Abstract: A system for remotely verifying physical security keys and a method thereof are provided. The system includes a physical key, a control device, and a controlled platform. The control device is electrically connected to the physical key. The controlled platform is linked to the control device via digital transmission. The control device sends a verification application message to an application service program linked to the controlled platform through the digital transmission; according to the verification application message, the controlled platform responds to the control device via the digital transmission with a challenge value signing procedure to request a signature; according to the challenge value signature procedure, the control device performs a signature procedure on the physical key to complete verification. In this way, the physical key is remotely authenticated by the control device to achieve the purpose of improving information security.

Abstract: BIOS setup service method, computer device and non-transitory computer-readable storage medium are provided. The BIOS setup service method includes: receiving a natural language inquiry from a user; providing the natural language inquiry and system configuration information related to the computer device to an artificial intelligence engine, so that the artificial intelligence engine generates a response output according to the natural language inquiry and the system configuration information; receiving the response output from the artificial intelligence engine, the response output including a natural language response field; and providing the user with a natural language response in the natural language response field.

Abstract: A system for remotely verifying physical security keys and a method thereof are provided. The system includes a physical key, a control device, and a controlled platform. The control device is electrically connected to the physical key. The controlled platform is linked to the control device via digital transmission. The control device sends a verification application message to an application service program linked to the controlled platform through the digital transmission; according to the verification application message, the controlled platform responds to the control device via the digital transmission with a challenge value signing procedure to request a signature; according to the challenge value signature procedure, the control device performs a signature procedure on the physical key to complete verification. In this way, the physical key is remotely authenticated by the control device to achieve the purpose of improving information security.

Abstract: Systems and methods for performing security event mitigation with firmware are discussed. A firmware-based security event framework receives notifications of security events occurring in a firmware-controlled operating environment on a computing platform, logs information related to the event and optionally performs mitigation operations to address the security event.

Abstract: A system for remotely verifying physical security keys and a method thereof are provided. The system includes a physical key, a control device, and a controlled platform. The control device is electrically connected to the physical key. The controlled platform is linked to the control device via digital transmission. The control device sends a verification application message to an application service program linked to the controlled platform through the digital transmission; according to the verification application message, the controlled platform responds to the control device via the digital transmission with a challenge value signing procedure to request a signature; according to the challenge value signature procedure, the control device performs a signature procedure on the physical key to complete verification. In this way, the physical key is remotely authenticated by the control device to achieve the purpose of improving information security.

Abstract: Systems and methods for performing flash updates during runtime are discussed. More particularly, the amount of secure memory required to prevent tampering during the update process is limited by storing hashes of logical blocks of the update image in secure memory after initial validation while storing the update image in non-secure RAM or another non-secure memory location. Additionally, disruptions to the computing platform are limited by dividing the logical blocks into smaller progress units to minimize the amount of time spent in the secure operating environment performing the update.

Abstract: A mechanism for securing a series of related function calls for firmware services using session tokens is discussed.

Abstract: Systems and methods for securing firmware function calls are discussed. More particularly, mechanisms for reducing the chance of tampering and information disclosure attacks against firmware function calls implemented in SMM/MM are described. Data may be passed to and from a calling entity to platform firmware via a communication channel where both the data and the means of decrypting the data are protected from potential snooping OS applications, drivers or DMA-enabled hardware devices.

Abstract: A technique for sharing an application between devices is discussed. Embodiments of the present invention transmit information about an application from a source computing device to a target computing device. An application sharing service on the target computing device then automatically searches the target computing device for a resident corresponding application or its equivalent and if a corresponding application is not found, searches an application store or repository for the corresponding application. If the application or its equivalent is found in the application store or repository, a user may be prompted to download the application or the application may be downloaded automatically. If the corresponding application was found on the target computing device originally, a check may be performed to determine if the most recent update is installed and, if the most recent version is not installed, it may be downloaded from the application store.

Abstract: A secure computing platform and method for securely enabling inserted or replacement hardware devices during boot of a computing platform are discussed. More particularly, an authorized list holding identifying information associated with approved insertable or replaceable hardware devices is maintained in non-volatile storage and checked by the firmware during a platform boot sequence against identifying information provided by the inserted or replacement hardware devices. Only devices whose information matches the stored authorized list information are enabled.

Abstract: Systems and methods for performing security event mitigation with firmware are discussed. A firmware-based security event framework receives notifications of security events occurring in a firmware-controlled operating environment on a computing platform, logs information related to the event and optionally performs mitigation operations to address the security event.

Abstract: A method securely executing an extensible firmware application is performed by a computer apparatus. The computer apparatus includes a firmware volume and a boot loader. The firmware volume includes a firmware application module to be executed, has passed a security check, and is attached with a secure encryption signature. The boot loader is attached with a first valid digital signature, and is verifiable by a secure boot certificate signature database of the computer apparatus. When the firmware application module is executed, the boot loader or the secure boot certificate signature database of the computer apparatus first verifies a secure encryption signature of the firmware volume, and the boot loader then loads the firmware application module to a buffer memory for further reading and execution, such that execution of the firmware application module is allowed and is executed securely in a secure boot mode under supervision of the boot loader.

Abstract: A firmware-based system and method for detecting an indicator of an override condition during a Unified Extensible Firmware Interface (UEFI) Secure Boot sequence. The indicator of the override condition may be detected based upon the pressing of a specialized button, designated key or keys or other received input that indicates both physical presence of the user and the desire, on the current boot, to bypass UEFI Secure Boot. An embodiment may work for only a single boot, not require access into a setup application, and may be accessed by externally accessible features of the computer system.

Abstract: Mechanisms for providing enhanced system performance and reliability on multi-core computing devices are discussed. Embodiments use modified hardware and/or software so that when a System Management Interrupt (SMI #) is generated, only a single targeted CPU core enters System Management Mode (SMM) in response to the SMI while the remaining CPU cores continue operating in normal mode. Further, a multi-threaded SMM environment and mutual exclusion objects (mutexes) may allow guarding of key hardware resources and software data structures to enable individual CPU cores among the remaining CPU cores to subsequently also enter SMM in response to a different SMI while the originally selected CPU core is still in SMM.

Abstract: A system and method for boot speed optimization is discussed. Uncompressed copies of UEFI firmware volumes and OS boot loader files stored on a portion of an NVDIMM are used during a boot sequence in a computing platform. The cached copies on the NVDIMM are used during the boot sequence after a successful validation check is performed to provide faster boots of the computing platform.

Abstract: A system and method for dynamically sizing system memory for a computing device using firmware and NVDIMMs is discussed. Additionally techniques for allocating between system memory and non-volatile storage on one or more NVDIMMs are discussed.

Abstract: A system and method for sending RESTful commands to UEFI firmware using UEFI variable services is discussed. Processed RESTful commands return data in a RESTful format.

Abstract: A system and method for performing sleep state enhancements in a computing device using firmware and NVDIMMs that include DRAM and flash memory is discussed. The flash-backed DRAM covers all of platform memory. All writes to DRAM during system operation are propagated to the flash. Sleep state requests trigger a System Management Interrupt and a firmware a SMI handler handles the sleep state request so as to enable power savings during the sleep state and facilitate faster resume times when exiting the sleep state.

Abstract: A system and method for updating firmware data on a computing platform in response to a firmware update request received in the form of a signed capsule file received via a runtime service is discussed. The firmware update request may be a request to update UEFI firmware and be received using the UpdateCapsule runtime service. The firmware data may include data associated with UEFI protected variables, SMBIOS data, logo data, microcode update data and pre-operating system security policy data.

Abstract: A technique for improving application window displays in a multi-window graphical user interface in a touch-based computing device is discussed. By selecting an application window or corresponding thumbnail icon in a multi-window graphical user interface using a finger touch and dragging the application window or icon to an edge of the screen indicated by another finger, the edge of the selected application window may be automatically aligned with respect to that screen edge. Additionally, already open application windows may be automatically re-sized and re-positioned to accommodate the newly re-sized application window.