Abstract: Example implementations relate to a logical rack controller. In an example, a logical rack controller receives an inventory of a plurality of physical computing racks. The logical rack controller receives a logical rack definition that indicates selected physical infrastructure from among the inventory to form a logical rack. The logical rack controller validates the logical rack definition by verifying network connectivity of the selected physical infrastructure. After validation of the logical rack definition, the logical rack controller provides, to a provisioning controller, an interface to the logical rack. The provisioning controller can utilize the interface to access the logical rack.

Abstract: This disclosure describes systems, devices, and techniques for migrating virtualized resources from outdated hosts during requested reboots of the virtualized resources, in order to update the outdated hosts. In an example method, a pending reboot a virtualized resource occupying a first host can be identified. At least one component of the first host may be determined to be outdated. In response to identifying the pending reboot and determining that the at least one component is outdated, the virtualized resource may be migrated to a second host. The first host may update the at least one component.

Abstract: A method, computer program product, and computer system for maintaining, by a computing device, a plurality of certificates in a credential store using a distributed data source. A certificate of the plurality of certificates may be loaded in an in-memory location from the distributed data source upon startup. A change in at least one certificate of the plurality of certificates may be detected in the distributed data source. The change in the at least one certificate may be loaded from the distributed data source to the in-memory location without requiring a restart of the computing device.

Abstract: An information processing apparatus includes a detector configured to detect tampering with at least one of a plurality of software components to be executed in accordance with a boot instruction, a storage unit configured to store information for enabling or disabling a function of detecting the tampering, and a rebooter configured to reboot the information processing apparatus on the basis of the information stored in the storage unit and on the basis of a time that elapses after receipt of the boot instruction.

Abstract: A technique for generating a customized program logic for booting a target system includes determining the hardware devices operatively connected with the target system. A list of identifiers of the determined hardware devices is sent to a server system. The server system selects from a set of drivers for each of the device identifiers in the list at least one driver operable to control the identified device to generate a sub-set of said set of drivers. The server system retrieves a core program logic being free of any drivers of the target system and sends the core program logic and the driver sub-set to the target system. The target system creates the customized program logic using the combination of the core program logic and the driver sub-set.

Abstract: One embodiment provides a method, including: receiving, at an information handling device and in a pre-operating system (OS) environment, an indication to run a diagnostic application; conducting, using the diagnostic application, a diagnostic scan on one or more of the information handling device components; and generating, based on the diagnostic scan, a results report. Other aspects are described and claimed.

Abstract: After a terminal receives any piece of control information sent by a management server, if the control information is used to indicate that a foreground operating system of the terminal is a target operating system, the terminal is controlled according to a control instruction carried in the control information. When the foreground operating system of the terminal is not the target operating system, the terminal does not control the terminal according to the control instruction. In addition, the terminal may store a correspondence between a system identifier of the target operating system and the control instruction, so that after the foreground operating system of the terminal is changed to the target operating system, the terminal may further obtain the control instruction based on the correspondence and control the terminal according to the control instruction.

Abstract: Provided is a system that controls at least one sound signal output device to emit at least one sound signal in at least one chosen area of a premises. This sound signal represents location-specific usage information of at least one electronic device and is intended to induce a control of a usage of this electronic device based on this location-specific usage information.

Abstract: Techniques to facilitate the provision of server-management microservices for baseboard management controllers from a storehouse of such microservices are described herein. A technique described herein includes a server-management microservice storehouse obtaining a request for a server-management microservice for a baseboard management controller (BMC) of a server of a communications network. Further, the storehouse delivers the microservice to the BMC over the communication network. The server-management microservice is a modularized application that interacts with the operating system of the BMC while the microservice executes on the BMC, and the server-management microservice cause management of operations of the server or monitoring of the status of the server.

Abstract: This invention presents methods to utilize more regions for tasks than the number of slots in a memory protection unit and to efficiently distribute regions between multiple tasks within a partition.

Abstract: Embodiments of this application provide a system recovery method and an apparatus and relate to the field of communications technologies, so as to more smoothly guide a user in implementing system recovery of an electronic device. The method is applied to an electronic device, comprising: obtaining a quantity of abnormal shutdowns of the electronic device at a BIOS boot stage of the electronic device; if the quantity of abnormal shutdowns of the electronic device is greater than or equal to a preset threshold, displaying a first interface, where the first interface includes a first system recovery mechanism option; and receiving a selection operation on the first system recovery mechanism option, and running a first system recovery mechanism in response to the selection operation on the first system recovery mechanism option.

Abstract: Accordingly the embodiments herein provide a method for managing scheduling of services during a boot-up process in an electronic device including a multi-core processor. The method includes determining a plurality of services initiated during the boot-up process of the electronic device. Further, the method includes registering system parameters associated with the electronic device for each one of the determined services. Further, the method includes determining whether the service is critical or non-critical for the boot-up process. Further, the method includes tagging a label data to each one of the determined services, wherein the label data represents whether the service is critical or non-critical. Further, the method includes clustering each of the services into one of an accelerating cluster and a decelerating cluster based on the registered system parameters associated with the electronic device and the tagged label data.

Abstract: An on-board vehicle computer system receives a software update package from a remote computer system via a wireless communication network. The update package includes a software update for an updatable electronic component (e.g., an ECU) of the vehicle. Prior to installing the update, the vehicle computer system may check for a valid backup software version in a storage medium in the vehicle computer system to facilitate reversion to a previous software version in the event of an error during installation of the update. Installation of the update may be delayed until a compatible backup software version is obtained. After installation of the update, the system stores the update in the storage medium as the current backup software version for the updatable electronic component. This facilitates roll-back to a functional state in the event of an error during a future update.

Abstract: The present invention discloses an electronic apparatus having secure boot mechanism. The processing circuit executes steps outlined below. Operation-related data is stored in the storage circuit under a normal operation mode. The operation related data is stored in a host terminal. A first hash value is calculated according to the operation related data and is stored in a non-power-off area. A power of the non-power-off area is maintained to be turned on and a power of a power-off area is turned off under a lower power operation mode. The power is restored when the normal operation mode is restored and the operation related data is retrieved from the host terminal to calculate a second hash value. The first and the second hash values are compared such that the operation related data is determined to be valid and the electronic apparatus operates according to the operation related data when the first and the second hash values are matched.

Abstract: A method, computer program product, and a system where a secure interface control determines whether an instance of a secure guest image can execute based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest of an owner and managed by the hypervisor that includes control(s) that indicates whether the hypervisor is permitted to execute an instance of a secure guest generated with the image in the computing system based on system setting(s) in the computing system. The SC intercepts a command by the hypervisor to initiate the instance. The SC determines the presence or the absence of system setting(s) in the computing system. The SC determines if the hypervisor is permitted to execute the instance. If so, the SC enables initiation of the instance by the hypervisor. If not, the SC ignores the command.

Abstract: A system for providing services for microservices applications is described herein. In an embodiment, a system comprises a plurality of container environments, each of which comprising a host node. A virtual fabric edge instance executes on each host node. The host nodes are interconnected through a plurality of switches. A fabric controller manages the plurality of switches and implements policies through the virtual fabric edge instances executing on each host node. The fabric controller additionally provides services for the application instances through the virtual fabric edge instances by routing traffic, data, queries from an application or proxy instance to another application or proxy instance in the container environment through the virtual fabric edge instances.

Abstract: An information handling system may include a processor, a smart network interface card communicatively coupled to the processor, a basic input/output system configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, and a management controller configured for out-of-band management of the information handling system. The management controller may further configured to communicate information regarding the smart network interface card to a provisioning server, receive parameters from the provisioning server for a network-based boot of the smart network interface card, and communicate the parameters to the smart network interface card to enable the smart network interface card to boot from an image stored at the provisioning server.

Abstract: A method and system for testing a software application includes receiving and storing a software application for execution in a memory associated with a processor, detecting a first trigger event corresponding to the software application, and attempting to load a disposable code in the memory in response to detecting the trigger event. The method further includes, if the disposable code is successfully loaded in the memory, by the processor: executing the software application to pass a reference to the software application into the disposable code, and executing the disposable code to create an interface between the software application and one or more testing tools. The interface is configured to intercept communications to and from the software application during an execution of the software application.

Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.

Abstract: Methods and systems for monitoring, by a baseboard management controller, a network interface of an information handling system, identifying one or more management information exchanges between the information handling system and a plurality of information handling systems, identifying one or more telemetry metrics associated with the one or more management information exchanges on a hardware level, storing the one or more telemetry metrics into a telemetry metrics database of the information handling system, transmitting a telemetry metrics report including the one or more telemetry metrics to a service provider for analysis, analyzing, by the service provider, the telemetry metrics report to indicate a percent usage of an overall usage capacity associated with each device of a plurality of devices of the information handling system, and transmitting a usage report to each of the plurality of information handling systems based on the analysis of the telemetry metrics report.

Abstract: Device, system, and method of policy enforcement for rich execution environment. An electronic device includes a Trusted Execution Environment (TEE), a Rich Execution Environment (REE), and a hardware-based secure sub-system which includes a cryptographic engine. The REE includes a cryptographic driver configured to initiate a request for TEE authorization to perform a particular cryptographic operation by the cryptographic engine on a data-item that is stored in a memory region that is accessible by the REE. The TEE includes a policies manager to determine whether the request from the REE is approved or rejected, and if approved, to inject data-items into the secure sub-system to enable performance of the requested cryptographic operation by the cryptographic engine.

Abstract: One example method includes moving a volume from a source server to a target server. In one example, the volume is moved and the need to copy the source data is eliminated. The volume to be moved is selected and metadata associated with the save sets stored on the volume is exported to a volume bootstrap, which is also stored on the selected volume. The volume is mounted or attached to the target server and the metadata is imported from the volume bootstrap. The volume is made read/write and is moved from the source server to the target server.

Abstract: Novel tools and techniques are provided for implementing intent-based disaggregated and distributed composable infrastructure. In some embodiments, a computing system might receive, over a network, a request for network services from a customer, the request comprising desired characteristics and performance parameters, without specific information regarding any of hardware, hardware type, location, or network for providing the requested services.

Abstract: An accelerator loading apparatus obtains an acceleration requirement, where the acceleration requirement includes an acceleration function of a to-be-created virtual machine and acceleration performance of the to-be-created virtual machine. The accelerator loading apparatus determines a target accelerator that meets the acceleration function of the to-be-created virtual machine and the acceleration performance of the to-be-created virtual machine. The accelerator loading apparatus determines an image corresponding to the target accelerator, and sends an image loading command to a target host in which the target accelerator is located, where the image loading command is used to enable the target host to load the image for the target accelerator based on the image loading command.

Abstract: Techniques described herein relate to automatically generating standard network device configurations. In one example, one or more groups of network device configuration blocks may be obtained. An analysis of the one or more groups of network device configuration blocks may be performed, including identifying respective frequencies associated with respective network device configuration blocks of the one or more groups of network device configuration blocks. Based on the respective frequencies, one or more network device configuration blocks of the one or more groups of network device configuration blocks may be automatically aggregated into a standard network device configuration.

Abstract: A fire and security system includes a control panel and one or more connected device. The control panel is in signal communication with a data control loop. The connected device is in signal communication with the at least one control panel via the at least one data control loop. The connected device includes a memory unit having a free memory area that stores first data and an active memory area that stores second data different from the first data. In response to operating the connected device according to the second data, the at least one connected device receives updated data delivered by the at least one of the control panel over the data control loop, and replaces the first data stored in the free memory data with the updated data.

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: The present disclosure in some embodiments provides a security system using both key management service (KMS) and a hardware security module (HSM), and a method of operating the security system. At least one embodiment provides a security system including an HSM, a bootstrapping enclave, and one or more KMS enclaves. The HSM is configured to generate, replace or remove a root key, the HSM being physically independent. The bootstrapping enclave is configured to receive the root key from the HSM. The one or more KMSs are configured to perform an attestation procedure with the bootstrapping enclave, to receive the root key from the bootstrapping enclave, and to utilize the root key for establishing a secure channel with the HSM.

Abstract: An auxiliary storage device independently has protection and monitoring functions so as to respond to an attempt to take control of a system by a malicious code, and minimize damage to the system. The auxiliary storage device includes a CPU which performs a function to perform protection and monitoring functions independently of an external computing unit; and a storage medium unit. The storage medium unit is divided into a user area in which an OS of a computing unit is stored and the writing and reading to the computing unit is possible at any time, and a recovery area in which a duplicated copy of the OS of the computing unit is stored and the writing and reading of the computing unit is determined according to a selection mode of a mode selection switch. An application device including the auxiliary memory is provided.

Abstract: An information processing apparatus according to one aspect of the present invention includes a main body and an operation device. The operation device executes an operating system (OS) and a program task operating independently of the OS. The program task is configured to start up earlier than the OS and to perform a part of a start up process required for starting up the operation device. When the main body and the operation device are started, the operation device starts executing the program task in addition to starting execution of the OS. In response to a completion of performing the part of the start up process, the program task transmits a ready state notification to the main body.

Abstract: A system to facilitate operating system (OS) installation is described. The system includes a server and rack controller, including one or more processors to generate an imaging service comprising an OS image container, transmit data via a first network to initiate a boot up process at a server and download an OS image included in the OS image container via a second network, wherein the second network is separate from the first network.

Abstract: A removable device and method for automatically booting a computer running a standard operating system (OS) into an alternative OS. The method comprises a user inserting the removable device into the computer, and the user launching an application stored on the removable device for booting guidance. The user directs the application to boot the computer into the alternative OS, whereupon the application determines a first booting technique to be used on the computer and configures the computer accordingly. The application restarts the computer in an attempt to boot into the alternative OS. If booting the alternative OS fails, the computer boots back into the standard OS, whereupon the application determines a next best booting technique and configures the computer accordingly. This process continues until the alternative OS is successfully booted, or, failing that, the user is given manual booting direction.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. For example, the processing chip includes one or more CPUs and circuitry enabling the CPUs to securely boot from an external, non-volatile memory chip containing encrypted, executable code. The circuitry comprises immutable hardware to hold the CPUs in a reset state while performing a serial presence detect on external interfaces of the processing chip and generating an address map according to results of the serial presence detect. In response to an initial instruction fetch of an initial one of the CPUs, the circuitry is able to return one or more instructions via the address map associating an address of the initial instruction fetch with one of the external memory chips.

Abstract: An apparatus for LAN booting environment-based file security and centralization, a method therefor, and a computer-readable recording medium recorded with a program for performing the method are proposed. The apparatus can include a central server including a storage module for storing a plurality of operating system images; a communication module for communicating with a user device; and a LAN booting management module configured to, when receiving a LAN booting start request message from the user device through the communication module, select an operating system image that can be used in the user device among the plurality of operating systems according to user device information, and transmit the selected operating system image, a user apparatus corresponding to the same, a method for LAN booting environment-based file security and centralization of these devices, and a computer-readable recording medium recorded with a program for performing the method.

Abstract: A non-transitory computer-readable storage medium may comprise instructions for determining health statuses of multiple virtual machine templates stored thereon. When executed by at least one processor, the instructions may be configured to cause a health status server to at least run multiple scripts against multiple virtual machines, each of the multiple virtual machines being generated from one of the multiple virtual machine templates, and generate, for each of the multiple virtual machines, an output report indicating success or failure for each of the multiple scripts.

Abstract: An information processing apparatus includes a control unit, a storage unit configured to store a program to be executed by the control unit, a verification unit configured to read the program from the storage unit and to verify the read program, and a light-emitting unit configured to be changed to a predetermined light-emitting state or to be changed from the predetermined light-emitting state based on a result of the verification of the program by the verification unit.

Abstract: An interface is provided to update a firmware of a persistent memory module at runtime without restarting an operating system on the platform. The operating system initiates the firmware update by triggering a sleep state or by entering a soft reboot. The interface is capable of preserving the state of the platform for all memory modes that support volatile memory regions, persistent memory regions, or both, and reducing or eliminating the demand for access to memory during the firmware update. The persistent memory module is capable of updating the firmware responsive to a platform instruction generated using the interface, including preserving operational states for memory devices in all memory regions, including memory devices in volatile and persistent memory regions.

Abstract: System and method for supporting node role attributes in a high performance computing environment. In accordance with an embodiment, a node role attribute can comprise a vendor defined subnet management attribute. When a subnet manager attempts to discover a high performance computing environment, such as an InfiniBand subnet, or a switch topology, identifying a topology is quite complex when subnet manager can only observe connectivity, without context behind the connectivity (the roles of the different nodes in the connectivity). However, when a subnet has a node role attribute enabled, the subnet manager can map the interconnect more effectively as it can discover not only the connectivity during the initial sweep, but it can also discover the role of each node discovered, thus leading to a more efficient interconnect discovery.

Abstract: A system on chip (SOC) is provided. The system on chip includes a non-volatile memory, an exception detector, and a processor. The non-volatile memory stores a first bootset in a first region, the first bootset including a booting operation bootloader for a first booting operation and stores a second bootset in a second region that is different from the first region. The exception detector is activated after execution of an initialization bootloader, detects an exception occurrence in the system on chip, and generates a reset signal in response to the exception occurrence that is detected. The processor performs a second booting operation by using the second bootset in response to the reset signal received from the exception detector during the first booting operation performed by using the first bootset.

Abstract: Cloud computing techniques utilizing distributed application execution are disclosed herein. One example technique includes receiving a command to launch an application, and in response, determining an execution location corresponding to a type of data consumed by individual components of the application. Upon determining that one of the components is to be executed in a local computing facility, the example technique includes transmitting, from a cloud computing facility to the local computing facility, a request to execute the one of the components in the local computing facility instead of the cloud computing facility. Upon being authorized by the local computing facility, data is requested and received from the one of the components executed at the local computing facility without having direct access from the cloud computing facility to a data source at the local computing facility.

Abstract: The invention discloses a secure boot method for a terminal device, a terminal device and a medium, relates to the technical field of secure boot, and is used for solving a problem of low system boot security caused by lack of protection for system boot in the related art. The terminal device includes a first processor, a second processor and a shared memory. The method includes: acquiring, by the first processor, an SPL image file; acquiring, by the first processor and the second processor, a third duration and starting timing synchronously; in a case that the third duration expires, transmitting, by the first processor, the SPL image file to the second processor via the shared memory; and booting, by the first processor and/or the second processor, a system of the terminal device cooperatively based on the SPL image file received by the second processor.

Abstract: Provided are a resource sharing method, device and system. The method includes: establishing, by a cloud desktop system based on a virtual desktop infrastructure (VDI), links with multiple terminals; and acquiring, by the cloud desktop system, resources of the multiple terminals through the links, and sharing the acquired resources to the multiple terminals.

Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.

Abstract: A method, computer program product, and a system where a secure interface control determines functionality of a secure guest based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest to be started by an owner and managed by the hypervisor, where the metadata comprises control(s) that indicate whether a secure guest generated with the image is permitted to obtain a response to a particular request. The SC intercepts, from the secure guest generated with the image, during runtime, a request. The SC determines, based on the control(s), if the secure guest is permitted to obtain a response to the request. If permitted, the SC commences fulfillment of the request, within the computing system. If not permitted, the SC ignores the request.

Abstract: A computer apparatus is provided, which includes a plurality of peripheral apparatuses, a non-volatile memory, a processor, and an authority-control circuit. The memory unit stores a plurality of boot codes and setting values of a function set of the peripheral apparatuses corresponding to each boot code, wherein the boot codes form a chain of trust. In response to the execution of a current boot code being completed, the authority-control circuit sets the setting values of the functions in a second function set corresponding to a next boot code in the chain of trust, sends an authority-control signal to control the peripheral apparatuses corresponding to the second function set according to the setting values of the functions in the second function set, and sets a boot flag corresponding to the next boot code in the authority-control circuit to control the processor to execute the next boot code.

Abstract: Identity information processing method and apparatus are disclosed. The method includes: obtaining customized information of a user process on an integrated chip; determining a target operational firmware preloaded on a reconfigurable chip according to the customized information; generating first process identity information used for verifying the user process based on the target operational firmware and a fixed operational firmware of a non-reconfigurable chip; and providing the first process identity information to a privacy certificate issuing authority for performing firmware legitimacy verification of an operational firmware to determine that an identity of the user process is legitimate according to a result of the firmware legitimacy verification.

Abstract: An information handling system may include a processor and a basic input/output system (BIOS) comprising a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may be further configured to, during a boot of the information handling system, determine whether a BIOS configuration change has been made during a current boot session of the information handling system, and responsive to determining that a BIOS configuration change has been made during the current boot session, store an indication of the BIOS configuration change to a non-volatile memory.

Abstract: Various embodiments relating to an electronic device are described, and according to an embodiment, the electronic device may comprise a communication module which performs wireless communication; at least one processor which is electrically connected to the communication module; and a memory which stores instructions which cause at least one processor to receive or transmit data via communication with an external electronic device using the communication module on the basis of a first operating system and to process the received data or data to be transmitted to the external electronic device using a designated key on the basis of a second operating system, at the time of execution thereof.

Abstract: A method of creating a new page table structure after first stage boot operations has completed but before handoff to a hypervisor occurs. Firmware page tables are reused and copied to a region of memory by a first-stage bootloader while the firmware is running, processed to have an expected multi-stage page table structure and desired access rights, and copied again to another region of memory by the first-stage bootloader after the first-stage bootloader has completed its booting operations and after the firmware has been quiesced.

Abstract: An information handling system may include an embedded controller, a serial peripheral interface (SPI) read-only memory (ROM) device to store a first basic input/output system (BIOS) firmware for the information handling system, and a non-volatile memory device includes a boot partition to store a second BIOS firmware. The embedded controller detects a failure during a boot process, switches a first SPI of a chipset from the SPI ROM to the embedded controller and executes the second BIOS firmware from the non-volatile memory device via a sideband access of the non-volatile memory device.