Abstract: A computer system includes an independent compute core; and an isolated secure data storage device to store data accessible only to the independent compute core. The independent compute core is to open an Application Program Interface (API) during runtime of the computer system in response to receiving a verified message containing secure data to be written to the secure data storage device.

Abstract: A computer program product for providing notifications to a user of an intrusion into firmware includes, in one example, non-transitory computer readable medium including computer usable program code embodied therewith to, when executed by a processor, detect intrusion to the firmware of a computing system during runtime in a system management mode.

Abstract: In one example, a system for a system management mode (SMM) privilege architecture includes a computing device comprising: a first portion of SMM instructions to set up a number of resources and implement a privilege architecture for the SMM of a computing device and a second portion of SMM instructions to execute a number of functions during the SMM of the computing device, wherein the privilege architecture assigns the first portion of SMM instructions to a first privilege level and assigns the second portion of SMM instructions to a second privilege level.

Abstract: Securely sending a complete initialization package in one example implementation can include adding a resource identifier that includes a mapping of a driver to a hardware component included in a physical machine hosting VMs to an initial random-access memory (RAM) file system (INITRAMFS) stored in memory of the physical machine to form a complete initialization package, sending the complete initialization package from read-only memory (ROM) of the physical machine to a location in RAM of the physical machine accessible by a hypervisor, and authenticating that the complete initialization package is secure.

Abstract: According to one example, to access at least one computer device from a virtual machine, a control domain accesses a list of at least one device. For each device in the list of devices, a determination is made as to whether the device is to be exposed to a virtual machine, and a table of devices determined to be exposed to the virtual machine is created and provided to the virtual machine. Determining whether a device is to be exposed to a virtual machine is based on at least one device attribute.

Abstract: Example implementations relate to command source verification. An example device can include instructions executable to send a command via a predefined path to a predefined location within a memory resource storing instructions executable to verify a source of the command using a predefined protocol and execute the command in response to the source verification.

Abstract: Full virtual machine (VM) functionality in one example implementation can include sending a complete initialization package to a location in memory of a machine accessible by a hypervisor and generating a VM capable of providing a respective full functionality of a hardware component in the machine.

Abstract: A computer system includes an independent compute core; and an isolated secure data storage device to store data accessible only to the independent compute core. The independent compute core is to open an Application Program Interface (API) during runtime of the computer system in response to receiving a verified message containing secure data to be written to the secure data storage device.

Abstract: In one example, a system for a system management mode (SMM) privilege architecture includes a computing device comprising: a first portion of SMM instructions to set up a number of resources and implement a privilege architecture for the SMM of a computing device and a second portion of SMM instructions to execute a number of functions during the SMM of the computing device, wherein the privilege architecture assigns the first portion of SMM instructions to a first privilege level and assigns the second portion of SMM instructions to a second privilege level.

Abstract: Example implementations relate to command source verification. An example device can include instructions executable to send a command via a predefined path to a predefined location within a memory resource storing instructions executable to verify a source of the command using a predefined protocol and execute the command in response to the source verification.

Abstract: Examples herein disclose establishing a connection from a controller in a computing device to a management server over a network. The examples retrieve a command from the management server.

Abstract: Example implementations relate to system management mode (SMM) test operations. For example, a system for SMM test operations may include a test mode initiation engine to reboot a computing device, and load an interface firmware engine into system management random access memory (SMRAM) associated with the computing device in response to the reboot, wherein the interface firmware engine includes a production interface firmware engine to perform the test operation on a known address space of the page of SMRAM. The system may include a test operation engine to cause the computing system to operate in a testing mode, wherein the testing mode includes operating the computing system in system management mode (SMM), in response to a test command, and perform a test operation on a page of system management random access memory (SMRAM) associated with the computing device when the computing device is operating in SMM.

Abstract: A computing device includes at least one processor and a machine-readable storage medium storing instructions. The instructions may be executable by the hardware processor to execute a guest domain comprising a guest operating system and a frontend wireless device driver; execute a control domain comprising a backend wireless device driver; transmit wireless network commands and network packets across a dedicated data path from the frontend wireless device driver in the guest domain to a backend wireless device driver in the control domain; and scan, using in the backend wireless device driver, the network packets transmitted across the dedicated data path to detect a possible malware attack in the guest domain.

Abstract: Full virtual machine (VM) functionality in one example implementation can include sending a complete initialization package to a location in memory of a machine accessible by a hypervisor and generating a VM capable of providing a respective full functionality of a hardware component in the machine.

Abstract: Examples herein disclose establishing a connection from a controller in a computing device to a management server over a network. The examples retrieve a command from the management server.

Abstract: According to one example, to access at least one computer device from a virtual machine, a control domain accesses a list of at least one device. For each device in the list of devices, a determination is made as to whether the device is to be exposed to a virtual machine, and a table of devices determined to be exposed to the virtual machine is created and provided to the virtual machine. Determining whether a device is to be exposed to a virtual machine is based on at least one device attribute.

Abstract: Securely sending a complete initialization package in one example implementation can include adding a resource identifier that includes a mapping of a driver to a hardware component included in a physical machine hosting VMs to an initial random-access memory (RAM) file system (INITRAMFS) stored in memory of the physical machine to form a complete initialization package, sending the complete initialization package from read-only memory (ROM) of the physical machine to a location in RAM of the physical machine accessible by a hypervisor, and authenticating that the complete initialization package is secure.

Abstract: Techniques related to personal computers and devices sharing similar architectures are disclosed. Particularly shown is a system and method for enabling improved computer initialization speed achieved by methods including causing apparently premature timeouts when fruitlessly waiting for human intervention.

Abstract: A secure method for implementing virus protection on a computer system including an Extensible Firmware Interface (EFI), a hard disk, a nonvolatile memory and a BIOS is disclosed. A command is added to the command shell of the EFI which results in the automatic copying of the boot sector of the hard disk to the nonvolatile memory when the computer system is initialized. The boot sector of the hard disk is automatically read back from the nonvolatile memory on each boot, which bypasses the boot sector access of the hard disk during system initialization; thereby, protecting the computer system from and eliminating potential viruses. The command shell of the EFI may also be modified to include a command to include a security signature input field. The required signature is provided by the user prior to updating the stored boot sector.

Abstract: A method 20 and computer apparatus for using available firmware flash ROM space as a diagnostic drive. The computer apparatus has a nonvolatile random access memory, an Extensible Firmware Interface (EFI) and a basic input and output system (BIOS). To implement the functionality provided by the present invention, a command shell of the EFI is modified to include the EFI driver and operates to configure available flash space normally reserved for firmware (BIOS) as a diagnostic disk drive. The modified EFI and the EFI driver are stored in the flash memory. When the computer system 10 is initialized (booted), the EFI driver configures the available space in the flash memory that is not allocated to the firmware as the diagnostic disk drive. Diagnostic programs are loaded into the diagnostic disk drive, which are selectively run by a user, such as by using the command shell.