Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.

Abstract: Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine one or more filtered memory locations of a memory, determine if a read access for the memory corresponds to the one or more filtered memory locations, and return a pre-determined filter value as a result of the read access if the read access is determined to correspond to the one or more filtered memory locations. Other embodiments are disclosed and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine if a wake event corresponds to a zero-power state of a computer operating system, determine if a run-time state is valid to wake the operating system from the zero-power state, and wake the operating system from the zero-power state to the run-time state if the run-time state is determined to be valid. Other embodiments are disclosed and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine respective priority levels for one or more boot time events, determine an amount of execution time for the one or more boot time events, and automatically adjust a timer based on the amount of execution time and the priority levels for the one or more boot time events. Other embodiments are disclosed and claimed.

Abstract: Apparatuses, methods and storage medium associated with streamlined physical reset are described herein. In embodiments, an apparatus for computing, including streamlined physical reset, may comprise one or more processor cores; memory having a plurality of memory locations; and a basic input/output system (BIOS) to provide basic input/output system services, wherein the BIOS stays within a range of memory locations during each initialization of the BIOS, including an initialization of the BIOS that is part of a physical reset of the apparatus, to streamline the physical reset. Other embodiments may be described and/or claimed.

Abstract: A method for booting a data processing system (DPS) involves, during a boot process of the DPS, using a preliminary bootcode module from a low-speed nonvolatile memory (NVM) in the DPS to load a main bootcode module from a high-speed NVM in the DPS into a volatile random access memory (RAM) in the DPS, wherein the high-speed NVM supports a read speed that is faster than a maximum read speed of the low-speed NVM. The method also involves, during the boot process, after loading the main bootcode module from the high-speed NVM into the RAM, using the main bootcode module to boot the DPS to an operating system (OS). The method may also involve using the preliminary bootcode module to automatically determine whether the main bootcode module from the high-speed NVM has good integrity. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

Abstract: In some embodiments, a PPM interface for a computing platform may be provided with functionality to facilitate, to an OS through the PPM interface, firmware performance data.

Abstract: A disclosed example method to suspend and resume a device includes: after detecting a low-power suspend mode request, determining a storage performance of the device to store suspend state data; based on the storage performance of the device, setting a suspend flag to indicate a low-power suspend mode to a processor platform; when resuming from the low-power suspend mode, confirming a setting of a resume flag from the processor platform, the resume flag to notify an operating system to resume from the low-power suspend mode; and when the resume flag is set, restoring state data corresponding to an operating system context from a non-volatile dual-purpose system and storage memory.

Abstract: In some embodiments, a PPM interface may be provided with functionality to facilitate to an OS memory power state management for one or more memory nodes, regardless of a particular platform hardware configuration, as long as the platform hardware is in conformance with the PPM interface.

Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the bio -metric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

Abstract: A non-volatile random access memory (NVRAM) is used in a computer system to provide instant responses to sleep state transitions. The computer system includes a processor coupled to an NVRAM, which is accessible by the processor without passing through an I/O subsystem. The NVRAM is byte-rewritable and byte-erasable by the processor. In response to a request to enter a powered sleep state, the computer system converts the powered sleep state into a powered-off sleep state with system memory context stored in the NVRAM. The powered sleep state is defined as a state in which power is supplied to volatile random access memory in the computer system, and the powered-off sleep state is defined as a state in which power is removed from the volatile random access memory. In response to a wake event, the computer system resumes working state operations using the system memory context stored in the NVRAM.

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract: In some embodiments, a PPM interface for a computing platform may be provided with functionality to facilitate, to an OS through the PPM interface, firmware performance data.

Abstract: A method and system for improving responsiveness of a vehicle computing platform includes enabling a camera feature during the pre-boot phase of a computing device and using a special-purpose operating mode of the computing device to initiate the streaming of camera image data to a display.

Abstract: A method for redirecting I/O (Input/Output) sequences. A computer platform is initialized. If the computer platform is enabled for command packet rerouting, the platform firmware may be used to install a runtime enable block I/O interface and a standard UNDI (Universal Network Device Interface) interface for routing I/O requests to a network controller or an out-of-band processor may be used to route I/O requests to a network interface controller. The routing of the I/O requests to the network controller or network interface controller enables the computer platform to boot from a remote block I/O storage device.

Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the bio-metric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.