Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.

Abstract: Techniques are disclosed relating to securely booting a computer system. In some embodiments, a bootloader initiates a boot sequence to load an operating system of the computing device and detects firmware of a peripheral device to be executed during the boot process to initialize the peripheral device for use by the computing device. In response to the detecting, the bootloader instantiates a sandbox that isolates the firmware from the bootloader. In various embodiments, the firmware is loaded from an option read-only memory (OROM) included the peripheral device and executed during the boot sequence to initialize the peripheral device. In some embodiments, the bootloader assigns one or more memory address ranges to the firmware, and the sandbox restricts the firmware from accessing memory addresses that are not included in the assigned one or more address ranges.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: According to one embodiment, computer system is disclosed. The computer system includes a central processing unit (CPU) to simultaneously operate a trusted environment and an untrusted environment and a chipset coupled to the CPU. The chipset includes an interface to couple to a management agent, and protected registers having a bit to indicate if the management agent is provided access to resources within the trusted environment.

Abstract: A method, apparatus, and system enable sequestered partitions on a device. A scheduler may allocate resources to each of the sequestered partitions and dynamically reallocate the resources from one partition to another, as necessary. In one embodiment, the scheduler may dedicate resources to an operating system in a first partition and dedicate resources to a digital video recorder in a second partition. Additionally, the scheduler may reallocate resources to the second partition in response to the resource requirements of the digital video recorder.

Abstract: A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: Embodiments described herein disclose the use of a compiler pre-processing component for the optimization of a firmware image so that it can be made to take up less space in a memory device without the use of compression. Embodiments identify repeated modules or common components across previously separate binary firmware modules within a body of software and automatically and seamlessly merge the content of these modules so they occupy less space in their binary form. The overhead footprint of the binary is reduced without modifying the pre-existing source code defining the individual components. In general, the resulting space savings is additive to the savings provided by existing compression savings techniques.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system; and perform at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: Provided are a method, system and program for effecting a processor operating mode change to execute device code. A processor receives a call while the processor is operating in a first mode, wherein the call is made to effect execution of device code to control a device. The processor determines whether the call is intended to change a processor operating mode from the first mode to a second mode. The state of the processor is selectively changed to a second mode in which the processor executes second mode instructions loaded in a protected section of memory inaccessible to an operating system in response to determining that the call is intended to change the processor operating mode. The second mode instructions execute the device code to control the device.

Abstract: Methods and architectures for performing hardware error handling using coordinated operating system (OS) and firmware services. In one aspect, a firmware interface is provided to enable an OS to access firmware error-handling services. Such services enable the OS to access error data concerning platform hardware errors that may not be directed accessed via a platform processor or through other conventional approaches. Techniques are also disclosed for intercepting the processing of hardware error events and directing control to firmware error-handling services prior to attempting to service the error using OS-based services. The firmware services may correct hardware errors and/or log error data that may be later accessed by the OS or provided to a remote management server using an out-of-band communication channel. In accordance with another aspect, the firmware intercept and services may be performed in a manner that is transparent to the OS.

Abstract: Methods and apparatus for remotely managing a computer are disclosed. For example, a remote management agent is provided for use in a computer having a processor. The example remote management agent includes a communication agent in communication with the controller to contact a server before an operating system is loaded on the computer to obtain an initialization packet from a server and an initialization packet loader in communication with the controller to load the initialization packet in a protected memory area of the computer, before the operating system is loaded. The remote management agent also includes a monitoring agent, not associated with the operating system, in communication with the controller to monitor the computer for a communication from the server and a command line interface agent, also not associated with the operating system and in communication with the controller to interpret and respond to the communication from the server.

Abstract: An embodiment of the present invention is a system and method relating to seamlessly enable enhanced management and scripting of a computer system and its add-in devices. In at least one embodiment, the present invention enables a system administrator or integrator to script a common configuration for multiple devices and then automatically configure the devices using the script. The language construct and central data repository for configuration settings are extended to comprehend a scripting language. A script is read by a script engine during either pre-boot or runtime. The script engine searches a keyword database on the central data repository to determine requested configuration settings. A data offset is corresponding to a specific op-code is used to determine where configuration settings are located, for modification.

Abstract: A temporary memory of a computer system is configured during a boot mode. Page tables are generated for the temporary memory. System memory of the computer system is initialized. Contents of the temporary memory are migrated to the system memory.

Abstract: A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.

Abstract: A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.

Abstract: A keyboard, video, mouse switch may be implemented by software. An agent in a sequestered partition may handle routing of input and output requests for handling by a remote, common, keyboard, video, or mouse used for a plurality of servers.

Abstract: Provided are a method, system, and machine readable medium for using multiple non-volatile memory devices to store data in a computer system. Access to a first and second memory devices are managed. The first memory device has faster read access and slower write access relative to the second memory device and the second memory device has slower read access and faster write access relative to the first memory device. Write requests to the first memory device are cached in the second memory device.