Abstract: Technologies for secure hybrid standby power management include a computing device with a processor supporting low-power idle standby. An operating system writes a power management sleep request, such as an ACPI S3 request, to a power management control register of the computing device. The processor traps the write to the power management control register and executes a firmware sleep mapper that causes the processor to enter an idle standby power state such as S0ix. The firmware sleep mapper may be included in a firmware isolated memory region. The address of the firmware sleep mapper may be included in a model-specific register of the processor. The processor may verify the firmware sleep mapper before execution. In response to a wake event, the processor resumes the firmware sleep mapper, which switches the processor to real mode and jumps to a waking vector of the operating system. Other embodiments are described and claimed.

Abstract: A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.

Abstract: A mechanism is described for facilitating dynamic capsule generation and recovery in computing environments according to one embodiment. A method of embodiments, as described herein, includes accessing a current firmware and a capsule driver binary file (“capsule file”) from a storage device, and merging the current firmware with the capsule file and a capsule header into a capsule payload. The method may further include assigning a security protocol to the capsule payload to ensure a secured capsule payload, and storing the secured capsule payload at the storage device for subsequent updates.

Abstract: A computer boot apparatus and related method use a primary boot component (PBC) that is fixedly mounted in the computer. The PBC has a firmware element that is a non-volatile memory comprising a boot critical portion with instructions that initiate a boot of the computer. The PBC also has a policy manager and a version identifier. The PBC initializes the computer boot via the boot critical portion. The policy manager verifies and authenticates a secondary boot component that is removably attached to the computer.

Abstract: Methods, apparatus, systems and articles of manufacture for mitigating a firmware failure are disclosed. An example apparatus includes at least one hardware processor and first memory including instructions to be executed by the at least one hardware processor. The example apparatus further includes mask memory including a feature mask associated with a first firmware version, the feature mask identifying features of the first firmware version to be disabled. A platform firmware controller is to apply the first firmware version to the first memory for execution by the at least one processor, initialize the at least one processor using the feature mask, and in response to a detection of a failure, determine a first de-feature mask based on a second de-feature mask previously used by the at least one processor and the feature update mask; and initialize the processor using the first de-feature mask.

Abstract: Methods, apparatus, systems, and articles of manufacture for a battery charging device are disclosed. Example battery charging devices include a temperature sensor to sense a skin temperature of an electronic device in which the battery is installed, and a current controller to control a magnitude of a charging current to be supplied to the battery. The current controller causes the magnitude of the charging current to oscillate between an upper level and a lower level and a current adjuster adjusts the upper level downwards and the lower level upwards based on the skin temperature sensed by the temperature sensor. In some examples, a memory device stores a thermal set point and a comparator compares the skin temperature to the thermal set point and transmits a control signal to the current adjuster based on the comparison of the thermal set point to the skin temperature.

Abstract: Technologies for securely booting a computing device includes a security engine of the computing device that consecutively determines a hash value for each block of initial boot firmware and generates an aggregated hash value from the hash value determined for each of the blocks. A processor of the computing device determines whether the aggregated hash value matches a reference checksum value. Initialization of the processor is completed in response to a determination that the aggregated hash value matches the reference checksum value. In some embodiments, the security engine consecutively retrieves each block of the initial boot firmware from a memory of the computing device, stores each retrieved block in a secure memory of the security engine, and determines the hash value for each stored block. Each block stored in the secure memory is copied to a portion of a cache memory of the processor initialized as Cache as RAM.

Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.

Abstract: In one example, a system on a chip can include an embedded controller and a security controller that can detect, during an initialization process, a request for embedded controller firmware stored in block storage from the embedded controller via a transmission link. The security controller can also retrieve the embedded controller firmware stored in the block storage and transmit the embedded controller firmware to the embedded controller via the transmission link.

Abstract: Systems, apparatuses and methods may provide for technology that assumes, by a root of trust located in a trusted region of a system on chip (SOC), control over a reset of the SOC and conducting, by the root of trust, an authentication of an update package in response to an update condition. The root of trust technology may also apply the update package to firmware located in non-volatile memory (NVM) associated with a microcontroller of the SOC if the authentication is successful.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to utilize non-volatile memory for computer system boot. An example processor platform includes a non-volatile memory coupled to a processing unit via a bus, and a microcontroller to: configure the processing unit to store, on the non-volatile memory, a heap and a stack for execution of boot code, and configure the processing unit to execute the boot code stored on the non-volatile memory.

Abstract: Systems, apparatuses and methods may include technology that detects a migration request and conducts a first transfer, via a trusted execution environment (TEE), of storage context information from a first removable storage device to a secure memory region of a system in response to the data migration request. Additionally, the technology may conduct a second transfer, via the TEE, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information includes factory data, security data and boot firmware.

Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.

Abstract: A computer hoot apparatus and related method use a primary boot component (PBC) that is fixedly mounted in the computer. The PBC has a firmware element that is a non-volatile memory comprising a boot critical portion with instructions that initiate a boot of the computer. The PBC also has a policy manager and a version identifier. The PBC initializes the computer boot via the boot critical portion. The policy manager verifies and authenticates a secondary boot component that is removably attached to the computer.

Abstract: Systems, apparatuses and methods may include technology that detects a migration request and conducts a first transfer, via a trusted execution environment (TEE), of storage context information from a first removable storage device to a secure memory region of a system in response to the data migration request. Additionally, the technology may conduct a second transfer, via the TEE, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information includes factory data, security data and boot firmware.

Abstract: Techniques and computing devices for persistent firmware transfer monitoring and, more specifically, but not exclusively, to a resource filter within a firmware resource monitor configured to persistently store resource information after a boot operation. In one embodiment, for example, an apparatus for persistent firmware transfer monitoring in a computer system comprises at least one memory, at least one processor, and a resource filter comprising logic, at least a portion of the logic comprised in hardware and executed by the processor. The logic to may be configured to receive a list of required resources during a boot operation and receive a list of excluded resources. The resource filter may be further configured to persistently store the list of required resources and the list of excluded resources after the boot operation has completed.

Abstract: Technologies for secure hybrid standby power management include a computing device with a processor supporting low-power idle standby. An operating system writes a power management sleep request, such as an ACPI S3 request, to a power management control register of the computing device. The processor traps the write to the power management control register and executes a firmware sleep mapper that causes the processor to enter an idle standby power state such as S0ix. The firmware sleep mapper may be included in a firmware isolated memory region. The address of the firmware sleep mapper may be included in a model-specific register of the processor. The processor may verify the firmware sleep mapper before execution. In response to a wake event, the processor resumes the firmware sleep mapper, which switches the processor to real mode and jumps to a waking vector of the operating system. Other embodiments are described and claimed.

Abstract: Technologies for fast low-power startup include a computing device with a processor having a power management integrated circuit. The computing device initializes platform components into a low-power state and determines, in a pre-boot firmware environment, the battery state of the computing device. The computing device determines a minimum-power startup (MPS) configuration that identifies platform components to be energized and determines whether the battery state is sufficient for the MPS configuration. If sufficient, the computing device energizes the platform components of the MPS configuration and boots into an MPS boot mode. In the MPS boot mode, the computing device may execute one or more user-configured application(s). If the battery state is sufficient for normal operation, the computing device may boot into a normal mode. In the normal mode, the user may configure the MPS configuration by selecting features for the future MPS boot mode. Other embodiments are described and claimed.

Abstract: Methods, apparatus, systems, and articles of manufacture for a battery charging device are disclosed. Example battery charging devices include a temperature sensor to sense a skin temperature of an electronic device in which the battery is installed, and a current controller to control a magnitude of a charging current to be supplied to the battery. The current controller causes the magnitude of the charging current to oscillate between an upper level and a lower level and a current adjuster adjusts the upper level downwards and the lower level upwards based on the skin temperature sensed by the temperature sensor. In some examples, a memory device stores a thermal set point and a comparator compares the skin temperature to the thermal set point and transmits a control signal to the current adjuster based on the comparison of the thermal set point to the skin temperature.

Abstract: In one example, a system on a chip can include an embedded controller and a security controller that can detect, during an initialization process, a request for embedded controller firmware stored in block storage from the embedded controller via a transmission link. The security controller can also retrieve the embedded controller firmware stored in the block storage and transmit the embedded controller firmware to the embedded controller via the transmission link.