Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

Abstract: Apparatuses, methods and storage medium associated with provision of power management data packages are disclosed herein. In embodiments, an apparatus may include one or more processors, memory to store a power management data package having a first plurality of descriptions of always present fixed platform devices and a second plurality of descriptions of potentially present variable platform devices; and firmware coupled with the one or more processors and memory to provide basic input/output services to an operating system operated by the one or more processors, wherein the operating system has an operational requirement for the power management data package. The basic input/output services may include a service to modify the power management data package to bring the power management data package into compliance with the operational requirement of the operating system. Other embodiments may be described and/or claimed.

Abstract: According to one embodiment of the invention, a processor includes a power control unit, an interface to software during runtime that permits the software to set a plurality of power management constraint parameters for the power control unit during runtime of the processor without a reboot of the processor, and a storage element to store a respective lock bit for each of the plurality of power management constraint parameters to disable the interface from changing a respective constraint parameter when set.

Abstract: Technologies for hybrid sleep power management include a computing device with a processor supporting a low-power idle state. In a pre-boot firmware environment, the computing device reserves a memory block for firmware use and copies platform wake code to a secure memory location, such as system management RAM (SMRAM). At runtime, an operating system may execute with the processor in protected mode. In response to a request to enter a sleep or suspend state, the computing device generates a system management interrupt (SMI). In an SMI handler, the computing device copies the wake code from SMRAM to the reserved memory block. The computing device resumes from the SMI handler to the wake code with the processor in real mode. The wake code enters the low-power idle state and then jumps to a wake vector of the operating system after receiving a wake event. Other embodiments are described and claimed.

Abstract: According to one embodiment of the invention, a processor includes a power control unit, an interface to software during runtime that permits the software to set a plurality of power management constraint parameters for the power control unit during runtime of the processor without a reboot of the processor, and a storage element to store a respective lock bit for each of the plurality of power management constraint parameters to disable the interface from changing a respective constraint parameter when set.

Abstract: Processing logic and a method to provide single thread access to a specific memory region without suspending processing activity for all other cores and/or threads within or in association with a processor, computer system, or other processing apparatus. Single thread access may be provided through implementation of microcode which may control thread access to model specific registers (“MSRs”) within a processor. One MSR may provide a mutex, which a single thread may claim, and another MSR may provide a range of memory locations, which may be accessed by the thread that has claimed the mutex.

Abstract: Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: Embodiments related to hardware configuration reporting and arbitration are disclosed herein. For example, an apparatus for hardware configuration reporting may include: a processing device having a trusted execution environment (TEE) and a non-trusted execution environment (non-TEE); request service logic, stored in the memory, to operate within the TEE to receive an indication of a request from arbiter logic, wherein the request represents a hardware configuration register; and reporting logic, stored in the memory, to operate within the TEE and to report an indicator of a value of the hardware configuration register represented by the request to the arbiter logic. Other embodiments may be disclosed and/or claimed.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: A mechanism is described for facilitating dynamic capsule generation and recovery in computing environments according to one embodiment. A method of embodiments, as described herein, includes accessing a current firmware and a capsule driver binary file (“capsule file”) from a storage device, and merging the current firmware with the capsule file and a capsule header into a capsule payload. The method may further include assigning a security protocol to the capsule payload to ensure a secured capsule payload, and storing the secured capsule payload at the storage device for subsequent updates.

Abstract: Technologies for performing a secure firmware update include a compute device that includes a memory device to store firmware update payload, one or more devices that have direct memory access (DMA) to the memory, a DMA remap module, and a firmware update module. The DMA remap module is to create a memory isolation domain for each of the one or more devices. Each memory isolation domain comprises a physical address space in the memory that is mutually exclusive to the physical address spaces of the other memory isolation domains. The firmware update module is to (i) analyze the firmware update payload to identify one or more of the devices associated with the firmware update payload and (ii) move the firmware update payload to the memory isolation domains of each associated device to enable secure transmission of the firmware update payload to the associated devices.

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

Abstract: Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.

Abstract: A mechanism is described for facilitating dynamic and intelligent geographical interpretation of human expressions and gestures according to one embodiment. A method of embodiments, as described herein, includes detecting a gesture initiated by a sending user having access to a computing device, determining a geographic location of the computing device, and accessing a translation table having one or more translations of one or more gestures based on one or more geographic locations, where accessing further includes choosing a translation corresponding to the gesture. The method may further include interpreting a first intent associated with the gesture based on the translation, and triggering a first action based on the first intent.

Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

Abstract: Apparatuses, methods and storage medium associated with provision of power management data packages are disclosed herein. In embodiments, an apparatus may include one or more processors, memory to store a power management data package having a first plurality of descriptions of always present fixed platform devices and a second plurality of descriptions of potentially present variable platform devices; and firmware coupled with the one or more processors and memory to provide basic input/output services to an operating system operated by the one or more processors, wherein the operating system has an operational requirement for the power management data package. The basic input/output services may include a service to modify the power management data package to bring the power management data package into compliance with the operational requirement of the operating system. Other embodiments may be described and/or claimed.

Abstract: Apparatuses, methods and storage medium associated with memory encryption exclusion are disclosed herein. In embodiments, an apparatus may include one or more processors, memory, and firmware to provide basic input/output services to an operating system. Additionally, the apparatus may include a memory controller to control access to the memory, wherein the memory controller includes an encryption engine to encrypt data, using an encryption key, before the data are stored into an encrypted area of the memory, wherein the encryption engine regenerates the encryption key on a reset transferring execution from the operating system operated by the one or more processors to a pre-boot phase of the firmware. Further, the apparatus may include one or more storage locations to store one or more memory parameters to set aside one or more ranges of the memory as one or more encryption excluded areas. Other embodiments may be described and/or claimed.