Abstract: A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt.

Abstract: A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt.

Abstract: Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation.

Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.

Abstract: Embodiments of the present invention provide methods, systems, and apparatus for instantiating, by a computing system, a firmware recovery module in response to a detected firmware failure during a system startup. The firmware recovery module establishes access to a remotely disposed recovery server and retrieves from it a replacement or update firmware to address the firmware failure.

Abstract: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.

Abstract: A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt.

Abstract: In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.

Abstract: Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation.

Abstract: Methods and systems to display platform graphics during initialization of an computer system, including to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge platform graphics data with graphics generated by operating system initialization logic. The methods and systems include virtualization methods and systems and system management mode methods and systems.

Abstract: A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module.

Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.

Abstract: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.

Abstract: In some embodiments, the invention involves a system and method for invoking a series of hypervisors on a platform. A hardware-based secure boot of a chained series of virtual machines throughout the life of the pre-operating system (OS) firmware/BIOS/loader/option ROM execution, with component-wise isolation of the pre-extensible firmware interface (PEI) and driver execution environment (DXE) cores is utilized. In an embodiment, a Cache-As-RAM (CAR) based hypervisor, executing directly from Flash memory manages sequential invocation of a next hypervisor. Other embodiments are described and claimed.

Abstract: Embodiments of the present invention provide methods, systems, and apparatus for instantiating, by a computing system, a firmware recovery module in response to a detected firmware failure during a system startup. The firmware recovery module establishes access to a remotely disposed recovery server and retrieves from it a replacement or update firmware to address the firmware failure.

Abstract: A method and system for securing an unified extensible firmware interface application program interface includes establishing a software hook for the application program interface during a pre-boot phase of a computing device and granting or denying access to the application program interface based on a comparison of a user token, which identifies the user, and an access control entry of an access control list associated with the application program interface.

Abstract: A pre-boot environment is disclosed that manages power of a computing device prior to an operating system runtime phase. The pre-boot environment may be implemented in a computing device having a storage device to store an operating system, a firmware device to store firmware having a boot loader to load and initiate execution of the operating system, and a processor to execute the firmware and the operating system. The firmware in response to being executed by the processor may result in the computing device monitoring operating conditions of the computing device, and initiating a power management response based upon the operating conditions of the computing device and a power management policy.

Abstract: A method, computer readable medium, and device are disclosed. In one embodiment the method includes determining whether an entry exists in a firmware interface table to direct the processor to handle the event in a non-legacy mode. This is done after an event for a processor that triggers a legacy mode processor handling routine. The method also includes the processor handling the event in the non-legacy mode when the entry exists.

Abstract: A system, method, and computer-readable medium with instructions for capturing a system management interrupt instruction by trusted system management mode code running in a system. The system management interrupt instruction is dispatched to other system management mode code, which may be untrusted. In response to an attempt to access a protected resource of the system by the other system management mode code, a determination is made whether the second system management mode code is authorized to access the protected resource. If the second system management mode code is not authorized to access the protected resource, access to the protected resource by the other system management mode code is prevented. Other embodiments are described and claimed.

Abstract: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.