Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.

Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

Abstract: Technologies to enable, disable and control hardware subscription features. Computing devices communicate over a network to a subscription server to provide hardware platform information for each of the computing devices. As the subscription server receives hardware platform information, the subscription server determines the hardware features that are enabled, and further determines what hardware subscription options are available for each of the computing devices. When a hardware subscription option is selected/purchased by a computing device, subscription server provides a pre-boot update mechanism, such as a Unified Extensible Firmware Interface (UEFI) capsule, to act as a boot level program that enables hardware features on the computing device. Hardware subscription features are also securely protected using cryptographic engine modules.

Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.

Abstract: In an embodiment, a computing device may include a memory device that may be rendered unusable after a certain number of operations are performed on the memory device. The computing device may incorporate one or more techniques for protecting the memory device. Processing logic contained in the computing device may be configured to implement the techniques. The techniques may include, for example, acquiring a request to write or erase information stored in a memory device contained in a first computing device, saving the request for execution after a user visible event has been generated on the first computing device, generating the user visible event on the first computing device, and executing the saved request after the user visible event has been generated. In addition, the techniques may include reporting the request. The request may be reported to, for example, an anti-malware agent.

Abstract: In one embodiment, a system includes a display, a non-volatile memory to store one or more system software images, a processor to execute at least one of the one or more system software images, and a security engine to perform security applications. The security engine may include a first logic to receive a download package from a host computing system and store the download package in a first memory, authenticate the download package, and execute the download package to download and store a first system software image into the non-volatile memory. In addition, a second logic of the system may be configured to disable at least the display during the first system software image download and store. Other embodiments are described and claimed.

Abstract: Technologies to enable, disable and control hardware subscription features. Computing devices communicate over a network to a subscription server to provide hardware platform information for each of the computing devices. As the subscription server receives hardware platform information, the subscription server determines the hardware features that are enabled, and further determines what hardware subscription options are available for each of the computing devices. When a hardware subscription option is selected/purchased by a computing device, subscription server provides a pre-boot update mechanism, such as a Unified Extensible Firmware Interface (UEFI) capsule, to act as a boot level program that enables hardware features on the computing device. Hardware subscription features are also securely protected using cryptographic engine modules.

Abstract: In an embodiment, a computing device may include a memory device that may be rendered unusable after a certain number of operations are performed on the memory device. The computing device may incorporate one or more techniques for protecting the memory device. Processing logic contained in the computing device may be configured to implement the techniques. The techniques may include, for example, acquiring a request to write or erase information stored in a memory device contained in a first computing device, saving the request for execution after a user visible event has been generated on the first computing device, generating the user visible event on the first computing device, and executing the saved request after the user visible event has been generated. In addition, the techniques may include reporting the request. The request may be reported to, for example, an anti-malware agent.

Abstract: The present invention provides systems and methods for creating a customized POST program for use in a computing system. Specifically, the system of the present invention includes each of the routines for POST stored in different locations with associated calls for locating and running the routines. Each routine includes an instruction section containing editable data that indicates the sequence that the routine should be run in POST in relation to the other routines. The system further includes a POST program builder that builds a POST program that includes calls to each routine. The calls for each routine are stored in sequence in the POST program based on the information from the instruction segment associated with each routine.

Abstract: The present invention provides systems and methods for creating a customized POST program for use in a computing system. Specifically, the system of the present invention includes each of the routines for POST stored in different locations with associated calls for locating and running the routines. Each routine includes an instruction section containing editable data that indicates the sequence that the routine should be run in POST in relation to the other routines. The system further includes a POST program builder that builds a POST program that includes calls to each routine. The calls for each routine are stored in sequence in the POST program based on the information from the instruction segment associated with each routine.