Abstract: Methods, systems, apparatuses and program products are disclosed for providing execution parallelism during the DXE phase of computer start-up. Provision is made for loading a microkernel (or other kernel program) which presents itself as though it were a DXE Driver and changes a single threaded environment into multithreaded. This is while the supervisor program continues its role as loader/initiator but remains unaware that it no longer has overarching control of Driver scheduling (which has been acquired by Kernel).

Abstract: A shared file system may be updated by a non-native operating system writing information to a change file, while a native operating system is in a suspend or hibernation mode; after writing, the non-native operating system is placed in a suspend or hibernation mode and the native system activates and then retrieves the updated information from the change file and writes the updated information to a shared file system. The native operating system returns to a suspend or hibernate state before the non-native operating resumes operation. The updated information may be written as provided by the non-native operating system, or further updated by the native operating system before being written to the shared file system. The change file is created by the native operating system, and may be a reserved portion of the shared file system or may be a separate portion of non-volatile memory.

Abstract: Methods, systems, apparatuses and program products are disclosed for communications such as may be used for debugging computers and similar electronic products at a level suitable for low level firmware. This may find application, for example, in environments after cache initialization around the time of memory bring up or motherboard device enumeration but including durability into and beyond software loading. GPIO (General Purpose input/output) connections may be used for communication that may, for some purposes, be regarded as half-duplex but without necessarily being anisochronous.

Abstract: A method for boot media loader that includes detecting bootable media independent of any media partitioning. When bootable media is detected, data is read from a predetermined location of the bootable media. Next, the file system type is determined from the read data. The boot loader code is loaded for the corresponding file system type from basic input and output system (BIOS) code, and execution control is transferred to the boot loader code.

Abstract: A method for providing a secure firmware operating environment includes detecting the presence of a new component, for example, a peripheral device. Next, a determination is made as to whether the peripheral device includes an option read-only memory. Next, a determination is made as to whether the option read-only memory is authorized to be executed on the corresponding device. If the option read-only memory is authorized, the code contained within the option read-only memory is executed. By only allowing execution of peripheral devices or components including authorized option read-only memories, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.

Abstract: A method and system for executing 32-bit flat address programs during a System Management Interrupt. The system provides a 16-bit SMI routine that is given control when an SMI occurs. That routine initially saves the state of the processor and then executes an instruction to switch to protected mode. When in protected mode, the routine transfers control to 32-bit code. The 32-bit code uses a global descriptor table that is different from that used by the interrupted operating system. When the 32-bit code completes, it restores the saved processor state and returns from the interrupt by executing an RSM instruction.

Abstract: A device and method for providing a secure execution environment includes retrieving a boot loader, for example, from the memory of an electronic device or from a peripheral component. Next, a determination is made as to whether the boot loader is authorized to be executed on the corresponding electronic device. If the boot loader is authorized, then the boot loader code is executed. By only allowing execution of authorized boot loaders, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.

Abstract: A device operating method includes saving initial state information of an electronic device. Next, transferring control of the electronic device to a principal operating system. After transferring control and upon receiving an operating system shut down indication signal, transferring control of the electronic device to an alternate operating system without performing a power on self test. An electronic device includes a processor and at least one memory. The memory maintains instructions, in the form of program code, that when executed by the processor causes the processor to save the initial state information of the electronic device. Next, control of the electronic device is transferred to a principal operating system. After the principal operating system has been launched and upon receiving an operating system shut down indication signal, transfer control of the electronic device to an alternate operating system without performing a power on self test.

Abstract: A method that allows the context of an SMI task to be saved between SMIs. Upon entering an SMI handler for a task that needs to be split up into shorter SMIs, a new task context stack is created in memory. From that point forward, the SMI handler uses the task context, leaving the original stack unchanged. When the time limit for a single SMI is about to be reached, the CPU is directed back to the original stack, and the task context stack persists in memory and retains the context of the task in hand. The soft SMI exits with a return code or other indication to signify that a new SMI should be invoked to continue processing. The driver or other software that caused the first soft SMI then invokes another, passing in a code or other indication to signify that this is a continuation of a previously started task. On entering the SMI handler for the second time, the handler notes the request for continuation, switches back to the saved task context stack and continues processing where it left off.

Abstract: Methods for processing basic input output system (BIOS) modules of a computer to initialize the computer. The computer includes a system memory, a central processing unit (CPU), a computer bus, a critical nonvolatile storage device, and a secondary nonvolatile storage device. Selected BIOS modules required for operation of the computer are transferred from the critical nonvolatile storage device, and optionally a protected area of the secondary nonvolatile storage device, to system memory and executed to initialize the computer. Minimal BIOS initialization code is stored in a first portion of the critical nonvolatile storage device which is operative to initialize the CPU and the system memory. Additional BIOS modules are stored in the critical nonvolatile storage device or the protected area of the secondary nonvolatile storage device. A dispatch manager is stored in a second portion of the critical nonvolatile storage device.

Abstract: Systems, methods and software that enable multiple servers to verify a password, without providing any single server, client or network attacker with the ability to validate guesses for the password off-line is disclosed. Password security is maintained in a very simple model, requiring no previously secured or server-authenticated channel between the client and any servers. Data may be protected by a small password, and no other keys, remains secret even against an enemy that compromises any, but not all, of two or more cooperating authenticating servers.

Abstract: Systems, methods, and software for reducing system management interrupt (SMI) latency while operating in system management mode. The present invention implements a technique for exiting system management mode while waiting for polled hardware events, handling any pending lower-priority interrupts and then resuming polling. The present invention does this by multi-threading SMI source handlers, using an idle thread, and using protocols for software-generated system management interrupts that insure that lower priority interrupts are serviced.

Abstract: Methods are described for two parties to use a small shared secret (S) to mutually authenticate one another other over an insecure network. The methods are secure against off-line dictionary attack and incorporate an otherwise unauthenticated public key distribution system. One embodiment uses two computers Alice and Bob, and a Diffie-Hellman exponential key exchange in a large prime-order finite group. Both parties choose the same generator of the group (g) as a function of S. Alice chooses a random number RA, and sends gRA to Bob. Bob chooses a random RB, sends gRB to Alice. Both compute a shared key K=g(RARB). Each party insures that K is a generator of the group, verifies that the other knows K, and then uses K as an authenticated key. Constraints are described to prevent passive and active attacks. An extension is described where Alice proves knowledge of S to Bob who knows only a one-way transformation of S.

Abstract: Systems, methods and software that use a programmable lock bit that disables read access to a firmware ROM until the CPU is reset or enters into a secure CPU mode. The present invention provides for secure system firmware by preventing access to and reading of the contents of the firmware ROM.

Abstract: An interrupt 21h read only memory (ROM) client loader that allows firmware that is tightly coupled to a platform, such as a BIOS on a motherboard, for example, to present an operating system with installed applications. The interrupt 21h ROM client loader allows ROM-based applications to be installed on a storage device using native (DOS) filing system services of the operating system. The Int 21h ROM client loader comprises software code residing in flash memory that gauges the time when DOS filing system services are stable enough to permit execution of a payload delivery application to deliver the payload to the storage device. The Int 21h ROM client loader interacts with the DOS filing system to determine the time to execute the payload delivery application. This is triggered when an operating system Int 13h call is made to the BIOS which is read by the Int 21h ROM client loader and which thereafter invokes the payload delivery application to deliver the payload to the storage device.

Abstract: A secure method for implementing virus protection on a computer system including an Extensible Firmware Interface (EFI), a hard disk, a nonvolatile memory and a BIOS is disclosed. A command is added to the command shell of the EFI which results in the automatic copying of the boot sector of the hard disk to the nonvolatile memory when the computer system is initialized. The boot sector of the hard disk is automatically read back from the nonvolatile memory on each boot, which bypasses the boot sector access of the hard disk during system initialization; thereby, protecting the computer system from and eliminating potential viruses. The command shell of the EFI may also be modified to include a command to include a security signature input field. The required signature is provided by the user prior to updating the stored boot sector.

Abstract: In accordance with one aspect of the current invention, the system comprises a memory for storing instruction sequences by which the processor-based system is processed, where the memory includes a physical memory and a virtual memory. The system also comprises a processor for executing the stored instruction sequences. The stored instruction sequences include process acts to cause the processor to: map a plurality of predetermined instruction sequences from the physical memory to the virtual memory, determine an offset to one of the plurality of predetermined instruction sequences in the virtual memory, receive an instruction to execute the one of the plurality of predetermined instruction sequences, transfer control to the one of the plurality of predetermined instruction sequences, and process the one of the plurality of predetermined instruction sequences from the virtual memory.

Abstract: A method 20 and computer apparatus for using available firmware flash ROM space as a diagnostic drive. The computer apparatus has a nonvolatile random access memory, an Extensible Firmware Interface (EFI) and a basic input and output system (BIOS). To implement the functionality provided by the present invention, a command shell of the EFI is modified to include the EFI driver and operates to configure available flash space normally reserved for firmware (BIOS) as a diagnostic disk drive. The modified EFI and the EFI driver are stored in the flash memory. When the computer system 10 is initialized (booted), the EFI driver configures the available space in the flash memory that is not allocated to the firmware as the diagnostic disk drive. Diagnostic programs are loaded into the diagnostic disk drive, which are selectively run by a user, such as by using the command shell.

Abstract: Improvements to computer systems and methods that permit platform identification to provide service and technical support to users. The present invention employs a compact Internet agent that is preferably part of a basic input output system (BIOS) of user computer systems. An operating system of the user computer systems operate to set up a registry. Each user computer system contains a web browser that is used to contact the central server by way of the Internet, for example when it is launched. The Internet agent is used to identify the user computer system during system BIOS boot. The BIOS launches when a user computer system is turned on, which launches the Internet agent. The Internet agent adds a predetermined number (preferably two) MIME (Multipurpose Internet Mail Extension) headers to a registry. The default browser web page is changed to point to a web page on the central server.

Abstract: The present invention is a method and apparatus to display information. The method comprises retrieving a first value representative of a first device parameter, and detecting a second value representative of a second device parameter. A template corresponding to a graphic object is retrieved from a storage. A graphic attribute that characterizes the graphic object is generated from the template. The first and second values displayed and an image is generated from the graphic object according to the graphic attribute.