Abstract: A modular microcode (uCode) patch method to support runtime persistent update and associated apparatus. The method enables BIOS uCode patches to be received during platform runtime operations and written to first and second uCode extension regions as uCode images for a firmware device layout that further includes a uCode base region in which a current uCode image is stored. Following a platform reset, the first and second uCode extension regions are inspected to determine if one or more valid and newer uCode images (than the current uCode image) are present. If so, the newest uCode image is booted rather than the current uCode image. Following a successful boot, the newest uCode image is copied to the uCode base region to sync-up the current uCode image to the newest version. In one aspect, received uCode images are written to the first and second uCode extension regions in an alternating manner to support roll-back.

Abstract: Methods and apparatus for seamless SMM (System Management Mode) global driver update base on SMM Root-of-Trust. Mechanisms are provided to load and replace SMM drivers at runtime in a secure manner, without requiring an SMM firmware update and platform reset. SMM code is executed by BIOS during boot in a hidden area of memory called SMRAM space. Seamless update using an SMM Global Driver Update provides a method to load and replace all SMM drivers (including SMM infrastructure) on an already shipped platform production for purposes such as bug fixes. The principles and teachings may also be applied to update other types of secure execution mode code in addition to SMM code.

Abstract: Systems and methods to support system management mode (SMM) update and telemetry in runtime for bare metal deployments. During runtime operation of a host operating system on a bare metal platform having a management controller and including a processing unit on which the host operating system (OS) and host BIOS are executed, an out-of-band runtime update is performed to update secure execution mode (e.g., SMM) runtime firmware for the bare metal platform using an out-of-band channel comprising an interrupt driven, shared memory-based data exchange channel between the management controller and the host BIOS. This enables secure execution mode runtime firmware to be updated without during runtime without having to reboot the platform or restart the OS kernel. The out-of-band channel also supports exchange of telemetry data logged by the host BIOS during the runtime update with the management controller.

Abstract: Methods, apparatus, and systems for upgradable microcode (uCode) loading and activation in runtime for bare metal deployments that support runtime update of the uCode loading procedure as well as dynamic load of activation procedure(s) specific to uCode patch and activation policy specific to users. The solution provides several advantages, including enabling cloud service providers to hot-patch the uCode through a standalone uCode loader runtime service in BIOS firmware for bare metal deployment without tenant system involvement. The support of runtime update of uCode loading procedures decouples uCode loading logic from uCode loader framework. This removes dependencies on the uCode loader runtime service when needing to update the uCode loading logic.

Abstract: Methods and apparatus for seamless system management mode (SMM) code injection. A code injection listener is installed in BIOS during booting of the computer system or platform. During operating system (OS) runtime operation a secure execution mode code injection image comprising injected code is received and delivered to the BIOS. The processor execution mode is switched to a secure execution mode such as SMM, and while in the secure execution mode the injected code is accessed and executed on the processor to effect one or more changes such as patching processor microcode, a profile or policy reconfiguration, and a security fix. The solution enables platform changes to be effected during OS runtime without having to reboot the system.

Abstract: System, method, and instructions for providing system management mode (SMM) runtime telemetry support. An SMM Telemetry Service component is responsible for collecting telemetry information from other SMM components, as well as exposing the information to non-firmware component on request. The SMM Telemetry Service collects telemetry information produced by an SMM Runtime Update handler and other SMM drivers and exposes the telemetry information at runtime to an upper layer OS consumer or management unit (e.g., BMC, CSME, etc.). Since the SMM Telemetry Service is a standalone module and independent of other SMM service(s), the service is available even during a runtime SMM Driver Update. The embodiments also disclose a mechanism for managing a shared telemetry data region that can be accessed by the data producer (SMM components) and consumer (non-SMM components), without introducing additional SMI that affects system performance.

Abstract: Methods and apparatus for seamless SMM (System Management Mode) global driver update base on SMM Root-of-Trust. Mechanisms are provided to load and replace SMM drivers at runtime in a secure manner, without requiring an SMM firmware update and platform reset. SMM code is executed by BIOS during boot in a hidden area of memory called SMRAM space. Seamless update using an SMM Global Driver Update provides a method to load and replace all SMM drivers (including SMM infrastructure) on an already shipped platform production for purposes such as bug fixes. The principles and teachings may also be applied to update other types of secure execution mode code in addition to SMM code.

Abstract: A modular microcode (uCode) patch method to support runtime persistent update and associated apparatus. The method enables BIOS uCode patches to be received during platform runtime operations and written to first and second uCode extension regions as uCode images for a firmware device layout that further includes a uCode base region in which a current uCode image is stored. Following a platform reset, the first and second uCode extension regions are inspected to determine if one or more valid and newer uCode images (than the current uCode image) are present. If so, the newest uCode image is booted rather than the current uCode image. Following a successful boot, the newest uCode image is copied to the uCode base region to sync-up the current uCode image to the newest version. In one aspect, received uCode images are written to the first and second uCode extension regions in an alternating manner to support roll-back.