Abstract: Systems and methods for providing features that enable anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The controller manages input/output operations for the storage device. The firmware provides features for protection against malware. The memory includes secure storage that is configured to provide a set of storage operations.

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract: Embodiments of systems, apparatuses, and methods to securely download digital rights managed content with a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an agent of the client and a storage system of the client. Furthermore, the system securely downloads the digital rights managed content to the storage system via the secure tunnel and securely provides the digital rights managed content from the storage system to a display.

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract: Embodiments of systems, apparatuses, and methods for securely transferring data between a storage system and an agent are described. In some embodiments, a system establishes a tunnel between the storage system and the agent. The system further securely transfers the data between the storage system and the agent using the tunnel. In one embodiment, the tunnel uses an action and results mailbox to transfer the data. In another embodiment, the tunnel is based on a trusted send facility.

Abstract: Systems and methods for providing anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The firmware communicates with an authorized entity (e.g., external entity, operating system) to establish a secure communication channel. The system includes secure storage to securely store data.

Abstract: Systems and methods for providing features that enable anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The controller manages input/output operations for the storage device. The firmware provides features for protection against malware. The memory includes secure storage that is configured to provide a set of storage operations.

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, transferring first data from the storage device to the agent via the secure tunnel, the secure tunnel to prevent software executing in an operating system from modifying the data, and identifying a data modification by comparing the first data to second data.

Abstract: Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

Abstract: Disclosed is a system and method for extending anti-malware protection to systems having multiple storage devices, such as RAID. In embodiments, a trusted connection may be established between a host and a controller of the multiple storage devices. The trusted connection may use various information encryption techniques to undermine attempts by malware to preserve malware-infected locations on the storage devices by redirecting anti-malware protection related operations by the host. Through an encrypted and trusted connection between the host and a controller of the multiple storage devices, anti-virus and/or anti-malware software (hereinafter, AVS) may transmit encrypted anti-malware protection related operations to the controller of the multiple storage devices, overcoming detection and/or diversion by the malware. Other embodiments may be described and claimed.

Abstract: Systems and methods of restricting access to mobile platform location information may involve receiving, via a link, location information for a mobile platform at a processor of the mobile platform, and preventing unauthorized access to the location information by an operating system associated with the mobile platform.