Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: This disclosure is directed to isolated guest creation in a virtualized computing system. A memory in a computing device may be divided into isolated execution environments, allowing some software (e.g., guests) to be isolated in a high privilege execution environment. A virtual machine manager (VMM) of a low privilege execution environment may issue commands to a VMM of the high privilege execution environment to, for example, cause a guest loaded in the low privileged execution environment to be placed into the high privilege execution environment, to interact with the guest in the high privilege execution environment, to cause the guest to be removed from the high privilege execution environment, etc. The guest may include attributes configured to control guest behavior such as, for example, when to perform activities, how to respond to stop commands received from the VMM of the high privilege execution environment, etc.

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: A trusted system management interrupt handler may be verified by first locating a signed system management interrupt handler image in system memory. The digital signature of the signed system management interrupt handler image is verified. An existing basic input/output system management interrupt handler is erased and replaced with a new system management interrupt handler image. Then an analysis is done of the system management interrupt handler message is to determine whether to continue to launch.

Abstract: In some embodiments, an apparatus comprises one or more processors supporting a system management mode, system management memory, and software controllable caching of memory, one or more memory modules, a memory controller, and a communication bus to couple the one or more memory modules to the memory controller. Other embodiments may be described.

Abstract: A trusted system management interrupt handler may be verified by first locating a signed system management interrupt handler image in system memory. The digital signature of the signed system management interrupt handler image is verified. An existing basic input/output system management interrupt handler is erased and replaced with a new system management interrupt handler image. Then an analysis is done of the system management interrupt handler message is to determine whether to continue to launch.

Abstract: In some embodiments, an apparatus comprises one or more processors supporting a system management mode, system management memory, and software controllable caching of memory, one or more memory modules, a memory controller, and a communication bus to couple the one or more memory modules to the memory controller. Other embodiments may be described.

Abstract: An apparatus comprising a memory controller including therein a configuration register, a communication channel coupled to the memory controller, and first and second memory partitions coupled to the communication channel, wherein configuration parameters in the configuration register are set so that the memory controller recognizes one partition at a time. A process comprising setting configuration parameters in a configuration register of a memory controller so that the memory controller recognizes a first memory partition coupled to the memory controller by a communication channel instead of a second memory partition coupled to the memory controller by the communication channel and re-setting the configuration parameters so that the memory controller recognizes the second memory partition instead of the first memory partition.

Abstract: A method for updating platform firmware is disclosed. This capability is facilitated by a standard software abstraction for a firmware storage device, known as Firmware Volume (FV) that is managed through a Firmware File System (FFS). The FFS enables firmware files to be created, deleted, and updated individually. The FFS also enables a plurality of firmware files to be updated atomically by managing file state information via state bits stored in a file header of each firmware file, whereby an atomic change to a single state bit simultaneously causes the FFS to use an updated set of firmware files in place of an original set of firmware files.

Abstract: A storage command specifying a virtual linear block address (“LBA”) is converted to a device command specifying a physical LBA and issued to a mass storage device. Chipsets to translate between virtual LBAs and physical LBAs, systems using such chipsets, and machine-readable media containing software to control programmable logic devices, are among the embodiments described and claimed.

Abstract: A method, apparatus and system enable bi-directional communications between a virtual machine monitor (“VMM”) and an Advanced Configuration & Power Interface (“ACPI”) compliant guest operating system. In one embodiment, a virtual machine (“VM”) may be designated as the owner of the host platform (“Policy VM”). The Policy VM may communicate with the VMM to control all configuration and power management decisions on the platform.

Abstract: Processor-based systems may use more than one operating system and may have disk drives which are cached. Systems which include a write-back cache and a disk drive may develop incoherent data when operating systems are changed or when disk drives are removed. Scrambling a partition table on a disk drive and storing cache identification information may improve data coherency in a processor-based system.

Abstract: Briefly, in accordance with an embodiment of the invention, an apparatus and method to store initialization and configuration information is provided. The method may include storing basic input/output system (BIOS) software in a polymer memory. The method may further include copying a first portion of the BIOS software from the polymer memory to a random access memory (RAM) buffer of a memory controller, wherein the RAM buffer has a storage capacity of at least about two kilobytes (KB).

Abstract: A BIOS having a set of effectors to initialize harware within the system. The BIOS having a set of macros, each macro of the set of macros having a reference to an effector of the set of effectors, each macro of the set of macros having a set of arguments.

Abstract: In one embodiment, the invention is an apparatus. The apparatus includes a BIOS embodied in a non-volatile storage device. The apparatus also includes a non-volatile storage manager embodied in the non-volatile storage device, the non-volatile storage manager controlling access to a portion of the BIOS.

Abstract: In one embodiment, the invention is an apparatus. The apparatus includes a first d-node having a pointer to a subordinate d-node and an identifier. The apparatus also includes a set of d-nodes, each d-node of the set of d-nodes having an identifier, a pointer to a peer d-node, a pointer to a subordinate d-node and a pointer to an entry. The set of d-nodes is accessible through the pointer of the first d-node. The apparatus also includes a set of entries, each entry of the set of entries having an identifier, a type, a value, and a pointer to an entry. The value of each entry embodies data corresponding to a configuration of a system.

Abstract: In one embodiment, the invention is an apparatus. The apparatus includes a first d-node having a pointer to a subordinate d-node and an identifier. The apparatus also includes a set of d-nodes, each d-node of the set of d-nodes having an identifier, a pointer to a peer d-node, a pointer to a subordinate d-node and a pointer to an entry. The set of d-nodes is accessible through the pointer of the first d-node. The apparatus also includes a set of entries, each entry of the set of entries having an identifier, a type, a value, and a pointer to an entry. The value of each entry embodies data corresponding to a configuration of a system.