Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: Methods, systems and computer program products are disclosed for enhanced system boot processing that is faster to launch an operating system, as certain devices such as user input hardware devices may not be initialized unless it is determined that a user-interruption to the boot process is likely. That is, although an interface for the devices is exposed, no initialization occurs unless a call to the interface occurs. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: A non-volatile random access memory (NVRAM) is used in a computer system to perform multiple roles in a platform storage hierarchy. The NVRAM is byte-addressable by the processor and can be configured into one or more partitions, with each partition implementing a different tier of the platform storage hierarchy. The NVRAM can be used as mass storage that can be accessed without a storage driver.

Abstract: Methods, systems and computer program products are disclosed for enhanced system boot processing that is faster to launch an operating system, as certain devices such as user input hardware devices may not be initialized unless it is determined that a user-interruption to the boot process is likely. That is, although an interface for the devices is exposed, no initialization occurs unless a call to the interface occurs. Other embodiments are described and claimed.

Abstract: When transitioning from sleep mode to active mode, a processing system loads first stage resume content and second stage resume content into a volatile memory of the processing system. The first stage resume content may contain contextual data for a first program that was in use before the processing system transitioned to sleep mode. The second stage resume content may contain contextual data for another program that was in use before the processing system transitioned to sleep mode. The processing system may provide a user interface for the first program before all of the second stage resume content has been loaded into the volatile memory. Other embodiments are described and claimed.

Abstract: A method and apparatus for providing platform initialization enhancements is discussed herein. In one embodiment, buses, activities, devices, and/or nodes to be processed during boot, are processed in a non-blocking fashion, which potentially results in faster boot times. Moreover, some devices/nodes, such as root nodes, may be boot in an early phase of initialization to enhance both available resources and initialization times. Furthermore, early connects in an early phase of initialization may be performed to construct partial or entire device paths, which also potentially results in faster boot times.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: Methods and apparatus are disclosed to self-initialize a processor. An example method disclosed herein detects a processor reset, receives initialization instructions from a core zone, establishes a core zone boundary, executes received initialization instructions, and publishes a data structure, the data structure comprising state information. Other embodiments are described and claimed.

Abstract: Embodiments of a system and method for enabling a target computer to download a boot image and operating system from a boot server computer over a network are described. The target computer system includes a host processor environment and a platform management coprocessor subsystem that includes a microcontroller for providing manageability of the target computer platform. During a network boot procedure, the platform management coprocessor code employs a network access channel to retrieve the boot server name and a network address for the target computer. The platform management coprocessor code implements security measures to help ensure secure interaction between the boot server and the target computer. Once the secure association is established, the network boot process uses the BIOS code for the successive bulk downloads of the operating system to be loaded onto the target computer. Other embodiments are described and claimed.

Abstract: A method and apparatus for providing platform initialization enhancements is discussed herein. In one embodiment, buses, activities, devices, and/or nodes to be processed during boot, are processed in a non-blocking fashion, which potentially results in faster boot times. Moreover, some devices/nodes, such as root nodes, may be boot in an early phase of initialization to enhance both available resources and initialization times. Furthermore, early connects in an early phase of initialization may be performed to construct partial or entire device paths, which also potentially results in faster boot times.

Abstract: When transitioning from sleep mode to active mode, a processing system loads first stage resume content and second stage resume content into a volatile memory of the processing system. The first stage resume content may contain contextual data for a first program that was in use before the processing system transitioned to sleep mode. The second stage resume content may contain contextual data for another program that was in use before the processing system transitioned to sleep mode. The processing system may provide a user interface for the first program before all of the second stage resume content has been loaded into the volatile memory. Other embodiments are described and claimed.

Abstract: Methods and apparatus for remotely managing a computer are disclosed. For example, a remote management agent is provided for use in a computer having a processor. The example remote management agent includes a communication agent in communication with the controller to contact a server before an operating system is loaded on the computer to obtain an initialization packet from a server and an initialization packet loader in communication with the controller to load the initialization packet in a protected memory area of the computer, before the operating system is loaded. The remote management agent also includes a monitoring agent, not associated with the operating system, in communication with the controller to monitor the computer for a communication from the server and a command line interface agent, also not associated with the operating system and in communication with the controller to interpret and respond to the communication from the server.

Abstract: When transitioning from sleep mode to active mode, a processing system loads first stage resume content and second stage resume content into a volatile memory of the processing system. The first stage resume content may contain contextual data for a first program that was in use before the processing system transitioned to sleep mode. The second stage resume content may contain contextual data for another program that was in use before the processing system transitioned to sleep mode. The processing system may provide a user interface for the first program before all of the second stage resume content has been loaded into the volatile memory. Other embodiments are described and claimed.