Abstract: A mechanism for securing a series of related function calls for firmware services using session tokens is discussed.

Abstract: Systems and methods for securing firmware function calls are discussed. More particularly, mechanisms for reducing the chance of tampering and information disclosure attacks against firmware function calls implemented in SMM/MM are described. Data may be passed to and from a calling entity to platform firmware via a communication channel where both the data and the means of decrypting the data are protected from potential snooping OS applications, drivers or DMA-enabled hardware devices.

Abstract: A technique for sharing an application between devices is discussed. Embodiments of the present invention transmit information about an application from a source computing device to a target computing device. An application sharing service on the target computing device then automatically searches the target computing device for a resident corresponding application or its equivalent and if a corresponding application is not found, searches an application store or repository for the corresponding application. If the application or its equivalent is found in the application store or repository, a user may be prompted to download the application or the application may be downloaded automatically. If the corresponding application was found on the target computing device originally, a check may be performed to determine if the most recent update is installed and, if the most recent version is not installed, it may be downloaded from the application store.

Abstract: A secure computing platform and method for securely enabling inserted or replacement hardware devices during boot of a computing platform are discussed. More particularly, an authorized list holding identifying information associated with approved insertable or replaceable hardware devices is maintained in non-volatile storage and checked by the firmware during a platform boot sequence against identifying information provided by the inserted or replacement hardware devices. Only devices whose information matches the stored authorized list information are enabled.

Abstract: Systems and methods for performing security event mitigation with firmware are discussed. A firmware-based security event framework receives notifications of security events occurring in a firmware-controlled operating environment on a computing platform, logs information related to the event and optionally performs mitigation operations to address the security event.

Abstract: A method securely executing an extensible firmware application is performed by a computer apparatus. The computer apparatus includes a firmware volume and a boot loader. The firmware volume includes a firmware application module to be executed, has passed a security check, and is attached with a secure encryption signature. The boot loader is attached with a first valid digital signature, and is verifiable by a secure boot certificate signature database of the computer apparatus. When the firmware application module is executed, the boot loader or the secure boot certificate signature database of the computer apparatus first verifies a secure encryption signature of the firmware volume, and the boot loader then loads the firmware application module to a buffer memory for further reading and execution, such that execution of the firmware application module is allowed and is executed securely in a secure boot mode under supervision of the boot loader.

Abstract: A firmware-based system and method for detecting an indicator of an override condition during a Unified Extensible Firmware Interface (UEFI) Secure Boot sequence. The indicator of the override condition may be detected based upon the pressing of a specialized button, designated key or keys or other received input that indicates both physical presence of the user and the desire, on the current boot, to bypass UEFI Secure Boot. An embodiment may work for only a single boot, not require access into a setup application, and may be accessed by externally accessible features of the computer system.

Abstract: Mechanisms for providing enhanced system performance and reliability on multi-core computing devices are discussed. Embodiments use modified hardware and/or software so that when a System Management Interrupt (SMI #) is generated, only a single targeted CPU core enters System Management Mode (SMM) in response to the SMI while the remaining CPU cores continue operating in normal mode. Further, a multi-threaded SMM environment and mutual exclusion objects (mutexes) may allow guarding of key hardware resources and software data structures to enable individual CPU cores among the remaining CPU cores to subsequently also enter SMM in response to a different SMI while the originally selected CPU core is still in SMM.

Abstract: A system and method for boot speed optimization is discussed. Uncompressed copies of UEFI firmware volumes and OS boot loader files stored on a portion of an NVDIMM are used during a boot sequence in a computing platform. The cached copies on the NVDIMM are used during the boot sequence after a successful validation check is performed to provide faster boots of the computing platform.

Abstract: A system and method for dynamically sizing system memory for a computing device using firmware and NVDIMMs is discussed. Additionally techniques for allocating between system memory and non-volatile storage on one or more NVDIMMs are discussed.

Abstract: A system and method for sending RESTful commands to UEFI firmware using UEFI variable services is discussed. Processed RESTful commands return data in a RESTful format.

Abstract: A system and method for performing sleep state enhancements in a computing device using firmware and NVDIMMs that include DRAM and flash memory is discussed. The flash-backed DRAM covers all of platform memory. All writes to DRAM during system operation are propagated to the flash. Sleep state requests trigger a System Management Interrupt and a firmware a SMI handler handles the sleep state request so as to enable power savings during the sleep state and facilitate faster resume times when exiting the sleep state.

Abstract: A system and method for updating firmware data on a computing platform in response to a firmware update request received in the form of a signed capsule file received via a runtime service is discussed. The firmware update request may be a request to update UEFI firmware and be received using the UpdateCapsule runtime service. The firmware data may include data associated with UEFI protected variables, SMBIOS data, logo data, microcode update data and pre-operating system security policy data.

Abstract: A technique for improving application window displays in a multi-window graphical user interface in a touch-based computing device is discussed. By selecting an application window or corresponding thumbnail icon in a multi-window graphical user interface using a finger touch and dragging the application window or icon to an edge of the screen indicated by another finger, the edge of the selected application window may be automatically aligned with respect to that screen edge. Additionally, already open application windows may be automatically re-sized and re-positioned to accommodate the newly re-sized application window.

Abstract: A security management system includes a controlled device to execute a security management method. The controlled device includes a wireless module and a processing module. The processing module communicates with a main controlling device through the wireless module for pairing. When the main controlling device is successfully paired to the controlled device, the processing module executes a security mode. In the security mode, a user directly operates the controlled device. When the controlled device is not successfully paired to the main controlling device, the controlled device cannot execute the security mode, and the controlled device cannot be operated. Therefore, the user only needs to ensure that the main controlling device is nearby; even if the user is at a position distanced from the controlled device, the controlled device may not be operated by others.

Abstract: A technique for managing a Unified Extensible Firmware Interface (UEFI) Basic Input/Output System (BIOS)-controlled computing device from a separate mobile computing device is discussed.

Abstract: A firmware-based technique for using one or more symmetric keys generated from one or more user credentials to decrypt user profile information and authenticate the user before allowing access to firmware-provided services is discussed. Exemplary credential types include user passwords, smart card data, fingerprint sensor data and retinal scan data. The credentials may be verified in a resource-constrained pre-operating system (OS) environment, upon control of the computing device being returned to the firmware by the OS, and/or may enable recovery scenarios executed by the firmware, such as in the case where a password is lost.

Abstract: A scalable method of determining in a firmware environment if the rate of occurrence of a detectable specified type of system event that occurs to a system component or discrete functional unit, has met a criteria with respect to a pre-selected threshold. When the meeting of the threshold criteria is detected, a previously defined action associated with the threshold criteria for the particular event can be invoked by the firmware. Embodiments may establish a sliding time-window that includes a currently detected type of system event and extends back a set duration in the past. Any occurrences of the specified event taking place earlier than the established time-window may be discarded while occurrences of the events during the specified time-window are added together with the newly detected event and compared to a threshold value to see if the threshold criteria has been met.

Abstract: A management method is performed by an electronic device of a management system. When the electronic device determines that a trigger condition is fulfilled, the electronic device loads a set of key commands and executes a predetermined event according to the key commands. The set of key commands is defined by a user to trigger the predetermined event, and provides protection to the electronic device. The management system includes the electronic device and a key device, which are wirelessly connected. If the key device does not execute a device management program, the electronic device executes a security procedure to provide protection to the electronic device.

Abstract: A system and method for dynamically sizing system memory for a computing device using firmware and NVDIMMs is discussed. Additionally techniques for allocating between system memory and non-volatile storage on one or more NVDIMMs are discussed.