Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

Abstract: In some examples, a computing device includes memory including system memory, and a processor in electronic communication with the memory. In some examples, the processor receives a system management interrupt. In some examples, the processor identifies trigger code that triggered the system management interrupt. In some examples, the processor executes code from the system memory when the trigger code is a virtualization program.

Abstract: A computer system includes an independent compute core; and an isolated secure data storage device to store data accessible only to the independent compute core. The independent compute core is to open an Application Program Interface (API) during runtime of the computer system in response to receiving a verified message containing secure data to be written to the secure data storage device.

Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

Abstract: A method of protecting basic input/output system (BIOS) code. The method includes, with a relocation information tool executed by a processor, refactoring a number of data sections within a number of handlers of the BIOS code to tag a number of variables within the handlers. The tags indicate which of the variables should be protected at runtime. The method further includes generating a relocation file comprising a number of relocation addresses identifying locations of a number of dynamic variables that change at runtime. The relocation addresses point to a location within the handlers different from an original location. The method further includes, with a loader, loading at runtime the relocation file as part of a BIOS firmware image and adjusting data access to the dynamic variables in handler code to identify the location of the dynamic variables based on the relocation file.

Abstract: According to one example for verifying firmware module execution privilege, a firmware is booted on a processor. At least one firmware module in the firmware marked as a test module is identified, and verification with a production public key of metadata associated with the firmware is attempted. In an example, in the event that the metadata verifies successfully with the production public key, the firmware boot is halted when the processor determines that access to a video interface is available, and a user is alerted that a test module has attempted execution in a production firmware.

Abstract: Example implementations relate to key revocation. For example, a system for key revocation may comprise a processor, an embedded controller, a non-volatile memory storing a system instruction signing key authorization data element, wherein the data element includes a system instruction signing key, a signing key number and a signature. The embedded controller may include a plurality of keys to verify the data element, and a one-time programmable (OTP) memory and a key among the plurality of keys that is revocable using the OTP memory, wherein revocation of the key permanently prevents the embedded controller from utilizing the key.

Abstract: A computer system includes an independent compute core; and an isolated secure data storage device to store data accessible only to the independent compute core. The independent compute core is to open an Application Program Interface (API) during runtime of the computer system in response to receiving a verified message containing secure data to be written to the secure data storage device.

Abstract: A method of protecting basic input/output system (BIOS) code. The method includes, with a relocation information tool executed by a processor, refactoring a number of data sections within a number of handlers of the BIOS code to tag a number of variables within the handlers. The tags indicate which of the variables should be protected at runtime. The method further includes generating a relocation file comprising a number of relocation addresses identifying locations of a number of dynamic variables that change at runtime. The relocation addresses point to a location within the handlers different from an original location. The method further includes, with a loader, loading at runtime the relocation file as part of a BIOS firmware image and adjusting data access to the dynamic variables in handler code to identify the location of the dynamic variables based on the relocation file.

Abstract: According to one example for verifying firmware module execution privilege, a firmware is booted on a processor. At least one firmware module in the firmware marked as a twit module is identified, and verification with a production public key of metadata associated with the firmware is attempted. In an example, in the event that the metadata verifies successfully with the production public key, the firmware boot is halted when the processor determines that access to a video interface is available, and a user is alerted dial a test module has attempted execution in n production firmware.

Abstract: Example implementations relate to system management mode (SMM) test operations. For example, a system for SMM test operations may include a test mode initiation engine to reboot a computing device, and load an interface firmware engine into system management random access memory (SMRAM) associated with the computing device in response to the reboot, wherein the interface firmware engine includes a production interface firmware engine to perform the test operation on a known address space of the page of SMRAM. The system may include a test operation engine to cause the computing system to operate in a testing mode, wherein the testing mode includes operating the computing system in system management mode (SMM), in response to a test command, and perform a test operation on a page of system management random access memory (SMRAM) associated with the computing device when the computing device is operating in SMM.

Abstract: Example implementations relate to key revocation. For example, a system for key revocation may comprise a processor, an embedded controller, a non-volatile memory storing a system instruction signing key authorization data element, wherein the data element includes a system instruction signing key, a signing key number and a signature. The embedded controller may include a plurality of keys to verify the data element, and a one-time programmable (OTP) memory and a key among the plurality of keys that is revocable using the OTP memory, wherein revocation of the key permanently prevents the embedded controller from utilizing the key.

Abstract: A computer protection system comprises a mobile detection module adapted to detect at least one event indicating a likelihood of movement of a computer and, in response to detecting the at least one event, automatically place a drive device of the computer in a suspend state.

Abstract: Example embodiments disclosed herein relate to a computing system including a controller hub to control system sleep states, and an embedded controller including an internal timer. The embedded controller is to remove power from the controller hub when the system enters a sleep state and to enable power to the controller hub prior to the system wake time. The internal timer is to determine when to enable power to the controller hub. Example methods and machine-readable storage media are also disclosed.

Abstract: Example embodiments disclosed herein relate to a computing system including a controller hub to control system sleep states, and an embedded controller including an internal timer. The embedded controller is to remove power from the controller hub when the system enters a sleep state and to enable power to the controller hub prior to the system wake time, The internal timer is to determine when to enable power to the controller hub. Example methods and machine-readable storage media are also disclosed.

Abstract: One embodiment is a computer device that uses a timer to limit a quantity of changes to different power states that are performed on a processor in the computer device during a predetermined time period. The power states changes each have different operating frequencies for the processor.

Abstract: A low latency event communication system comprises a computer system having an Advanced Configuration and Power Interface (ACPI) namespace table with a Peripheral Component Interconnect (PCI) branch and a non-PCI device described in the PCI branch to enable the non-PCI device to be assigned a PCI resource.

Abstract: A low latency event communication system comprises a computer system having an Advanced Configuration and Power Interface (ACPI) namespace table with a Peripheral Component Interconnect (PCI) branch and a non-PCI device described in the PCI branch to enable the non-PCI device to be assigned a PCI resource.

Abstract: A computer device power management system comprises a controller configured to throttle a processor of a computer device responsive to an overcurrent condition associated with a power source powering the computer device, the controller configured to adjust a power state of the processor to at least one of a plurality of predetermined power states based on a level of the throttle.

Abstract: A battery operated computer system implements a power management scheme based on battery behavior. The battery behavior that is monitored as part of the power management scheme may include battery temperature, current, voltage, and/or capacity. In response to one or more of these battery parameters exceeding a threshold, the computer transitions itself to a lower power consumption mode. In so doing, the potential for the battery to shut itself off due to being over-extended (e.g., over current) is reduced.