Abstract: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.

Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the biometric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: Technologies for transitioning between operating systems include a computing device having a main memory and a data storage device. The computing device executes a first operating system and monitors for an operating system toggle event. The toggle event may be a software command, a hardware buttonpress, or other user command. In response to the toggle event, the computing device copies state data of the first operating system to a reserved memory area. After copying the state data, the computing device executes a second operating system. While the second operating system is executing, the computing device copies the state data of the first operating system from the reserved memory area to the data storage device. The computing device monitors for operating system toggle events during execution of the second operating system and may similarly toggle execution back to the first operating system. Other embodiments are described and claimed.

Abstract: The present disclosure relates to allowing the utilization of a virus scanner and cleaner that operates primarily in the pre-boot phase of computer operation and, more particularly, to allowing the utilization of a virus scanner and cleaner that operates primarily during the loading of an operating system.

Abstract: Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

Abstract: In some embodiments, a PPM interface for a computing platform may be provided with functionality to facilitate, to an OS through the PPM interface, firmware performance data.

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract: Technologies for transitioning between operating systems include a computing device having a main memory and a data storage device. The computing device executes a first operating system and monitors for an operating system toggle event. The toggle event may be a software command, a hardware buttonpress, or other user command. In response to the toggle event, the computing device copies state data of the first operating system to a reserved memory area. After copying the state data, the computing device executes a second operating system. While the second operating system is executing, the computing device copies the state data of the first operating system from the reserved memory area to the data storage device. The computing device monitors for operating system toggle events during execution of the second operating system and may similarly toggle execution back to the first operating system. Other embodiments are described and claimed.

Abstract: Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract: In some embodiments, a PPM interface for a computing platform may be provided with functionality to facilitate, to an OS through the PPM interface, firmware performance data.

Abstract: Methods and apparatus relating to pre-OS (pre Operating System) image rewriting to provide cross-architecture support, security introspection, and/or performance optimization are described. In an embodiment, logic rewrites a non-native firmware interface driver into a native firmware interface driver in response to a determination that sufficient space is available in an integrity cache storage device to store the native firmware interface driver. The logic rewrites the non-native firmware interface driver into the native firmware interface driver by performing one or more of its operations during operating system runtime. Other embodiments are also claimed and described.

Abstract: Methods and apparatuses for re-instantiating a firmware environment that includes one or more firmware functions available at pre-boot time when transitioning the computing device from a wake state to a sleep state. A network event received by the computing device while in a sleep state may be handled by the firmware environment independent of the operating system and without returning the entire computing device to the wake state.

Abstract: A computer system is partitioned during a pre-boot phase of the computer system between a first partition and a second partition, wherein the first partition to include a first processing unit and the second partition to include a second processing unit. An Input/Output (I/O) operating system is booted on the first partition. A general purpose operating system is booted on the second partition. Network transactions are issued by the general purpose operating system to be performed by the I/O operating system. The network transactions are performed by the I/O operating system.

Abstract: Methods and apparatus to provide dynamic messaging services are disclosed. An example method of displaying information on a display screen includes determining, using a virtual machine manager, supported dimensions for display of information on the display screen; generating, using the virtual machine manager, restricted dimensions that are less than the supported dimensions; providing the restricted dimensions to an operating system of a virtual machine supported by the virtual machine manager, wherein the restricted dimensions define a boundary between a first screen portion and a second screen portion; and using the virtual machine manager to display first information in the first screen portion, the virtual machine manager enforcing the presence of the first screen portion on the display screen.

Abstract: The present disclosure is directed to flexible bootstrap code architecture. A device may comprise equipment for operating the device and an operating system (OS) for operating the equipment. A boot module may also be included in the device to execute boot operations. At least one flexible boot (FB) module in the boot module may interact with the equipment and/or OS during the boot operations to cause the boot operations to become device-specific. An example boot module may comprise a plurality of FB modules. An example FB module may verify a device/chipset identification and may control the boot operations based on the identification. Other example FB modules may select resources to load based on an OS type, may provide a boot configuration table location for use in OS runtime boot configuration or may load variables from a preload variable directory for use in configuring boot operations.

Abstract: A method and apparatus is described herein for performing parallel memory migration, as well as execution of management tasks over a plurality of management windows. Handlers are dispatched to multiple resources, such as processing elements or threads, to determine a proper memory migration handler. Each resource, during a management mode, executes a designated memory migration handler or an instance of a memory migration handler to perform a portion of a memory migration task in parallel. A task data structure is capable of supporting tracking of portions of memory migrated. In addition the task data structure is potentially also capable of tracking management tasks through plurality of management windows to support servicing of management tasks through multiple management windows.