Abstract: According to aspect of the disclosure, there are provided methods and apparatus for connecting a peripheral device to a computer system, including an apparatus for interfacing with a peripheral device, the apparatus comprising a port configured to couple to the peripheral device, a processor, a memory coupled to the processor and comprising a software module comprising instructions that when executed on the processor protect the device from a peripheral device coupled to the port, and a hardware security controller coupled to the port, the hardware security controller configured to monitor execution of the software module by the processor and to disable the port in response to determining that the software module is not executing.

Abstract: According to aspects of the present disclosure, there is provided a non-transitory computer-readable storage medium comprising instructions that when executed cause a processor of a computing device to: send, to a remote device and via a first message queue on a cloud messaging service, a current Basic Input/Output System (BIOS) setting value; receive, from the remote device and via a second message queue on a cloud messaging service, an updated BIOS setting value and a cryptographic value; decrypt an encrypted private key of a public-private key pair stored in a memory of the computing device using the cryptographic value, wherein the public key of the public-private key pair is associated with a BIOS of the computing device; sign the updated BIOS setting value using the decrypted private key; provide the signed BIOS setting value to the BIOS of the computing device.

Abstract: According to examples, an apparatus may include a processor that may delete portions of firmware instructions responsive to an indication that the portions should be disabled. To facilitate the foregoing, the firmware instructions may be deployed in a segmented architecture stored in respective regions of a storage device. The regions may include a metadata region, a main region, and excludable regions. The metadata region may store metadata that describes the structure of the firmware instructions and/or the various other regions. The main region may store core firmware instructions that may not be deleted. Each excludable region may store respective excludable firmware instructions. Each excludable firmware instructions may be associated with a flag that indicates whether or not the instructions should be disabled. If so, the corresponding excludable region in the storage device is identified and the contents may be removed, permanently disabling the excludable firmware instructions that were stored there.

Abstract: In an example, a system includes a firmware controller to initiate a SM execution mode of the system. The firmware controller scans memory for a process pool tag. The firmware controller compares the process pool tag to a set of operating system process pool tags and detects a coherency discrepancy between the process pool tag and the set of operating system process pool tags. The firmware controller exits the SM execution mode of the system.

Abstract: Examples of electronic devices are described herein. In some examples, an electronic device includes an operating system. In some examples, the electronic device includes a processor. In some examples, the processor is to generate a first code. In some examples, the processor is to encrypt the first code based on a public key to produce a second code. In some examples, the processor is to enter a locked state, where a booting of the operating system is blocked in the locked state. In some examples, the locked state is unlockable with the first code. In some examples, the electronic device includes a communication device to output the second code. In some examples, the communication device is to receive an authentication message in response to the second code. In some examples, the processor is to enter an unlocked state based on the authentication message.

Abstract: An example computing device includes a user interface, a network interface, a non-volatile memory, a processor coupled to the user interface, the network interface, and the non-volatile memory, and a set of instructions stored in the non-volatile memory. The set of instructions, when executed by the processor, is to perform a hardware initialization of the computing device according to a setting, establish a local trust domain and a remote trust domain, use a local-access public key to issue a challenge via the user interface to grant local access to the setting, and use a remote-access public key to grant remote access via the network interface to remote access to the setting.

Abstract: An example non-transitory computer readable storage medium comprising instructions that when executed cause a processor of a computing device to: in response to a trigger of a system management mode (SMM), verify all processor threads have been pulled into the SMM; in response to a successful verification, enable write access to a non-volatile memory of the computing device via two registers, where the writing access is disabled upon booting of the computing device; and upon exiting the SMM, disable the write access via the two registers.

Abstract: An example non-transitory computer readable storage medium comprising instructions that when executed cause a processor of a computing device to: in response to a trigger of a system management mode (SMM), verify all processor threads have been pulled into the SMM; in response to a successful verification, enable write access to a non-volatile memory of the computing device via two registers, where the writing access is disabled upon booting of the computing device; and upon exiting the SMM, disable the write access via the two registers.

Abstract: In an example implementation according to aspects of the present disclosure, a method may include randomly generating a value, illustrating a code containing the value, and scanning for a device advertising a service that is to use the value. Upon discovering the device advertising the service that is to use the value, the method may include associating with the device by connecting to the service and exchanging information with the device.

Abstract: Examples of computing devices are described herein. In some examples, a computing device may include a controller to generate a key upon boot of the computing device. In some examples, the computing device may include a kernel driver. In some examples, the kernel driver may be to receive the key from a basic input/output system (BIOS) during operating system (OS) boot. In some examples, the kernel driver may be to receive an action request for a BIOS action from an application. In some examples, the kernel driver may be to sign the action request with the key in response to determining that the application is authorized to request the BIOS action. In some examples, the computing device may include the BIOS to perform the BIOS action in response to receiving the signed action request.

Abstract: In an example implementation according to aspects of the present disclosure, a method may include receiving by a controller a BIOS image, extracting a current manufacturing programming mode state corresponding to a computer system. A BIOS personality of the BIOS image is evaluated, wherein the BIOS personality is based on a differentiation of hardware and software functionality. Based on the current manufacturing programming state and the BIOS personality, a compatibility with the computer system is determined. Based on the compatibility, the BIOS image is written to non-volatile memory.

Abstract: An example non-transitory computer readable storage medium comprising instructions that when executed cause a processor of an electronic device to: receive a password during a runtime of an operating system of the electronic device; generate a cryptographic key using the password; sign a Basic Input/Output System (BIOS) change request using the cryptographic key; and transmit the signed BIOS change request.

Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

Abstract: Examples associated with network compliance detection are described. One example includes storing a set of security rules for a device. The device monitors the device for compliance with the security rules. Upon detecting noncompliance with an identified security rule, the device may disable network access for the device, and establish a trigger. The trigger may disable network access for the device when network access for the device is restored prior to returning the device to compliance with the identified security rule.

Abstract: In example implementations, a computing device is provided. The computing device includes abasic input/output system (BIOS), a first storage device to store a first operating system (OS), a second storage device to store an alternate OS that is accessible by the BIOS, a volatile memory, and a processor. The processor is in communication with the BIOS, the first storage device, the second storage device, and the volatile memory. In response to a determination that the first OS is unavailable, the processor is to cause the IOS to load the alternate OS from the second storage device into the volatile memory, disable access to the first storage device, and cause the BIOS to execute the alternate OS from the volatile memory.

Abstract: An example non-transitory computer readable storage medium comprising instructions that when executed cause a processor of a computing device to: in response to receiving a first request to access a webpage, transmit a second request to an monitoring resource to determine if the webpage is unsafe; receive, from the monitoring resource, an indication that the webpage is an unsafe webpage; and in response to receiving the indication, render, at the computing device, a modified copy of the webpage with every active element of the webpage disabled.

Abstract: In some examples, a device includes a processor, a core hardware logic to execute instructions to perform a task in the device, and a controller separate from the processor. The controller detects corruption of the instructions, and in response to detecting the corruption, load a recovery code to the core hardware logic to trigger recovery of the core hardware logic from the corruption of the instructions.

Abstract: In an example, a non-transitory computer-readable medium has instructions stored therein that, in response to being executed on computer circuitry, cause the computer circuitry to execute instructions to operate an application installed in the memory circuitry and to generate an iterative communication to indicate that the application is operating. The instructions further cause, in response to being executed, the computer circuitry to detect the presence of the iterative communication, and to reinstall the application in response to an interruption in the iterative communication.

Abstract: In an example there is provided a method of issuing a command. A request is received from a device in a set of registered devices, the request comprising a command for execution at a remote device. The request is communicated to the set of registered devices. A response to the request is received from each device in a subset of the set of registered devices. A further request to execute the command, is communicated to the remote device on the basis of the responses. The command executes on the remote device when the subset of devices is an authorised subset of the registered devices.

Abstract: An example computing device includes a storage device, a random-access memory, a read only memory, and a processor. The processor is to determine, during a booting process, whether an operating system being booted is a primary operating system, in response to a determination that the operating system being booted is different from the primary operating system, determine whether the operating system being booted satisfies a first criteria, and, in response to a determination that the operating system being booted fails to satisfy the first criteria, disable software persistence.