Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) BIOS code. The examples detect whether a change has occurred to the SMM BIOS code based on the monitoring of the expected functionality. The change indicates that the SMM BIOS code is compromised.

Abstract: In some examples, an electronic device receives, while an operating system is running in the electronic device, a request to access a function of a Basic Input/Output System (BIOS), the request containing a web address of the function of the BIOS, and routes, based on the web address of the function of the BIOS, the request through a web-based interface to a domain that includes the function of the BIOS.

Abstract: In some examples, a privileged domain includes a function of a Basic Input/Output System (BIOS). A request to access the function of the BIOS is routed to the privileged domain. The privileged domain determines whether to execute the function based on identifying at least one selected from among a source of the request and a context of the request.

Abstract: Examples relate to verifying network elements. In one example, a computing device may: receive, from a client device, a request for attestation of a back-end network, the request including back-end configuration requirements; obtain, from a network controller that controls the back-end network, a controller configuration that specifies each network element included in the back-end network; provide each network element included in the back-end network with a request for attestation of a network element configuration of the network element; receive, from each network element, response data that specifies the network element configuration of the network element; verify that the response data received from each network element meets the back-end configuration requirements included in the request for attestation of the back-end network; and provide the client device with data verifying that the back-end network meets the back-end configuration requirements.

Abstract: Example implementations relate to non-volatile storage of management data. In example implementations, a system is disclosed, the system including a plurality of computing devices, a management device, and a non-volatile memory including a plurality of management spaces corresponding to the plurality of computing devices. In example implementations, at least one of the plurality of management spaces is to be accessible by the management device and by the corresponding computing device, be inaccessible by computing devices other than the corresponding computing device, and store management data associated with the corresponding computing device.

Abstract: Examples relate to verifying a network configuration. In one example, a computing device may: receive, from a verifier, a request for attestation of a current network configuration of the computing device; identify network configuration rules, each network configuration rule specifying an action to be taken by the computing device in response to receiving a particular type of network traffic; generate, for each network configuration rule, a rule abstraction that represents the network configuration rule; provide data representing each rule abstraction to the trusted component; receive, from the trusted component, response data comprising i) data representing each rule abstraction, and ii) a digital signature; and provide the response data to the verifier as attestation proof of the current network configuration of the computing device.

Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: A secure communication channel is established between a virtual trusted runtime basic input output system (BIOS) and a virtual machine that includes a virtual BIOS. The virtual trusted runtime BIOS communicates with the virtual machine according to a web-based protocol over the secure communication channel using a secure socket layer.

Abstract: To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends.

Abstract: An implementation may include a virtual trusted runtime BIOS managed by the virtual machine monitor. A replacement portion of the virtual trusted runtime BIOS may be included. A router can replace an address to a resource of the virtual trusted runtime BIOS with the address to the resource of the replacement portion of the virtual trusted runtime BIOS.

Abstract: In some examples, an electronic device receives, while an operating system is running in the electronic device, a request to access a function of a Basic Input/Output System (BIOS), the request containing a web address of the function of the BIOS, and routes, based on the web address of the function of the BIOS, the request through a web-based interface to a domain that includes the function of the BIOS.

Abstract: A secure communication channel is established between a virtual trusted runtime basic input output system (BIOS) and a virtual machine that includes a virtual BIOS. The virtual trusted runtime BIOS communicates with the virtual machine according to a web-based protocol over the secure communication channel using a secure socket layer.

Abstract: A web-based interface in an electronic device receives a request to access a function of a Basic Input/Output System.

Abstract: A secure communication channel is established between a virtual trusted runtime basic input output system (BIOS) and a virtual machine that includes a virtual BIOS. The virtual trusted runtime BIOS communicates with the virtual machine according to a web-based protocol over the secure communication channel using a secure socket layer.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: An electronic device for management of cryptographic keys, and a corresponding method implemented in a computing device comprising a physical processor, transmit feature data of the device to a key generation module, wherein the feature data comprises information corresponding to an identifier or an attribute of the device, and receive, by the device from the key generation module, a digital signature of the transmitted feature data. The device installs the received digital signature as a cryptographic private key for communication, and performs a cryptographic operation using the installed digital signature as the cryptographic private key.

Abstract: In one implementation, a security management system accesses a trusted location signature and a candidate location signature to determine that the candidate location signature is correlated with the trusted location signature, and establishes a trusted state of an entity in response to determining that the candidate location signature is correlated with the trusted location signature.

Abstract: The present disclosure relates to an integrated circuit. The integrated circuit includes a memory controller. The integrated circuit includes a first memory coupled to the memory controller. The integrated circuit includes a processor core coupled to the memory controller. The integrated circuit includes a secure core that includes a second memory. The secure core is configured to inspect the first memory and detect a security event.

Abstract: A computing system and a method of communicating with a virtual trusted runtime BIOS. The computing system can include hardware and a virtual machine monitor. A virtual trusted runtime BIOS can be managed by the virtual machine monitor. A communication channel can communicate with the virtual trusted runtime BIOS. The communication channel can be secured by a secure socket layer.