环境中， 在高权限执行环境中与访客进行交互，以使客人从高权限执行环境等中移除。客人可以包括被配置为控制客体行为的属性，例如何时执行活动，如何 响应从高权限执行环境的VMM接收的停止命令等。

公开(公告)号：WO2012039971A2

公开(公告)日：2012-03-29

申请号：PCT/US2011/051160

申请日：2011-09-12

Applicant: INTEL CORPORATION ,  WISHMAN, Allen R. ,  GHETIE, Sergiu D. ,  NEVE DE MEVERGNIE, Michael ,  WARRIER, Ulhas S. ,  KARRAR, Adil ,  MORAN, Douglas R. ,  BRANNOCK, Kirk

Inventor： WISHMAN, Allen R. ,  GHETIE, Sergiu D. ,  NEVE DE MEVERGNIE, Michael ,  WARRIER, Ulhas S. ,  KARRAR, Adil ,  MORAN, Douglas R. ,  BRANNOCK, Kirk

IPC: G06F9/06 ,  G06F9/44 ,  G06F12/14

CPC classification number: G06F21/60 ,  G06F21/572 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2137

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract translation: 公开了一种方法，装置，方法，机器可读介质和系统。 在一个实施例中，该方法包括处理器。 处理器包括将计算机平台中的平台固件更新机制切换到计算机平台引导时的平台固件铠装技术（PFAT）模式。 计算机平台包括存储平台固件的平台固件存储位置。 该方法然后持续地锁定平台固件存储位置，以响应平台固件更新机制切换到PFAT模式。 当持续锁定时，只能在运行平台中的认证代码模块才允许平台固件存储位置写入，并且只有在平台固件更新机制解锁过程之后才能进行写操作。

公开(公告)号：WO2005066772A3

公开(公告)日：2006-04-27

申请号：PCT/US2004039481

申请日：2004-11-24

Applicant: INTEL CORP ,  BRANNOCK KIRK ,  GARNEY JOHN ,  COULSON RICHARD

Inventor： BRANNOCK KIRK ,  GARNEY JOHN ,  COULSON RICHARD

IPC: G06F9/445

CPC classification number: G06F9/4403 ,  G06F8/60

Abstract: Briefly, in accordance with an embodiment of the invention, an apparatus and method to store initialization and configuration information is provided. The method may include storing basic input/output system (BIOS) software in a polymer memory. The method may further include copying a first portion of the BIOS software from the polymer memory to a random access memory (RAM) buffer of a memory controller, wherein the RAM buffer has a storage capacity of at least about two kilobytes (KB).

Abstract translation: 简而言之，根据本发明的实施例，提供了一种用于存储初始化和配置信息的装置和方法。 该方法可以包括将基本输入/输出系统（BIOS）软件存储在聚合物存储器中。 该方法还可以包括将BIOS软件的第一部分从聚合物存储器复制到存储器控制器的随机存取存储器（RAM）缓冲器，其中RAM缓冲器具有至少约两千字节（KB）的存储容量。

公开(公告)号：WO2015038465A1

公开(公告)日：2015-03-19

申请号：PCT/US2014/054523

申请日：2014-09-08

Applicant: INTEL CORPORATION ,  CEN, Shanwei ,  BRANNOCK, Kirk D.

Inventor： CEN, Shanwei ,  BRANNOCK, Kirk D.

IPC: G06F21/82

CPC classification number: G06F21/575 ,  G06F21/82

Abstract: Methods and systems may provide for receiving at a secure element of a system, during a boot process of the system, a first pairing authentication value from a pairing agent. In addition, a pairing key may be received from the pairing agent, wherein the first pairing authentication value and the pairing key may be used to establish a trusted channel between the secure element and an input output (IO) device coupled to the system. In one example, the first pairing authentication value is accepted only if the first pairing authentication value is received prior to a predetermined stage of the boot process.

Abstract translation: 方法和系统可以提供在系统的引导过程中在系统的安全元件处接收来自配对代理的第一配对认证值。 另外，可以从配对代理接收配对密钥，其中第一配对认证值和配对密钥可以用于建立安全元件与耦合到系统的输入输出（IO）设备之间的信任信道。 在一个示例中，仅当在引导过程的预定阶段之前接收到第一配对认证值时才接受第一配对认证值。

公开(公告)号：WO2012039971A3

公开(公告)日：2012-07-19

申请号：PCT/US2011051160

申请日：2011-09-12

Applicant: INTEL CORP ,  WISHMAN ALLEN R ,  GHETIE SERGIU D ,  NEVE DE MEVERGNIE MICHAEL ,  WARRIER ULHAS S ,  KARRAR ADIL ,  MORAN DOUGLAS R ,  BRANNOCK KIRK

Inventor： WISHMAN ALLEN R ,  GHETIE SERGIU D ,  NEVE DE MEVERGNIE MICHAEL ,  WARRIER ULHAS S ,  KARRAR ADIL ,  MORAN DOUGLAS R ,  BRANNOCK KIRK

IPC: G06F9/06 ,  G06F9/44 ,  G06F12/14

CPC classification number: G06F21/60 ,  G06F21/572 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2137

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract translation: 公开了一种方法，装置，方法，机器可读介质和系统。 在一个实施例中，该方法包括处理器。 处理器包括在计算机平台的引导下将位于计算机平台中的平台固件更新机构切换到平台固件装甲技术（PFAT）模式。 该计算机平台包括存储平台固件的平台固件存储位置。 该方法然后响应于平台固件更新机制切换到PFAT模式而持久地锁定平台固件存储位置。 当持续锁定时，只有运行平台中的认证代码模块才允许写入平台固件存储位置，并且仅在平台固件更新机制解锁过程之后。

公开(公告)号：WO2005066772A2

公开(公告)日：2005-07-21

申请号：PCT/US2004/039481

申请日：2004-11-24

Applicant: INTEL CORPORATION ,  BRANNOCK, Kirk ,  GARNEY, John ,  COULSON, Richard

Inventor： BRANNOCK, Kirk ,  GARNEY, John ,  COULSON, Richard

IPC: G06F9/445

CPC classification number: G06F9/4403 ,  G06F8/60

Abstract: Briefly, in accordance with an embodiment of the invention, an apparatus and method to store initialization and configuration information is provided. The method may include storing basic input/output system (BIOS) software in a polymer memory. The method may further include copying a first portion of the BIOS software from the polymer memory to a random access memory (RAM) buffer of a memory controller, wherein the RAM buffer has a storage capacity of at least about two kilobytes (KB).

Abstract translation: 简而言之，根据本发明的实施例，提供了存储初始化和配置信息的装置和方法。 该方法可以包括将基本输入/输出系统（BIOS）软件存储在聚合物存储器中。 该方法还可以包括将BIOS软件的第一部分从聚合物存储器复制到存储器控制器的随机存取存储器（RAM）缓冲器，其中RAM缓冲器具有至少约两千字节（KB）的存储容量。