Abstract: An intrusion detection system, comprising a monitor to receive messages from a target over a low-latency communication link comprising a controlled access memory structure logically positioned between the target and the monitor using point-to-point interconnects, the controlled access memory structure to receive a message from the target indicating that the target has entered a controlled mode of operation.

Abstract: A bus between a requester and a target component includes a portion dedicated to carry information indicating a privilege level, from among a plurality of privilege levels, of machine-readable instructions executed on the requester.

Abstract: In an example there is provided a method of applying a mitigation action to a computing system. The method comprises receiving notification of an intrusion event on a computing system. The notification identifies one or more of data, and a process affected by the intrusion event. The method comprises accessing state data corresponding to a state of the computing system prior to the intrusion event, accessing a policy specifying one or more mitigation actions to be applied to the one or more of data, and a process in response to an intrusion event, restoring the one or more of data, and the process on the basis of the state data, and applying a mitigation action according to the policy.

Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.

Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) BIOS code. The examples detect whether a change has occurred to the SMM BIOS code based on the monitoring of the expected functionality. The change indicates that the SMM BIOS code is compromised.

Abstract: Examples associated with basic input/output system (BiOS) security are described. One example includes detecting a mismatch between an active BiOS setting and a saved BIOS setting. An update previously applied to the active BiOS setting is validated. The update Is applied to the saved BIOS setting creating an updated BIOS setting. The saved BIOS setting is updated when the updated BIOS setting and the active BIOS setting match. The saved BIOS setting is updated to the active BIOS setting. A security action is taken when the updated BiOS setting and the active BiOS setting differ.

Abstract: In one example, a system for a system management mode (SMM) privilege architecture includes a computing device comprising: a first portion of SMM instructions to set up a number of resources and implement a privilege architecture for the SMM of a computing device and a second portion of SMM instructions to execute a number of functions during the SMM of the computing device, wherein the privilege architecture assigns the first portion of SMM instructions to a first privilege level and assigns the second portion of SMM instructions to a second privilege level.

Abstract: Examples herein disclose a processor-based computing system. The system comprises at least one processor, a non-volatile memory comprising a basic input output system (BIOS), wherein the BIOS creates a data structure and sets up at least one verification software component executed by the processor, a controller communicatively linked to the at least one verification software component, and a memory comprising a system management memory coupled to the at least one processor and code which is executable by the processor-based system to cause the processor to validate the BIOS during a runtime of the processor-based system using the at least one verification software component and the controller.

Abstract: Example implementations relate to system management mode (SMM) test operations. For example, a system for SMM test operations may include a test mode initiation engine to reboot a computing device, and load an interface firmware engine into system management random access memory (SMRAM) associated with the computing device in response to the reboot, wherein the interface firmware engine includes a production interface firmware engine to perform the test operation on a known address space of the page of SMRAM. The system may include a test operation engine to cause the computing system to operate in a testing mode, wherein the testing mode includes operating the computing system in system management mode (SMM), in response to a test command, and perform a test operation on a page of system management random access memory (SMRAM) associated with the computing device when the computing device is operating in SMM.

Abstract: Examples relate to a network endpoint device of a first network infrastructure that facilitates remote attestation of the network endpoint device. In same examples, the network endpoint device comprises a trusted platform module and a processor that implements machine readable instructions that cause the network endpoint device to: receive a connection request from a computing device residing a second network infrastructure external to the first network infrastructure, the request comprising s security challenge; determine, based on a configuration of the network endpoint device, whether it can access information stored in the trusted platform module; and responsive to determining that information in the trusted platform module can be accessed, facilitate connection of the computing device to the network endpoint device by accessing the information and responding to the security challenge.

Abstract: An example method for migrating a live operating system from a first computing device to a second computing device is provided. The example method comprises (a) providing register values of a processor of a first computing device to a second computing device which is in communication with the first computing device; (b) providing contents of a dynamic random access memory, DRAM, of the first computing device to the second computing device; (c) storing the register values in a protected memory of the second computing device, wherein the protected memory is separate from a memory used by the second computing device during normal operation of the second computing device; (d) storing the contents of the DRAM of the first computing device in a DRAM of the second computing device; and (e) loading the register values from the protected memory to registers of a processor of the second computing device.

Abstract: A bus between a requester and a target component includes a portion dedicated to carry information indicating a privilege level, from among a plurality of privilege levels, of machine-readable instructions executed on the requester.

Abstract: A method for restricting write access to a non-volatile memory. The method includes receiving a request to write to a protected location in the non-volatile memory and determining whether the protected location is in a write-protected state. If the protected location is not in a write-protected state, the method includes writing data indicated by the request to the protected location. If the protected location is in a write-protected state, the method includes rejecting the request. The protected location stores a validation key to validate the contents of another portion of the non-volatile memory.

Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) BIOS code. The examples detect whether a change has occurred to the SMM BIOS code based on the monitoring of the expected functionality. The change indicates that the SMM BIOS code is compromised.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: A method and system is provided for operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorization data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: An apparatus includes a processor and a memory to implement a method to provide a proof that two or more instances of a data structure type are as trustworthy as each other.

Abstract: A method for managing access to a computing environment by a computing device includes providing at least one credential that identifies both the computing device and a user of the computing device, storing data at the computing environment relating to the computing device and the user in association with the credential, and selectively granting an access request received from the computing device using the credential in accordance with the data stored at the computing environment.

Abstract: A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.