Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.

Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.

Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.

Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.

Abstract: Data collection is facilitated by a multi-threaded processor. One thread of the processor obtains data placed in a buffer by another thread of the processor. The thread placing the data in the buffer is an execution thread executing a customer application and the one thread obtaining the data from the buffer is an assist thread. The assist thread stores the data obtained from the buffer in a selected location, such as a cache, main memory, a measurement control block, a persistent storage device or a network.

Abstract: A method for updating software in a computer system, comprising at least a central processor and multiple adapter cards, wherein the adapter cards are attached to a network, the method comprising (i) the central processor generating a distribution map based on configuration data of the network (100); (ii) the central processor sending the software update data and the distribution map to a receiving adapter card of the adapter cards; (iii) in response to receiving the software update data and the distribution map, the receiving adapter card applying the received software update data and creating at least one modified distribution map.

Abstract: Managing a virtual computer resource on at least one virtual machine. The managing of the virtual computer resource on the at least one virtual machine is by controlling execution of the virtual computer resource on the at least one virtual machine by a virtual machine instance, such as a firmware facility, of a trusted part of a computer system. The virtual machine instance is unique in the computer system.

Abstract: A method for operating a secure storage device with a non-volatile memory on a computer system which executes multiple operating system instances. The non-volatile memory comprises one or more domains which are used by the operating system instances. A separate trusted key entry system is used to configure secret data of an operating system instance stored in the non-volatile memory. The method comprises setting a domain to either secure or non-secure mode; generating a unique identifier of the operating system instance; generating a secure hash for the operating system instance; and storing the secure hash in the domain.

Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.

Abstract: A method is provided for suspending and resuming virtual machines in a network in dependence of network activity. The method includes providing a virtual machine manager. The virtual machine manager monitors network traffic of the virtual machines on a network bridge in a network layer using data packet analysis to detect dedicated network protocol traffic. More particularly, the monitoring of network traffic of the virtual machines may include: logging network addresses of the virtual machines of the network; combining logged network addresses with information about suspending or resuming virtual machines based on filtering rules being provided for such combination; and sending information about the network addresses of active and suspended virtual machines for virtual network adapters assigned to the virtual machines to the virtual machine manager.

Abstract: A method for updating software in a computer system, comprising at least a central processor and multiple adapter cards, wherein the adapter cards are attached to a network, the method comprising (i) the central processor generating a distribution map based on configuration data of the network (100); (ii) the central processor sending the software update data and the distribution map to a receiving adapter card of the adapter cards; (iii) in response to receiving the software update data and the distribution map, the receiving adapter card applying the received software update data and creating at least one modified distribution map.

Abstract: Embodiments include method, systems and computer program products for anonymous secure socket layer (SSL) certificate verification in a trusted group. In some embodiments, a device associated with a user receiving a web server certificate from a web server. A message that includes the web server certificate and associated universal resource locator (URL) may be encrypted using a group key and a proxy key. The message may be transmitted to a proxy server. An anonymized request based on the message may be received from the proxy server. An encrypted response may be generated and transmitted to the proxy server. Encrypted and anonymized responses from members of a trusted group may be received. The responses may be processed and an action associated with the web server certificate may be facilitated.

Abstract: An entitlement system includes at least two computing devices and a management controller which all include a trusted platform module. Each of the trusted platform modules include a non-volatile storage for storing entitlement records. A management unit of each computing device includes configuration means to enable and disable computing resources of the respective computing device based on entitlement records. The management controller receives ensemble entitlement records in encrypted form and distributes sub-entitlement records in a second encrypted form to the management units of the computing devices.

Abstract: Integrating a further communication bridge into a running data processing system. The data processing system includes a communication client running a first operating system having no own communication stack and at least a first communication bridge running a second operating system having an own communication stack. The first communication bridge is configured as a master communication bridge. The further communication bridge announces itself as a slave communication bridge at an announcement time. The master communication bridge executes a quiesce process on the network adapter and on the API of the communication client when there are no data packets in the queue with a sending time earlier than the announcement time. The master communication bridge extracts the state of its communication stack and sends it to the further communication bridge. The master communication bridge resumes the network adapter and the API.

Abstract: Provided is a method for configuring the functional capabilities of a computer system. The computer system may include a persistent memory and a replaceable functional unit. The method may include transferring, in response to a repair action for the functional unit, enablement data that is stored on the functional unit to the persistent memory. The enablement data may specify one or more functional capabilities of the functional unit that are enabled. The method may further include erasing the enablement data from the functional unit after it has been transferred to the persistent storage. The method may further include obtaining a second unique identification item from a replacement unit. The method may further include obtaining new enablement data. The new enablement data may be transferred to the replacement unit.

Abstract: A method is provided for suspending and resuming virtual machines in a network in dependence of network activity. The method includes providing a virtual machine manager. The virtual machine manager monitors network traffic of the virtual machines on a network bridge in a network layer using data packet analysis to detect dedicated network protocol traffic. More particularly, the monitoring of network traffic of the virtual machines may include: logging network addresses of the virtual machines of the network; combining logged network addresses with information about suspending or resuming virtual machines based on filtering rules being provided for such combination; and sending information about the network addresses of active and suspended virtual machines for virtual network adapters assigned to the virtual machines to the virtual machine manager.

Abstract: Stateful network connections between a first virtual machine and at least a second virtual machine are preserved during a suspend and resume cycle. The virtual machines are interconnected by a network. A control instance is provided to manage a routing of network traffic of the virtual machines to the network. In case of a suspend operation, the control instance tracks network addresses of each virtual machine, whereas in case of a resume operation, the control instance sets up a router for each virtual machine and requests new network addresses for each router. The control instance configures a network address translation on the router assigned to each virtual machine to map the new network addresses to the network addresses used before suspending the virtual machines.

Abstract: Securely removing system capabilities, being available to at least one logical partition, from that partition, the partition being hosted by a computer system running an operating system. The system capabilities are available to a boot loader of the computer system, wherein the boot loader is started in the logical partition. The logical partition remains activated while removing the system capabilities. A removal request is initiated by the boot loader; and a deconfigure command is performed by the boot loader.

Abstract: Methods and systems for executing dumping of main memory content and CPU states and for an adaptive boot. The methods and the systems provide a configuration list of the computer system comprising a pre-defined set of dedicated resources for the dumping, provide threshold values for a pre-defined set of minimum resources for executing a reboot of the computer system, assign the pre-defined set of the dedicated resources for executing the dumping, start the dumping, release ones of the dedicated resources after content of the ones of the dedicated resources has been dumped, start a reboot process of the computer system in response to determining that the ones of the dedicated resources exceeds the threshold values for the pre-defined set of the minimum resources for executing the reboot process, and continue to release others of the dedicated resources to the reboot process until the dumping is completed.

Abstract: Methods and systems for executing dumping of main memory content and CPU states and for an adaptive boot. The methods and the systems provide a configuration list of the computer system comprising a pre-defined set of dedicated resources for the dumping, provide threshold values for a pre-defined set of minimum resources for executing a reboot of the computer system, assign the pre-defined set of the dedicated resources for executing the dumping, start the dumping, release ones of the dedicated resources after content of the ones of the dedicated resources has been dumped, start a reboot process of the computer system in response to determining that the ones of the dedicated resources exceeds the threshold values for the pre-defined set of the minimum resources for executing the reboot process, and continue to release others of the dedicated resources to the reboot process until the dumping is completed.