Abstract: A method for booting into computer memory a non-operating system (O.S.) program from a hard disk drive (HDD) prior to booting into memory an O.S. from the HDD. The method includes establishing a table of contents (TOC) on the HDD that contains entries for special O.S. programs. A pointer to the TOC is placed in non-volatile memory of the computer that is associated with the HDD, and when BIOS of the computer is prompted to load into memory one of the special O.S. programs, the pointer is accessed and used to locate the TOC, which in turn is accessed to load the special O.S. program.

Abstract: An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.

Abstract: An apparatus, system, and method are disclosed for selecting a waking process. An input module receives a specified input during the off state of a data processing device. In addition, the input module stores the input in the storage module. The storage module may be integrated within the input module. The input module activates the data processing device in response to the input. A wake module retrieves the input from the storage module. In addition, the wake module determines a process that corresponds to the input. The wake module wakes the data processing device using the process.

Abstract: When a disk sector is written to, a bit for the sector is set indicating that the sector will require secure data disposal (SDD) to be run on it. To save time during end of life disposal, SDD is executed only on sectors whose bits indicate that they have been written to. SDD can be executed on each dirty sector in one operation at end of life or incrementally during use as disk activity permits.

Abstract: An apparatus, system, and method are disclosed for rapid wireless network association. The apparatus includes a logic unit containing a plurality of modules configured to functionally execute the necessary steps of conducting a preliminary full band search on a predefined frequency spectrum to identify the frequency of an active communication channel, investigate the availability of the active communication channels identified during the preliminary search, and associate with a wireless network device on the available active communication channel. These modules in the described embodiments include a search module, an investigation module, and an association module. Beneficially such an apparatus, system, and method provide for more efficient searching, scanning, and association than typically found in wireless networks.

Abstract: If a user forgets the power-on password of his computer, he can depress the “enter” key or “access” key once to cause the BIOS to locate the power-on password in memory and attempt to unlock the HDD using the power-on password to boot a secure O.S. The HDD password either can be the same as the power-on password or the HDD can recognize the power-on password for the limited purpose of allowing access to the secure O.S. In any case, the secure O.S. is booted for password reset.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy.

Abstract: A system, method, and program product is provided that updates the firmware on a hybrid drive by reserving a memory area within the hybrid disk drive's nonvolatile memory buffer. The firmware update is then stored in the reserved memory area. The next time the platters of the hybrid disk drive spin up, the firmware update that is stored in the reserved memory area is identified. The identified update is then written to a firmware memory of a firmware that controls the operation of the hybrid drive. In one embodiment, the update is written to the firmware memory by flashing the firmware's memory. After the firmware is updated, the hybrid drive is reset. Resetting of the hybrid drive includes executing the updated firmware.

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A computer determines whether it has been booted from a hard disk drive or from an alternate source (e.g., a floppy drive or portable memory) that entails a higher risk of importing a virus into the computer, and if it is determined that a non-HDD source was booted from, corrective action such as a virus scan can be preemptively taken.

Abstract: A client computer is connected via a network to an anti-virus server. A signal from the anti-virus server notifies the client computer that an anti-virus needs to be immediately downloaded from the anti-virus server. The client computer disengages from the network, and re-establishes a link with only the trusted anti-virus server. The anti-virus fix is installed, the client computer re-booted, and the client computer is then allowed to reconnect to the full network. If the client's primary operating system (OS) is infected, a secondary OS in the client computer performs the anti-virus download and execution. The disengagement from the network is performed by applying a filter in a network interface card (NIC) driver by the primary OS, the secondary OS, a service processor (SP), or by a virtual machine manager (VMM), depending on which is available at the client computer.

Abstract: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.

Abstract: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

Abstract: An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module.

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract: A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device.

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

Abstract: Arrangements for permitting incoming mail to be transferred from a WAN Drive to a notebook computer hard drive under conditions that are not stressful to the hard drive. Preferably, a WAN card is configured to wake a notebook when mail capacity is full or close to full. Mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. In a variant embodiment, the WAN card may preferably be configured to wake a notebook when mail is received at all. Again, mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. Once mail is moved to the hard drive, the system preferably runs an embedded email program that allows the user to employ an existing VPN infrastructure.