Abstract: The disclosed methods enable users to securably modify BIOS data blocks within an EEPROM to update and/or verify non-executable data without requiring that the entire EEPROM and segments thereof be available for open access.

Abstract: A system and method for access control of a hardfile responsive to a computer system having an operating system is disclosed. The method includes detecting a special boot condition during a pre-boot test of the computer system; and altering, in response to the special boot condition, an operating system access configuration of the hardfile. The system includes a computer system that adjusts an operating system access to a hardfile based upon various boot conditions.

Abstract: A method, system, and program for selecting and implementing a basic input/output system (“BIOS”) configuration among various BIOS configurations for a data processing system are disclosed. Different BIOS configurations are defined for various types of users, such as a home user, a commercial user, and a network user. Each of the BIOS configurations includes a different set of BIOS characteristics, such as program setup features security features, and network server features, under which the data processing system is able to run. The different BIOS configurations are stored into a memory device for the data processing system. A designation is set within the memory device that directs a processor of the data processing system to select and execute a desired one of the BIOS configurations for a particular type of user.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network.

Abstract: A designated user of a computer system is allowed to conceal from access portions of information stored on a hard disk drive or comparable storage device. The program instructions which initiate operation of the computer system, sometimes also known as BIOS code, enable a designated user or an administrator to declare certain portions of information normally stored accessibly to the system to be concealed, hidden, or invisible to a technical support person having a lesser level of access. Certain partitions are made inaccessible to any operator lacking the password of a designated user or administrator. Instead, a separate password is provided which enables initiation of operation of the system for maintenance purposes using only partitions which are open or unconcealed.

Abstract: A method and system for providing an event driven hardfile image in a computer system is disclosed. The computer system includes a hardfile, a hardfile adapter, a master boot record and an operating system. The method and system include providing an extended physical partition table describing a plurality of partitions on the hardfile and defining at least one image using a utility. Each image corresponds to at least a portion of the plurality of partitions and to a corresponding event. An image is to be mapped to the master boot record in response to an occurrence of the corresponding event. The method and system also include providing an event driven table including each of the at least one image.

Abstract: A method for remotely powering up a computer, includes: receiving a telephone call by a device coupled to a powered down computer; determining an originator's telephone number for the telephone call; determining if the originator's telephone number matches one of a plurality of authorized telephone numbers; and powering up the computer if the originator's telephone number matches one of the plurality of authorized telephone numbers. The method and system utilizes the well known “Caller-ID” technology to determine the originator's telephone number for a telephone call received by a modem coupled to the computer. If there is no match, the computer remains in a powered down state. In this manner, the system discriminates between the received telephone calls, and avoids powering up the computer when the received call is not for this purpose. This avoids wasting power.

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract: A method, system and computer readable medium containing programming instructions for detecting a tamper event in a computer system having an embedded security system (ESS), a trusted operating system, and a plurality of devices is disclosed. The method, system and computer readable medium of the present invention provide for receiving a tamper signal in the ESS, and locking the tamper signal in the ESS. According to the method, system and computer readable medium of the present invention, the trusted operating system is capable of detecting the tamper signal in the ESS.

Abstract: A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.

Abstract: A hard drive having a protected partition is used in the recovery of a BIOS image for a computer system. An EEPROM is used to store a first BIOS image that is used to boot-up the system and recovery code is used to recover a new BIOS image if the first BIOS image has been corrupted. The new BIOS image is stored in the protected partition of the drive. A recover BIOS command is issued whenever the first BIOS image has been corrupted or a remote or local recover BIOS request is received. When the first BIOS is corrupted, the EEPROM is rewritten with the second BIOS image and the system boots with the rewritten first BIOS image. When a recover BIOS request is received in a data packet sent over a communication link, the data packet is authenticated before the first BIOS image is rewritten.

Abstract: A periodic system “wake-up” is implemented during S1, S2 or S3 states utilizing a hardware timer. A memory scrubbing routine is initiated that reads out all memory locations and writes back any memory locations that have single bit (correctable) Error Correction Code errors. This procedure minimizes the chances of a multiple bit error build up over time that may cause an unrecoverable error. The scrubbing routine is invoked whenever the system is brought out of S1, S2, or S3 state to insure that there are no single bit errors present when full system operation is resumed.

Abstract: A system, computer program product and method for booting to a partition in a non-volatile storage unit without a local operator. In one embodiment, one or more bits in a BOOT register may be set by an operating system indicating if the BIOS should boot to the partition. The BIOS may then read the BOOT register to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition. In another embodiment, a network interface card may insert directive information received from a packet in a register within the network interface card. The BIOS may then read the register within the network interface card to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition.

Abstract: A computer system processor incorporates a special S-latch which may only be set by secure signals. One state of the S-latch sets the processor into a secure mode where it only executes instructions and not commands from an In Circuit Emulator (ICE) unit. A second state of the S-latch sets the processor into a non-secure mode. A non-volatile random access memory (NVRAM) is written with secure data which can only be read by boot block code stored in a BIOS storage device. The boot block code is operable to read the secure data in the NVRAM and set the S-latch to an appropriate security state. If the boot block code cannot set the S-latch, then remaining boot up with BIOS data is stopped. On boot up the boot block code reads the NVRAM and sets the S-latch into the appropriate security state.

Abstract: A data processing system and method of password protecting the boot of a data processing system are disclosed. According to the method, in response to an attempt to boot the data processing system utilizing a boot device, the boot device is interrogated for a password. If the boot device supplies password information corresponding to that of a trusted boot device, the data processing system boots utilizing the boot device. If, however, the boot device does not supply password information corresponding to that of a trusted boot device, booting from the boot device is inhibited. In a preferred embodiment, the password information comprises a unique combination of the boot device's manufacturer-supplied model and serial numbers.

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

Abstract: A computer system includes a hard drive having a protected partition, which is locked during operation of an initialization program following power on in the system. A trusted server generates an update partition file, which is transferred to the computer system to be stored in non-volatile storage. During subsequent initialization, before the protected partition is locked, encrypted information available only to the server and the computer system is used to verify that the file was generated by the server, and the file is used to update information within the protected partition.

Abstract: A method and system for providing a trusted boot source in a computer system is disclosed. The computer system includes an operating system and a partition that is nonviewable from the operating system. The method and system include allowing a plurality of sub-partitions to be defined in the partition. The plurality of sub-partitions corresponds to a plurality of boot sources. The method and system also include allowing a password to be provided for each of the plurality of sub-partitions. The password is required for a user to utilize a corresponding sub-partition as a boot source.

Abstract: A method and system for evaluating a boot source in a computer system having a processor is disclosed. The method and system include determining the boot source used by the processor each time the computer system boots and allowing the boot source to be specified once as a known boot source. The boot source is determined by storing an identity of the boot source in a first register. The boot source can be specified once as a known boot source in a second register.