Abstract: Aspects of the disclosure relate to monitoring a computing network to determine data exfiltration. A computing platform may use time-series modeling to determine anomalous network activity with respect to outgoing data. Additional aspects of this disclosure relate to analysis of web activities associated with a user to determine compromised user accounts/devices. The computing platform may use domain categorization to determine if web activity associated with a user is anomalous.

Abstract: A distributed computing system is described that leverages a nearline storage layer to minimize the downtime required for bootstrapping a new computing cluster in the distributed computing system. The system executes a computing cluster comprising a set of computing nodes and determines a set of one or more data segments to be written to a nearline storage system. The system writes the data segments to the nearline storage system. In certain examples, the system receives a request to create a second computing cluster and responsive to the request, bootstraps the second computing cluster using the set of data segments stored on the nearline storage system. The system additionally leverages the nearline storage layer to accelerate query processing by the computing nodes of a computing cluster.

Abstract: An enterprise security system is improved by managing network flows based on an application type. When a network message having an unknown application type is received at a gateway, firewall, or other network device/service from an endpoint, the endpoint that originated the network message may be queried for identifying information for the source of the network message and the application type may be determined, or the endpoint may periodically communicate application type information to the network device in a heartbeat or other periodic communication or the like. The network message may be managed along with other network traffic according to the application type.

Abstract: Embodiments include apparatuses for rebooting an electronic device. In an embodiment, an apparatus includes a data interface, a first power port, a second power port, a switch, and a processor. The data interface is configured to connect to the electronic device. The first power port is configured to receive power from a power source and the second power port is configured to deliver power to the electronic device. The switch is configured to connect the first power port to the second power port. The processor conducts data communications monitoring of the electronic device via the data interface and reboots the electronic device responsive to the data communications monitoring.

Abstract: A Platform Environment Control Interface (PECI) signal interconnection method and system for a server, a computer device and a readable storage medium are provided. The method includes: acquiring a partition mode of the server; sending a corresponding first control signal and a corresponding second control signal to each computing node according to the partition mode; controlling a channel selection of a first switch on the corresponding computing node by the corresponding first control signal and controlling a channel selection of a second switch on the corresponding computing node by the corresponding second control signal; and transmitting PECI signals of the corresponding computing node through channels connected by the first switch and channels connected by the second switch. According to the described solution, interconnection routing of the PECI signals in a single-partition mode and a dual-partition mode may be achieved by using only one backplate.

Abstract: A method includes protecting a boot sequence of a processing device by incrementing a counting value generated by a monotonic counter, then a first time period after the beginning of the boot sequence, comparing, by the protection circuit, the counting value with a first reference value, and, if the counting value is smaller than the first reference value, changing, by the protection circuit, the counting value to the first reference value.

Abstract: A first flag is set on a backup file to which data to be backed up is written. The first flag indicates that the backup file should be automatically retention locked after a cooling off period is over. Before the cooling off period is over, a request is received to open the backup file for writes. The request is allowed and upon allowing the request, the first flag is cleared and a second flag is set on the backup file indicating that writes are in progress. The clearing of the first flag excludes the backup file from being automatically retention locked after the cooling off period is over.

Abstract: A system for securely and reliably transferring startup script files over a network may include a unified extensible firmware interface (UEFI) network stack on a client server wherein the client server requests startup script over the network upon startup of the client server using a secure transfer network protocol and receives over the network the startup script. A computing device may comprise a unified extensible firmware interface (UEFI) shell to request a download of startup script, over a network, upon startup of the client server wherein the startup script is staged in a provisioned storage device within the client server to be mounted as local file systems in the client server. The UEFI shell.

Abstract: A memory device can be operated with a set of refresh control features. A host can access the memory device to discover the set of refresh control features. The host can command the memory device to change at least one of the set of refresh control features. The memory device can be operated with the original and/or changed set of refresh control features.

Abstract: Example implementations relate to system and method of signing a boot information file by a manageability controller, and interlocking host computing system to signed boot information file. The boot information file may include a boot loader file and/or an OS kernel file of the host computing system. The manageability controller receives the boot information file from a processor of a computing device. Further, the manageability controller signs the boot information file with a hashed data of a unique identifier, to generate and communicate the signed boot information file to the processor. Later, the manageability controller updates a boot database stored in non-volatile random-access memory of a firmware engine of the host computing system with a thumbprint data of the signed boot information file to interlock the host computing system to the signed boot information file, in response to successful download of the signed boot information file by the processor.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes a first processor configured to execute a custom BMC firmware stack, and a second processor including executable instructions for receiving a request to perform a test on the first processor in which the request is received through a secure communication session established with a remote IHS. The instructions further perform the acts of controlling the first processor to perform the test according to the request, the first processor generating test results associated with the test, and transmitting the test results to the remote IHS through the secure communication session.

Abstract: A system and method for storing data associated with a system management interrupt (SMI) in a computer system. Notification of a system management interrupt is received on a central processing unit. The central processing unit enters a system management mode. A system management handler of a basic input output system (BIOS) is executed by a bootstrap processor of the central processing unit. The system management interrupt is initiated via the bootstrap processor. The system management interrupt data is stored in a register of the bootstrap processor. The SMI data is converted to an accessible format. The converted SMI data is stored in a memory.

Abstract: A basic input output system (BIOS) of an information handling system may access a first list indicating one or more activation statuses of one or more BIOS firmware modules. The BIOS may determine a BIOS firmware module of the one or more BIOS firmware modules to load based, at least in part, on the first list. The BIOS may load the determined BIOS firmware module during booting of the information handling system.

Abstract: A system includes a memory programmed with multiple firmware images each having a distinct entry point, a processor, a writable hardware register initially seeded with an initial firmware image entry point address. A controller external to the processor, prior to an initial processor reset, reads the hardware register and causes the processor to begin fetching instructions at the initial firmware image entry point read from the hardware register. Prior to a subsequent reset, the external controller facilitates at least one transition to at least one of the multiple firmware images other than the initial firmware image by reading the entry point of the other firmware images from the hardware register and causing the processor to begin fetching instructions at the entry point of the other firmware images read from the hardware register.

Abstract: A native restart controller restarts services in a controlled manner. The services run in a cloud computing environment comprising a plurality of computing devices executing a plurality of Kubernetes pods comprising one or more containers. An indication is received of a deployment defining a service to be implemented in the cloud computing environment, the deployment including a desired number of instances of the service. An API is instantiated that is operable to provide a first state indicative of whether restarts are to be controlled by the restart controller and a second state indicating that a restart is required. In response to receiving an indication that restarts for the cluster are to be controlled by the restart controller and that a restart is required, the instances are restarted in a sequence in accordance with restart criteria associated with the service.

Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: An operating method of an electronic device including controllers includes updating, by a first-level controller of the controllers, a first-level firmware of the the first-level controller, writing, by the first-level controller, a second-level firmware to one of second-level controllers of the controllers having a lower level than the first-level controller, booting, by the one of the second-level controllers, by performing a reset operation, verifying, by the first-level controller or the booted second-level controller, whether there is a target second-level controller with out-of-date firmware, and writing, by the first-level controller or the booted second-level controller in response to a result of the verifying, the second-level firmware to the target second-level controller.

Abstract: The invention is directed to an autonomous, self-authenticating and self-contained secure boot-up system and methods for field programmable gate arrays (FPGAs) that leverages physical unclonable functions (PUFs).

Abstract: An electronic apparatus and a secure firmware update method thereof are provided. The electronic apparatus includes a first integrated circuit chip, a first non-volatile memory chip, a second integrated circuit chip and a second non-volatile memory chip. The first integrated circuit chip includes a secure firmware update console, and the first non-volatile memory chip includes a spare data storage space. The first non-volatile memory chip and the second non-volatile memory chip store a first firmware code of the first integrated circuit chip and a second firmware code of the second integrated circuit chip, respectively. Firmware code update data are transferred to and stored in the spare data storage space. The secure firmware update console performs a firmware update procedure by writing the firmware code update data into the second non-volatile memory chip to overwrite the second firmware code after passing a verification procedure on the firmware code update data.

Abstract: A new approach is proposed that contemplates systems and methods to support post reset fuse reload for latency reduction. First, values of fuses are read once and stored into one or more load registers on an electronic device, wherein the load registers are protected. Once the values of the fuse are loaded into the load registers, a valid indicator of the load registers is set indicating that the values have been successfully loaded into the load registers. When other components of the electronic device need to access these values, the other components will check the load registers first. If it is determined that the valid indicator of the load registers is set, the stored values are read from the load registers instead of from the fuses. If the valid indicator of the load registers is not set, the values are loaded again from the fuses into the load registers.

Abstract: Described herein is a framework for secure boot process. In accordance with one aspect, in response to detecting a power signal, a first boot software component according to a boot sequence is loaded. In response to determining no event has occurred, at least one additional boot software component is successively loaded according to the boot sequence in an uninterrupted boot process. In response to determining the end of the boot sequence is reached, the operating system may then be loaded.

Abstract: A boot method for an embedded system is provided. The embedded system includes two mainboards each provided with a baseboard management controller (BMC), a non-volatile memory unit and a network adapter. When the embedded system is turned on, each of the BMCs performs a boot procedure, and then loads an operating system (OS) image file from a corresponding non-volatile memory unit to execute an operating system. When one BMC fails to load the OS image file or to execute the operating system, the BMC causes the corresponding network adapter to communicate with the other network adapter to acquire the OS image file from the non-volatile memory unit on the other mainboard, so as to replace the OS image file in the corresponding non-volatile memory unit, and directly loads the OS image thus acquired to execute the operating system.

Abstract: A new approach is proposed to support hardware-based PCIe link up based on post silicon characterization of an electronic device. A non-volatile storage medium of a bootup unit on the electronic device maintains an initialization sequence for the physical layer of a PCIe link, and a non-volatile storage medium allows flexible programming. During operation, the bootup unit reads from the non-volatile storage medium instructions to program/override one or more PCIe physical layer settings and controller registers for the PCIe link based on the post silicon characterization of the electronic device. The bootup unit is limited to access and override only to the one or more physical layer settings and controller registers of the PCIe link. The entire process of reading the initialization sequence and programming the one or more PCIe physical layer settings and the controller registers happens within time limit constraints of the PCIe specification for latency reduction.

Abstract: A method of remotely modifying a basic input/output system (BIOS) configuration setting includes steps of: transmitting, by a remote computer, a modification instruction to a cloud server; transmitting, by the cloud server to a POS system, a new configuration value of the BIOS configuration setting contained in the modification instruction; determining, by an embedded controller of the POS system, whether the new configuration value is identical to an original configuration value of the BIOS configuration setting; and by the embedded controller when a result of the determination is negative, updating the BIOS configuration setting and transmitting a response instruction to the remote computer.

Abstract: Methods and systems are disclosed that initiate, during a power-on self-test of a computer system, a pre-registered handler for accessing, modifying, or a combination thereof one or more registers within a basic input output system (BIOS) of the computer system. A request to access, modify, or a combination thereof at least one register of the one or more registers within the BIOS is received during runtime of an operating system of the computer system. The request with the pre-registered handler is processed to access, modify, or a combination thereof at least one register of the one or more registers within the BIOS corresponding to the request. A response to the request is provided based on data from the at least one register obtained by the pre-registered handler.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may retrieve a first hash value of a key manifest public key from a one time programmable memory medium; determine a second hash value of the key manifest public key; retrieve a third hash value of an initial boot block from the boot policy manifest; determine a fourth hash value of the initial boot block; determine that the third hash matches the fourth hash value; execute the initial boot block; validate subordinate certificates with a root certificate; determine firmware hash values respectively from the firmware volumes; decrypt signatures respectively associated with the firmware volumes to obtain respective decrypted signatures, in which the signatures are decrypted with public encryption keys of the respective subordinate certificates; determine that the firmware hash values respectively match the decrypted signatures; and execute the firmware volumes.

Abstract: Disclosed are systems and methods for autonomous computing replacing or augmenting a human user of computer programs, where access to internal operations of the computer program is not used. An application controller can use the display output of a computer program to determine a current state of the computer program, using the disclosed embodiments. For example, identity of menu options of the computer program can be determined from image frames obtained from the display output of the computer program and used to determine the current state of the computer program. The application controller can provide input commands to the computer program to execute the computer program from the current state to a destination state.

Abstract: A first appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: A setting to be applied at a docking station is obtained, either from a memory of the docking station, or from another device connected to a network by first obtaining, from a user device connected to the docking station, an identity of the user device and/or an identity of a user of the user device. Based on the identity of the user and/or the user device, a configuration set, of a plurality of configuration sets, that identifies at least one setting to be applied at the docking station is obtained and a setting to apply at the docking station is determined based at least partly on the configuration set. The docking station may store a set of docking station specific settings which can be used in conjunction with the setting(s) determined from the configuration set.

Abstract: Biometric data are obtained from biometric sensors on a stand-alone computing device, which may contain an ASIC, connected to or incorporated within it. The computing device and ASIC, in combination or individually, capture biometric samples, extract biometric features and match them to one or more locally stored, encrypted templates. The biometric matching may be enhanced by the use of an entered PIN. The biometric templates and other sensitive data at rest are encrypted using hardware elements of the computing device and ASIC, and/or a PIN hash. A stored obfuscated Password is de-obfuscated and may be released to the authentication mechanism in response to successfully decrypted templates and matching biometric samples. A different de-obfuscated password may be released to authenticate the user to a remote or local computer and to encrypt data in transit. This eliminates the need for the user to remember and enter complex passwords on the device.

Abstract: Examples described herein provide a hardware-software interface solution reads the boot code in segments into a buffer. A given boot code segment is stored in the buffer. A second buffer can be written-to with another boot code segment while the boot code segment in the buffer is read-from. A central processing unit (CPU) socket provides coordination such that one or more CPU sockets have copied the segment before permitting the segment to be overwritten in the buffer.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes instructions for executing a bootloader to verify an integrity of a first firmware stack, and boot the first firmware stack on a first processor. Once booted, the first firmware stack verifies the integrity of a first code segment on a second processor that is also used to execute a custom BMC firmware stack. The first code segment is executed to verify the integrity of one or more vendor supplied code segments executed on the second processor.

Abstract: A system, method, and apparatus are provided for securely controlling operations of a data processing system by activating a security subsystem to control startup behavior of application subsystems, installing SMR parameters which include an initial authenticity proof for use with an initial verification process for the SMR and calculating an alternate authenticity proof for use with a subsequent verification process for the SMR, and then by subsequently verifying the SMR using the alternate authenticity proof for the subsequent verification process applied to the SMR so that the security subsystem can apply a comprehensive system reaction for the application subsystem based on the SMR verification results.

Abstract: The invention is that of systems and methods for communications between one or more networks and subsequently network devices configured with a networking application for processing network based communications when the devices are on different logical and physical networks. The methods herein involve translation of remote IP addresses of LAN devices to addresses comprising headend network prefixes, to allow for LAN extension of remote to headend networks and communications between devices on the disparate networks. Data packets from a remote LAN interface are transferred to an outbound interface once translated, then forwarded via a formed bridged tunnel link to a headend network device. A server comprising a local LAN and outbound interface is further configured with a NAT module for IP address translation and an optional security module for additional authenticity verification of remote devices attempting to penetrate the headend network.

Abstract: A method is provided for authenticating firmware images in an embedded system. The method may include loading and executing a trusted firmware using a pre-existing Secure Boot on a baseboard management controller (BMC). The BMC is configured as a master for an embedded system including System On Chips (SOCs) configured as slaves, out-of-band interfaces between the BMC and the SOCs, and flash storages in electrical communication with the SOCs. The method may also include pushing or uploading, by the BMC, a secure SOC firmware image to one of the SOCs using one of the out-of-band interfaces, verifying a digital signature extracted from the SOC firmware image by using a hash code calculated from the SOC firmware image and decrypted using a public key stored on the BMC and notifying a user about verification of the digital signature.

Abstract: A method for obtaining a cluster feature code includes: determining a plurality of key nodes from respective nodes in a cluster; obtaining plaintexts of feature codes of the respective key nodes; according to the plaintexts of the feature codes of the respective key nodes, obtaining ciphertexts of the feature codes of the respective key nodes, by utilizing a first-level public key; calculating a check code according to the ciphertexts of the feature codes of the respective key nodes; and according to the check code, obtaining the cluster feature code, by utilizing a second-level public key. By means of the present application, the scope of influence on the entire system when system nodes change is reduced.

Abstract: A computer system may comprise a non-volatile memory to store executable Basic Input/Output System (BIOS) code, a computer-readable medium to store an operating system based on an image, and a processor coupled to the non-volatile memory and the computer-readable medium. Execution of the executable BIOS code may cause the processor to store the operating system to the computer-readable medium based on the image.

Abstract: A method is implemented by a system on chip and includes: receiving a volume attaching request sent by the public cloud management component, where the volume attaching request includes an identifier of a system volume; and storing the identifier of the system volume based on the volume attaching request, where when the bare-metal server is started, the bare-metal server uses the identifier of the system volume to determine the system volume, and starts an operating system of the bare-metal server based on the system volume, and the system volume stores a file used for starting the operating system of the bare-metal server.

Abstract: The disclosed embodiments relate to secure booting of memory device. The disclosed embodiments generate measurement data associated with a memory device. Next, the disclosed embodiments read a golden measurement from a secure location in the memory device, the golden measurement generated based on a version of the data associated with the memory device, and therefore it is unique to the device. The disclosed embodiments validate the golden measurement value using a public key and determine whether the golden measurement is equal to the measurement data. The golden measurement value can also be saved in a write protected area which can only be changed by a secure write command, therefore, it is imutable by others. Finally, the disclosed embodiments continue a boot process when the golden measurement is equal to the measurement data.

Abstract: The disclosed computer-implemented method for preventing potential phishing attacks by translating double-byte character set domain name system records may include (i) extracting a domain extension from a double-byte character set (DBCS) domain name in a universal resource locator (URL) received by a computing device, (ii) identifying a locale code associated with a language utilized on the computing device, (iii) determining if the domain extension matches the locale code, (iv) translating the DBCS domain name to a corresponding single byte character set (SBCS) domain name system (DNS) record when the domain extension matches the locale code, and (v) performing a security action that protects against a potential phishing attack based on the translated DBCS domain name. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems, apparatuses, and methods related to configurable media structure are described. A memory device can be configured to boot up in a variety of configurations. The variety of configurations can include using the memory device for persistent memory storage, for non-persistent memory storage, etc. For instance, an apparatus can include a first memory array and a second memory array. The apparatus can include a memory controller coupled to the first memory array and the second memory array. The second memory array can be configured to store at least two boot images. The first memory array can be configured to operate based on which of the at least two boot images is used.

Abstract: An information handling system includes a memory manager that may detect corruption of a non-volatile random-access memory, and perform a recovery process of the non-volatile random-access memory that includes determining whether a header of the non-volatile random-access memory is corrupted. If the header is not corrupted, then a data region associated with the header may be recovered from recovery data values in a spare store in the non-volatile random-access memory. If the header is corrupted, then the header and the data region may be recovered from default data values.

Abstract: An indication that a virtual machine is starting is received. Requested data blocks associated with the virtual machine are identified. Based on identifiers of the requested data blocks, a trained learning model is used to predict one or more subsequent data blocks likely to be requested while the virtual machine is starting. The one or more subsequent data blocks are caused to be preloaded in a cache storage.

Abstract: Systems, methods and computer software are disclosed for performing a secure software update in a mesh network. In one embodiment, a method is disclosed, comprising: receiving, at each node of a network, a notification from a coordinating server, wherein each node of the network is listening for an image available notification; receiving, at a first node of the network, the image available notification; downloading and installing a software update image by the first node of the network; broadcasting, at the first node of the network, the image available notification to other peer nodes of the first node of the network; and downloading and installing the software update image from the first node of the network by at least one other peer node of the network.

Abstract: A secure Basic Input/Output System (BIOS)-enabled passthrough system includes a computing device having a computing device component, and a BIOS subsystem in the computing device that is coupled to the computing device component. The BIOS subsystem enables primary access to the computing device component to BIOS drivers. The BIOS subsystem may receive a secondary access session start request from a first BIOS driver to start a secondary access session to use secondary access to the computing device component, it retrieves a first BIOS driver identifier for the first BIOS driver based on the secondary access session start request, determines that the first BIOS driver identifier is a secondary-access-authorized BIOS driver identifier and, in response, begins the first secondary access session and may performs secondary access operation(s) on the computing device component in response to receiving secondary access command(s) from the first BIOS driver during the secondary access session.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more methods may: register a subroutine configured to store multiple addresses of a volatile memory medium VMM of an information handling system (IHS); for each IHS initialization executable/OS executable pair of multiple IHS initialization executable/OS executable pairs: retrieve, from a first non-volatile memory medium (NVMM), an IHS initialization executable of the IHS initialization executable/OS executable pair; copy, by the IHS initialization executable, an OS executable of the IHS initialization executable/OS executable pair from the first NVMM to the VMM; call, by the IHS initialization executable, the subroutine; store, by the subroutine, an address associated with the OS executable via a data structure stored by the VMM; and copy, by a first OS executable, the OS executable from the VMM to a second NVMM based at least on the address associated with the OS executable.

Abstract: A method for communicating data requests to one or more data sources. The method includes receiving a data request, with which data of one or more data types are requested, from an application, and checking the availability of one or more data sources that are able to provide the one or more requested data types. The method further comprises: if at least one of the one or more data sources is available, sending a request to the available data source for the requested associated data type that the data source can provide; and, if no data source is available for at least one of the requested data types, sending a request for this data type to a placeholder module.

Abstract: A method of remotely modifying a basic input/output system (BIOS) configuration setting includes steps of: transmitting, by a remote computer, a modification instruction to a cloud server; transmitting, by the cloud server to a POS system, a new configuration value of the BIOS configuration setting contained in the modification instruction; determining, by an embedded controller of the POS system, whether the new configuration value is identical to an original configuration value of the BIOS configuration setting; and by the embedded controller when a result of the determination is negative, updating the BIOS configuration setting and transmitting a response instruction to the remote computer.

Abstract: An information handling system may detect an exception, create a hand-off block in an NVMe boot partition in an NVMe device during a pre-extensible firmware interface phase of a boot process, and update the hand-off block with information associated with the exception. The system may also load an exception table to the NVMe boot partition, wherein the exception table includes an index associated with the exception that is mapped to a vector associated with an exception handler, and load the exception handler to the NVMe boot partition, wherein the exception handler resolves the exception.

Abstract: Embodiments of the present disclosure advantageously provide a secure boot integrity verification system that is protected against future quantum attacks without relying on correctly functioning hardware security modules (HSMs) for the expected lifetime of the computer system or embedded device.