Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: Methods and arrangements to launch trusted, distinct, co-existing environments are disclosed. Embodiments may launch trusted, distinct, co-existing environments in pre-OS space with high assurance. A hardware-enforced isolation scheme may isolate the partitions to facilitate storage and execution of code and data. In many embodiments, the system may launch a partition manager to establish embedded and main partitions. Embedded partitions may not be visible to the main OS and may host critical operations. A main partition may host a general-purpose OS and user applications, and may manage resources that are not assigned to the embedded partitions. Trustworthiness in the launch of the embedded partition is established by comparing integrity metrics for the runtime environment against integrity measurements of a trusted runtime environment for the embedded partition, e.g., by sealing a cryptographic key with the integrity metrics in a trusted platform module. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: Methods and arrangements to launch trusted, distinct, co-existing environments are disclosed. Embodiments may launch trusted, distinct, co-existing environments in pre-OS space with high assurance. A hardware-enforced isolation scheme may isolate the partitions to facilitate storage and execution of code and data. In many embodiments, the system may launch a partition manager to establish embedded and main partitions. Embedded partitions may not be visible to the main OS and may host critical operations. A main partition may host a general-purpose OS and user applications, and may manage resources that are not assigned to the embedded partitions. Trustworthiness in the launch of the embedded partition is established by comparing integrity metrics for the runtime environment against integrity measurements of a trusted runtime environment for the embedded partition, e.g., by sealing a cryptographic key with the integrity metrics in a trusted platform module. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: Methods and arrangements to launch trusted, distinct, co-existing environments are disclosed. Embodiments may launch trusted, distinct, co-existing environments in pre-OS space with high assurance. A hardware-enforced isolation scheme may isolate the partitions to facilitate storage and execution of code and data. In many embodiments, the system may launch a partition manager to establish embedded and main partitions. Embedded partitions may not be visible to the main OS and may host critical operations. A main partition may host a general-purpose OS and user applications, and may manage resources that are not assigned to the embedded partitions. Trustworthiness in the launch of the embedded partition is established by comparing integrity metrics for the runtime environment against integrity measurements of a trusted runtime environment for the embedded partition, e.g., by sealing a cryptographic key with the integrity metrics in a trusted platform module. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: In a many core system, receiving a call to a graphics driver; translating the call into a command executable on a core of the many core system; and executing the translated call on the core.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: Methods and arrangements to launch trusted, distinct, co-existing environments are disclosed. Embodiments may launch trusted, distinct, co-existing environments in pre-OS space with high assurance. A hardware-enforced isolation scheme may isolate the partitions to facilitate storage and execution of code and data. In many embodiments, the system may launch a partition manager to establish embedded and main partitions. Embedded partitions may not be visible to the main OS and may host critical operations. A main partition may host a general-purpose OS and user applications, and may manage resources that are not assigned to the embedded partitions. Trustworthiness in the launch of the embedded partition is established by comparing integrity metrics for the runtime environment against integrity measurements of a trusted runtime environment for the embedded partition, e.g., by sealing a cryptographic key with the integrity metrics in a trusted platform module. Other embodiments are described and claimed.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: In a many core system, receiving a call to a graphics driver; translating the call into a command executable on a core of the many core system; and executing the translated call on the core.