Abstract: A device includes a reset resistant store and a trusted key service. The reset resistant store maintains data across various different device reset or data invalidation operations. The trusted key service maintains, for each of one or more operating systems that run on the device from a boot configuration, an encrypted key associated with the boot configuration. The device also has a master key that is specific to the device. Each of the keys associated with a boot configuration is encrypted using the master key. When booting the device, the boot configuration being run on the device is identified, and the key associated with that boot configuration is obtained (e.g., from the reset resistant store or the encrypted key vault). The master key is used to decrypt the obtained key, and the obtained key is used to decrypt secrets associated with the operating system run from the boot configuration.

Abstract: A device includes a reset resistant store and a trusted key service. The reset resistant store maintains data across various different device reset or data invalidation operations. The trusted key service maintains, for each of one or more operating systems that run on the device from a boot configuration, an encrypted key associated with the boot configuration. The device also has a master key that is specific to the device. Each of the keys associated with a boot configuration is encrypted using the master key. When booting the device, the boot configuration being run on the device is identified, and the key associated with that boot configuration is obtained (e.g., from the reset resistant store or the encrypted key vault). The master key is used to decrypt the obtained key, and the obtained key is used to decrypt secrets associated with the operating system run from the boot configuration.

Abstract: A Basic Input/Output System (BIOS) secure data management system includes a BIOS that is configured to perform a boot process. At least one memory system is configured to provide a System Management (SM) memory location that is only accessible by the BIOS. A trusted platform module (TPM) includes at least one register and is configured to store sealed first secure data. The TPM is configured to use at least one first value in the at least one register that depends on the boot process to unseal the sealed first secure data to provide unsealed first secure data, and provide that unsealed first secure data to the BIOS for storage in the SM memory location. The BIOS is configured to retrieve the unsealed first secure data from the SM memory location and use the unsealed first secure data to perform a security function.

Abstract: In accordance with embodiments of the present disclosure, a method may include generating a master cryptographic key for encrypting and decrypting the one or more variables stored in a non-transitory computer-readable medium accessible to a basic input/output system of an information handling system. The method may also include encrypting the master cryptographic key with a system password, such that the master cryptographic key as encrypted with the system password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by a user of the system password. The method may further include encrypting the master cryptographic key with an administrator password, such that the master cryptographic key as encrypted with the administrator password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by an administrator of the administrator password.

Abstract: An information handling system, method, and computer-readable media for obfuscating debugging filenames during a software build are described. The system comprises one or more processors, a memory, and one or more program modules stored on the memory and executable by the one or more processors. The one or more program modules compile a source code file of a plurality of source code files into a program, generate a debugging file including debugging information for the program, utilize a one-way deterministic function to generate an obfuscated filename for the debugging file, and include a link to the debugging file in the program, the link including the obfuscated filename.

Abstract: An information handling system, method, and computer-readable media for obfuscating debugging filenames during a software build are described. The system comprises one or more processors, a memory, and one or more program modules stored on the memory and executable by the one or more processors. The one or more program modules compile a source code file of a plurality of source code files into a program, generate a debugging file including debugging information for the program, utilize a one-way deterministic function to generate an obfuscated filename for the debugging file, and include a link to the debugging file in the program, the link including the obfuscated filename.

Abstract: A Basic Input/Output System (BIOS) secure data management system includes a BIOS that is configured to perform a boot process. At least one memory system is configured to provide a System Management (SM) memory location that is only accessible by the BIOS. A trusted platform module (TPM) includes at least one register and is configured to store sealed first secure data. The TPM is configured to use at least one first value in the at least one register that depends on the boot process to unseal the sealed first secure data to provide unsealed first secure data, and provide that unsealed first secure data to the BIOS for storage in the SM memory location. The BIOS is configured to retrieve the unsealed first secure data from the SM memory location and use the unsealed first secure data to perform a security function.

Abstract: In accordance with embodiments of the present disclosure, a method may include generating a master cryptographic key for encrypting and decrypting the one or more variables stored in a non-transitory computer-readable medium accessible to a basic input/output system of an information handling system. The method may also include encrypting the master cryptographic key with a system password, such that the master cryptographic key as encrypted with the system password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by a user of the system password. The method may further include encrypting the master cryptographic key with an administrator password, such that the master cryptographic key as encrypted with the administrator password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by an administrator of the administrator password.

Abstract: A remote power controller apparatus includes a first interface for communicating with a host computer, a second interface for communicating with a target computer, and a processing component configured to receive a request on the first interface to change the power state or to reset the target computer. In response to receiving such a request, the processing component is configured to transmit a signal on the second interface for changing the power state of the target computer or for resetting the target computer. The processing component may also be configured to receive a signal on the second interface indicating the power state of the target computer, the state of a mass storage device of the target computer, or the state of an audio device of the target computer, and to transmit data indicating the state to the host computer on the first interface.

Abstract: Technologies are described herein for allowing a computer system to recover from an invalid configuration, without requiring any modifications to the hardware of the computer system by the user. The computer determines whether a boot-fail counter exceeds a threshold value. If the boot-fail counter exceeds the threshold value, the computer executes an exception processing routine. In one aspect, the exception processing routine causes the computer to reset configuration settings stored in a memory area of the computer to default configuration settings. If the boot-fail counter does not exceed the threshold value, the computer increments the boot-fail counter and executes system initialization routines for booting the computer. Upon successfully completing the system initialization routines, the computer resets the boot-fail counter.