Abstract: An embodiment of the present invention is a technique to provide independent reset of a main partition. A reset functionality is disabled to preclude a main partition from resetting a platform. The platform has a visible resource belonging exclusively to the main partition. An activity of the main partition is monitored to determine if the main partition is about to reset the platform or becomes inoperable. The main partition is restricted to initialize the visible resource.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: A method and apparatus establish an address of a frame as being associated with a physical device or a virtual device. If the frame is associated with a virtual device, the address of the frame may be established as being associated with a local virtual device or a remote virtual device. Establishing the nature and location of the device may provide routing by a virtual bridge.

Abstract: Devices in a processing system may be managed by performing a first scan of a bus of the processing system from a first partition. In one embodiment, the first scan may discover location information for devices on the bus. A communications hub of the processing system may be programmed to hide at least one of the devices on the bus. After the communications hub is so programmed, the first partition may scan the bus again. A second partition of the processing system may receive location information for one or more of the devices detected in the first scan but not detected in the second scan. In one embodiment, the second partition may boot, and then the communications hub may again be programmed to hide at least one of the devices on the bus. An operating system may then boot on the first partition. Other embodiments are described and claimed.

Abstract: An apparatus and method for a generic, extensible and efficient data manager for virtual peripheral component interconnect devices (VPCIDs). The apparatus includes a data manager and a data repository, where the data manager utilizes the data repository to maintain information for at least one virtual machine (VM). The VM data structure contains elements to associate the VM with zero or more instances of multiple VPCIDs.

Abstract: Disclosed is a method and system to partition hardware resources between operating systems. A determination is made whether a first PCI resource attached to a line of a bus is to be sequestered to a service operating system (OS). If so, the first PCI resource is sequestered to the service OS. It is next determined whether at least one other PCI resource shares the same line of the bus as the sequestered first PCI resource. If so, the at least one other PCI resource is selected and sequestered to the service OS. The first PCI resource and the other sequestered PCI resource are then hidden from a subsequently loaded host OS.

Abstract: Devices in a processing system may be managed by performing a first scan of a bus of the processing system from a first partition. In one embodiment, the first scan may discover location information for devices on the bus. A communications hub of the processing system may be programmed to hide at least one of the devices on the bus. After the communications hub is so programmed, the first partition may scan the bus again. A second partition of the processing system may receive location information for one or more of the devices detected in the first scan but not detected in the second scan. In one embodiment, the second partition may boot, and then the communications hub may again be programmed to hide at least one of the devices on the bus. An operating system may then boot on the first partition. Other embodiments are described and claimed.

Abstract: A processing system may include a first processing unit for a first partition and a second processing unit for a second partition. To support power management, an interrupt handler in the processing system may receive a standby command from an operating system. In response to receiving the standby command, the interrupt handler may cause the first processing unit to transition into a reduced power mode. After the second partition detects a wake event, the second partition may cause the first processing unit to transition out of the reduced power mode. In an example embodiment, the interrupt handler executes within the first partition, and the first processing unit transitions into the reduced power mode by entering an idle loop within the interrupt handler. The first partition may determine from within the idle loop whether the first partition has been released from the low power state. Other embodiments are described and claimed.

Abstract: A processing system may include a first processing unit for a legacy partition and a second processing unit for a sequestered partition. In one embodiment, a first interrupt handler in the legacy partition may support power management for the first processing unit. A second interrupt handler in the sequestered partition may cause the sequestered partition to take control of power management hardware in the processing system when the legacy partition enters reduced power mode. For example, the second interrupt handler may program the power management hardware to route interrupts to the second processing unit. The sequestered partition may relinquish control of power management hardware to the legacy partition when the legacy partition exits reduced power mode. A power policy manager in the sequestered partition may support features such as wake for incoming communications, wake to record, etc. Other embodiments are described and claimed.

Abstract: A first machine communicates with a second machine, using a protocol that sends the first machine's network configuration data in application data sent to the second machine, through a translating access point which translates network traffic from the first machine so as to originate from the access point. A network configuration server provides to the first machine network configuration data not subject to translation by the access point, which is sent to the second machine in the application data. The second machine communicates with the provided network configuration, and this communication is in turn made available to the first machine.

Abstract: A processing system with multiple processing units may support separate operating systems (OSs) in separate partitions. During an initialization process, a preboot manager in the processing system may copy software to a sequestered area of memory in the processing system. The preboot manager may also configure the processing system to hide the sequestered area of memory from a first partition of the processing system. Also, the preboot manager may use a first processing unit in the processing system to boot an OS on the first partition, and the preboot manager may transmit a boot trigger from the first processing unit to a second processing unit in the processing system. The boot trigger may cause the second processing unit to use the software in the sequestered area of memory to boot a second partition of the processing system. Other embodiments are described and claimed.

Abstract: In a many-core processor based system with many logical processing cores and a system memory, configuring the system so that the cores are segregated into a several partitions, each partition having at least one core and an area of the system memory allocated exclusively for the use of programs executing in the partition (partition local memory), allocating an inter-partition area of the system memory distinct from any partition local memory and inaccessible to an operating system executing in any partition configuring the inter-partition area so that a sending program executing in a sending partition is operable to write to the inter-partition area using a driver executing in the sending partition and so that a receiving program executing in a receiving partition is operable to read from the inter-partition area using a driver executing in the receiving partition.

Abstract: An embodiment of the present invention is a technique to provide independent reset of a main partition. A reset functionality is disabled to preclude a main partition from resetting a platform. The platform has a visible resource belonging exclusively to the main partition. An activity of the main partition is monitored to determine if the main partition is about to reset the platform or becomes inoperable. The main partition is restricted to initialize the visible resource.

Abstract: Apparatus, systems, methods, and articles may operate to store one or more parameters associated with a pseudo-device in a device configuration table associated with a first partition within a multi-partition computing platform. An inter-partition bridge (IPB) may be exposed to an operating system executing within the first partition. The IPB may be adapted to couple the first partition to a second partition sequestered from the first partition. The IPB may be configured by the parameter(s) associated with the pseudo-device. Other embodiments may be described and claimed.

Abstract: Disclosed is a method and system to partition hardware resources between operating systems. A determination is made whether a first PCI resource attached to a line of a bus is to be sequestered to a service operating system (OS). If so, the first PCI resource is sequestered to the service OS. It is next determined whether at least one other PCI resource shares the same line of the bus as the sequestered first PCI resource. If so, the at least one other PCI resource is selected and sequestered to the service OS. The first PCI resource and the other sequestered PCI resource are then hidden from a subsequently loaded host OS.

Abstract: Devices in a processing system may be managed by performing a first scan of a bus of the processing system from a first partition. In one embodiment, the first scan may discover location information for devices on the bus. A communications hub of the processing system may be programmed to hide at least one of the devices on the bus. After the communications hub is so programmed, the first partition may scan the bus again. A second partition of the processing system may receive location information for one or more of the devices detected in the first scan but not detected in the second scan. In one embodiment, the second partition may boot, and then the communications hub may again be programmed to hide at least one of the devices on the bus. An operating system may then boot on the first partition. Other embodiments are described and claimed.

Abstract: In a processing system with a main partition and a sequestered partition, the main partition sends an interrupt to the sequestered partition before calling an operating system (OS) boot loader for the main partition. The sequestered partition may then enter an interrupt handler. After the sequestered partition enters the interrupt handler, an address line of the processing system may be disabled, and the OS boot loader for the non-sequestered partition may be called. The sequestered partition may then determine whether the address line has been re-enabled. The sequestered partition may remain in the interrupt handler until after the address line has been re-enabled. Other embodiments are described and claimed.

Abstract: A method and apparatus establish an address of a frame as being associated with a physical device or a virtual device. If the frame is associated with a virtual device, the address of the frame may be established as being associated with a local virtual device or a remote virtual device. Establishing the nature and location of the device may provide routing by a virtual bridge.

Abstract: A method and apparatus are provided for sending a data packet through a network. The network has public and private realms separated by an interface device. A client in the private realm performs the method. The method includes determining if a destination address of the data packet corresponds to the private realm or to the public realm and retrieving a source address for the client based on the destination address of the packet. The method also includes assigning a retrieved address to be the source address of the data packet.

Abstract: A system and method are implemented within a computing system to perform tamper-resistant network security operations. For example, a method of one embodiment comprises: sequestering a partition on the computing system, the partition including a region of memory and a logical or physical processing element; forwarding incoming and/or outgoing data traffic through the sequestered portion, the incoming data traffic being received by the computing system from a network and the outgoing data traffic being transmitted from the computing system over the network; performing one or more security operations on the data traffic within the sequestered partition.