Abstract: A deployment method for a booting sequence of multiple operating systems and related apparatus, related to the technical field of computers and applied to a baseboard management controller (BMC), include: establishing a connection to a disk array (S101); receiving first target logical disk information, wherein the first target logical disk information is information of logical disks provided with to-be-booted operating systems (S102); sending the first target logical disk information to the disk array (S103); and receiving booting flag setting information of the disk array, wherein the booting flag setting information is completion information sent after the disk array sets booting flags for corresponding logical disks based on the first target logical disk information (S104).

Abstract: Provided is a process including: receiving a data token to be passed from a first node to a second node; retrieving machine learning model attributes from a collection of one or more of the sub-models of a federated machine-learning model; determining based on the machine learning model attributes, that the data token is learning relevant to members of the collection of one or more of the sub-models and, in response, adding the data toke to a training set to be used by at least some members of the collection of one or more of the sub-models; determining a collection of data tokens to transmit from the second node to a third node of the set of nodes participating in a federated machine-learning model; and transmitting the collection of data tokens.

Abstract: A process performed at a first computer system for establishing a connection over a network between a second computer system and a logic block of the first computer system, comprises: providing an attestation from the first computer system to the second computer system that the logic block of the first computer system has not previously established a connection over the network with any computer system since the most recent power-up or reset of the logic block.

Abstract: An illustrative system is configured to optimize a transfer of a file system from a source storage system to a target storage system. For example, the system, in association with the transfer, determines that a copy of a collection of blocks containing data of block objects of the file system is already stored at the target storage system. In certain examples, an identifier referencing the collection of blocks is shared by the source and target storage systems and is used to determine that the copy of the collection of blocks containing data of block objects of the file system is already stored at the target storage system. The system uses the copy of the collection of blocks already stored at the target storage system instead of transferring the collection of blocks from the source storage system to the target storage system as part of the transfer.

Abstract: Systems and techniques are provided for booting an electronic device. For example, a process can include initiating a boot procedure for the electronic device. The process can also include determining a hardware pseudo-random number generator (PRNG) is inoperable, obtaining a seed value from a read-only memory, based on the determination that the hardware PRNG is inoperable, initiating a software PRNG based on the seed value, obtaining a pseudo-random number from the software PRNG, and continuing the boot procedure using the obtained pseudo-random number.

Abstract: The present application relates to a method for manufacturing a battery management system and a method for starting up a battery management system. The battery management system includes a plurality of battery management units, the plurality of battery management units include a first battery management unit and a second battery management unit, the first battery management unit includes a main core micro control unit, a first data transmission micro control unit and a hardware security module, and the second battery management unit includes a second data transmission micro control unit. According to the embodiments of the present application, a comprehensive verification for the battery management system including a plurality of battery management units can be achieved with one hardware security module.

Abstract: An electronic device is provided. The electronic device includes a storage device configured to include a first partition, a second partition, and a third partition, and a processor configured to configure the second partition as a first volume and the third partition as a second volume, and attach or detach the second volume to or from a file system to manage a storage space of the storage device.

Abstract: An information handling system detects installation of a hardware device that includes software, and transmits a request for a secure boot certificate associated with a hardware identifier of the hardware device and a software version of the software to a remote secure boot service. The secure boot service which maintains a centralized secure boot certificate store queries for the secure boot certificate based on the request and transmits the secure boot certificate to the information handling system. The secure boot service also performs a refinement mapping of the secure boot certificates in the store. Subsequent to receiving the secure boot certificate, the system provisions the secure boot certificate.

Abstract: A method for starting-up a device with an embedded multimedia card (eMMC) is provided. The method comprises providing power to the device, putting the eMMC in a Fast-Boot modus, reading a bootloader from the eMMC into a RAM of the device, starting the bootloader in a CPU of the device, terminating the Fast-Boot modus, resetting the eMMC, putting the eMMC in the Fast-Boot modus initializing hardware by the bootloader, while reading an operating system into the RAM using DMA, and starting the operating system from the RAM by the bootloader is provided. A device comprising an embedded eMMC is also disclosed.

Abstract: An information handling system may include a host system including at least one host processor and a basic input/output system (BIOS); and an embedded controller (EC) including an EC processor. In response to the information handling system receiving an instruction from a user to initiate a forced power off, the EC may be configured to: store diagnostic information indicating a state of the host system; and upon a subsequent boot of the host system, transmit information to the BIOS indicating the forced power off.

Abstract: A BIOS setup environment configuration modification audit system includes a BIOS device that is included in a computing device and that is coupled to a component device in the computing device. The BIOS device enters a BIOS setup environment for the computing device and, while in the BIOS setup environment, detects component device configuration modification(s) to a configuration of the component device.

Abstract: A system, method, and computer-readable medium are disclosed for performing a pre-boot configuration operation. The pre-boot configuration operation includes performing a pre-boot system configuration operation using an ancillary integrated processor system, the pre-boot system configuration operation configuration certain parameters prior to initiation of a primary system boot operation; and, configuring an information handling system to automatically operate in a particular system configuration mode after performance of the pre-boot system configuration operation.

Abstract: A control device can modify a first user program and first setting information in the storage unit executed by a control engine respectively using a second user program and second setting information received by the control device. A security engine of the control device verifies identity between the first user program and the second user program, evaluates the validity of setting indicated by the second setting information, and permits or prohibits performance of the above modification based on such a verification result and the evaluation.

Abstract: Techniques are provided for identity-based verification of software code layers. One method comprises obtaining, by a current layer of software code executing on a security processor of a security sub-system, in connection with a boot of the security sub-system, an identity key of the current layer, wherein the identity key of the current layer is based on a value generated during a provisioning of the security sub-system, wherein the value is based on a firmware image of at least one layer of the software code; obtaining an encrypted secure boot public key of a next layer; decrypting the encrypted secure boot public key of the next layer using the obtained identity key of the current layer; verifying the next layer using the decrypted secure boot public key of the next layer; and executing the next layer based at least in part on a result of the verifying.

Abstract: An information handling system may include a management controller configured to provide out-of-band management of the information handling system, and a network interface controller comprising a network interface controller storage resource. The management controller may be configured to: receive, from a centralized management platform, information regarding at least one signature associated with a network interface controller operating system (OS) configured to be executed by the network interface controller; and transmit the at least one signature to the network interface controller. The network interface controller may be configured to install the network interface OS to the network interface controller storage resource based on the at least one signature.

Abstract: A firmware verification system is suitable for a secure boot stage. The firmware verification system comprises a non-volatile firmware list storage device. The non-volatile firmware list storage device is configured to store a firmware list; wherein each entry corresponds to a firmware stored in a flash memory in a microcontroller, and each entry includes a plurality of fields. The bootloader reads the entries. According to the contents of the fields in each entry, the bootloader determines the correctness of the public key and the correctness of the digital signature for each firmware in the microcontroller.

Abstract: A method for allowing a firmware update when a digital certificate for a firmware update image is expired includes initiating a firmware update of a computing device and determining, using a secure boot process, that a firmware update image has an expired digital certificate. The firmware update image is stored in nonvolatile memory accessible to a service processor and to a host processor of the computing device. The method includes determining that the firmware update image and an image of firmware with code of the secure boot process were digitally signed by a same entity and overriding the secure boot process to allow execution of the firmware update image in response to determining that the firmware update image and the image of the firmware with code of the secure boot process were digitally signed by a same entity.

Abstract: An electronic device is provided. The electronic device includes a first controller, a first memory configured to store a first basic input output system (BIOS) and first firmware for controlling the first controller and functionally connected to the first controller, a second memory configured to store second firmware corresponding to the first firmware and a second BIOS corresponding to the first BIOS, and a second controller functionally connected to the first memory, the second memory, and the first controller, wherein the second controller is configured to compare the first firmware and the second firmware during power-on when the electronic device is applied with power, and turn on the first controller at least based on a result of the comparison, and wherein the first controller is configured to, in response to being turned on by the second controller, control a system of the electronic device to be booted.

Abstract: The present disclosure provides a data storage system, including data cache module, data processing module, and a persistent memory. The data cache module includes an on-chip mapping data cache and an on-chip counter cache, where the mapping data cache is configured to cache mapping data, and when the free space of the mapping data cache is less than a preset threshold, the least recently used mapping data cache line will be evicted from the cache and written back to the persistent memory. The data processing module encrypts/decrypts persistent memory data by using their counters, and accesses the persistent memory blocks indicated by their corresponding mapping data. The persistent memory comprises the first and second storage regions for the latest checkpoint data and modified working data in the current checkpoint interval respectively.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for traffic control for application-independent service mesh. In one example, processor circuitry to perform operations to instantiate ingress traffic management circuitry to receive ingress traffic events, at least one of the ingress traffic events to request access to a target microservice running on the second endpoint. The processor circuitry further performs operations to instantiate virtual service authorization circuitry to perform a look up of an authorization policy to the target microservice in the microservice catalog. Finally, the processor circuitry performs operations to instantiate endpoint selection circuitry to select the second endpoint to service the ingress traffic event in response to the authorization policy allowing access to the target microservice.

Abstract: A method, apparatus and storage medium for starting up peripheral component interconnect express (PCIE) device are provided. According to the method, a basic input/output system (BIOS) attempts to verify firmware of a PCIE device to determine whether the firmware of the PCIE device is tampered with. Moreover, the BIOS may only start up a PCIE device with firmware that succeeds in the verification. Therefore, a computer device is prevented from starting up a PCIE device with firmware that is tampered with, thereby reducing the security risk caused by the PCIE device to the computer device.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system using a capsule. A management hypervisor installer executed on a host device receives a listing DPU device from a baseboard management controller (BMC). A preinstalled DPU management operating system image is identified for a DPU device from the listing, and is wrapped with a capsule that specifies the capsule as a DPU management operating system image capsule. A server component provides the DPU management operating system image capsule at a particular URI, and the URI is transmitted to the BMC.

Abstract: A node of a database system is operable to determine, at a first time, to prepare for a shutdown. The shutdown of the node is performed at a second time that is a period of time after the first time based on the node delaying the shutdown until a plurality of currently running processes being run by the node that initiated prior to the first time are determined to be complete. During the period of time after the first time and prior to performing the shutdown, a set of new processing requests are rejected by the node.

Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system (OS). A host device boots a host provisioning image, which executes a host provisioning agent. The host provisioning agent launches a server component that serves a DPU management OS. A provisioning command is transmitted to a DPU device installed to the host device. The server component transmits the DPU management OS from the host device to the DPU device. A host OS is executed once an indication that the DPU device is executing on the DPU management OS is received.

Abstract: A system has a memory programmed with multiple firmware images each having an associated distinct entry point, a processor, a writable hardware register, and a controller external to the processor that, prior to each reset of a sequence of resets of the processor, reads the entry point of a firmware image from the hardware register and causes the processor to begin fetching instructions at the entry point read from the hardware register. The firmware images include boot, mission mode, and at least one other firmware image. The memory may be writeable with a modifiable version of a post-production mission mode, debug, prototype, or patched ROM firmware image. A second controller writes a second entry point to the hardware register prior to an initial reset such that the external controller reads the second entry point and causes fetching instructions at the second entry point rather than the initial entry point.

Abstract: A computing device quarantine action system includes a computing device having a plurality of computing device components and a Basic Input/Output System (BIOS) subsystem. During an initialization process, the BIOS subsystem determines a current computing device component inventory of the plurality of computing device components included in the computing device, measures a current computing device functionality of each of the plurality of computing device components, and identifies at least one computing device change between at least one of 1) a reference computing device component inventory and the current computing device component inventory, and 2) reference computing device functionalities and the current computing device component functionalities determined for each of the plurality of computing device components.

Abstract: An apparatus and method for providing access to reliable boot firmware. In various implementations, a computing system includes an integrated circuit with a security processor. Prior to performing any steps of a bootup operation using one of multiple copies of boot firmware, the security processor determines whether multiple signatures exist where the signatures are based on the multiple copies of boot firmware. Each of the multiple copies of boot firmware is a copy of a particular version of boot firmware. If the multiple signatures do not yet exist, then the security processor generates the signatures using the multiple copies of boot firmware. During a bootup operation, when the security processor determines that the multiple signatures already exist, the security processor uses these signatures to validate one or more of the multiple copies of boot firmware. The security processor continues with the bootup operation using the validated copy of boot firmware.

Abstract: Periodic signal timing calibration is implemented in time-distributed fragments executed concurrently with occasional system-idling maintenance operations to maintain reliable synchronous communication between interconnected system components without impacting system availability.

Abstract: Generalized boot operations for disaggregated, multiple (multi-) semiconductor die (“die”) computing system, and related methods and computer-readable media are disclosed. In exemplary aspects, to provide for generalized boot-up firmware/software for the computing system that does not have to be reconfigured for different configurations of dies in variations of IC packages, a CPU die (or other die) designated as a primary die is configured to perform a discoverable boot process over a side-band discovery bus to discover the other dies present in an IC package of the computing system and to then control their boot-up operations. In this manner, the boot-up firmware/software executed by the primary die to boot-up the computing system can be generalized irrespective of the number of dies and their particular configuration. In this manner, a generalized boot-up firmware/software can be provided to control boot-up operations of the computing system independent of specific dies included.

Abstract: A firmware is configured with a firmware management protocol (“FMP”) capable of updating a firmware logo image and a firmware logo image volume is defined within a firmware for storing a firmware logo image. A firmware logo image updater executing on a computing device receives a UEFI capsule that contains a firmware logo image. The firmware logo image updater stores the UEFI capsule in a UEFI system partition on a computer-readable storage medium accessible to the computing device. Upon a reboot of the computing device, the FMP is executed. The FMP retrieves the UEFI capsule from the UEFI system partition. The FMP then updates the firmware logo image volume with the firmware logo image stored in the UEFI capsule.

Abstract: System and method to identify a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted. A primary fingerprint is generated using a subset of the selective information. The generated primary fingerprint is evaluated for a match in an application ID database. When there is a match, corresponding application ID is assigned to the communication, wherein the application ID is associated with an application that generated the communication.

Abstract: The present disclosure relates to a vehicle display apparatus. The vehicle display apparatus according to an embodiment of the present disclosure comprises: a first display and a second display mounted in a vehicle; a signal processing device configured to perform signal processing for at least one of the first display or the second display; and a second signal processing device configured to perform signal processing, wherein the signal processing device is configured to determine whether the second signal processing device is a master device or a slave device, based on number information of processors in the second signal processing device and information on support of non-uniform memory access. Accordingly, data exchange between the plurality of signal processing devices may be performed efficiently.

Abstract: Example implementations relate a system and method for storing configuration files of a host computing device in a secure storage of a Baseboard Management Controller (BMC). The secure storage includes configuration files associated with the host computing device. The BMC is communicatively connected to the host computing device using a communication link. The secure storage is emulated as a storage device to the host computing device. The BMC monitors the secure storage to detect changes in the configuration files. When there is a change in a configuration file, the BMC performs a security action in the host computing device.

Abstract: In some examples, a terminal can establish wireless communication with a base station. The terminal can determine a challenge, transmit the challenge, receive a response, and determine that the response is valid. The terminal can, in response, establish a secure network tunnel to a network node. In some examples, a terminal can determine a first communication parameter associated with communication with the base station. The terminal can receive data indicating a second communication parameter via a secure network tunnel. The terminal can determine that the communication parameters do not match, and, in response, provide an indication that an attack is under way against the network terminal. Some example terminals transmit a challenge, determine a response status associated with the challenge, and determine that an attack is under way based on the response status.

Abstract: The technology disclosed herein enables customized hardware initialization code to be provided over a computer network and used to enable a virtual machine to boot in a more secure manner. An example method may include: receiving a request to start a virtual machine; transmitting, by a processing device, configuration data of a host device over a computer network to a service, wherein the configuration data comprises a resource identifier of the host device; receiving hardware initialization code over the computer network from the service, wherein the hardware initialization code comprises the resource identifier; updating, by the processing device, the virtual machine to comprise the hardware initialization code; and causing the virtual machine to execute in a trusted execution environment of the host device, wherein the virtual machine executes the hardware initialization code and uses the resource identifier.

Abstract: An electronic device may have a display. The display may include an array of pixels formed on a silicon substrate. Display driver circuitry may be formed in a display driver integrated circuit that outputs display data and other control signals for operating the display. An interposer structure may be included in the electronic device. The interposer structure may be attached to the silicon display substrate and may only partially overlap the silicon display substrate. The display driver integrated circuit may be attached to the interposer structure and provide signals to the display pixels through the interposer structure. In another possible arrangement, the display driver integrated circuit may bridge a gap between the silicon display substrate and the flexible printed circuit. The display driver integrated circuit only partially overlaps the silicon display substrate in this arrangement.

Abstract: An example computer-implemented method is for initializing a compute system. The computer-implemented method includes causing a cache to be initialized in a central processing unit (CPU) of the compute system in response to basic input/output system (BIOS) code being executed directly from flash memory. Moreover, a communication path is initialized, the communication path extending between the CPU and memory corresponding to a baseboard management controller (BMC) of the compute system. BIOS firmware is copied from the BMC memory to the CPU cache, and the BIOS firmware is initiated from the CPU cache. The computer-implemented method includes causing a memory controller of the CPU to be initialized, in addition to causing a portion of the BIOS firmware to be copied from the CPU cache to memory corresponding to the CPU. Furthermore, a portion of the BIOS firmware is initiated from the CPU memory.

Abstract: Techniques are disclosed for deploying a computing resource (e.g., a service) in response to user input. A computer-implemented method can include operations of receiving (e.g., by a gateway computer of a cloud-computing environment) a request comprising an identifier for a computing component of the cloud-computing environment. The computing device receiving the request may determine whether the identifier exists in a routing table that is accessible to the computing device. If so, the request may be forwarded to the computing component. If not, the device may transmit an error code (e.g., to the user device that initiated the request) indicating the computing component is unavailable and a bootstrap request to a deployment orchestrator that is configured to deploy the requested computing component. Once deployed, the computing component may be added to a routing table such that subsequent requests can be properly routed to and processed by the computing component.

Abstract: The present disclosure provides a data processing system and a data processing method. The system includes: a client interaction module, a subscribing and publishing module, a storage module, and a sub-database management module. The client interaction module is configured to: receive an interaction request sent by a client, analyze the interaction request to obtain an analyzing result, and based on the analyzing result, determine a process type to be started and start a response process of the process type, and repackage the interaction request and send the repackaged interaction request to the response process, where the process type includes a first process type corresponding to the subscribing and publishing module, a second process type corresponding to the storage module and a third process type corresponding to the sub-database management module.

Abstract: A system can determine a priority order of storage devices for installation of an operating system on targeted storage. The system can further communicate with a target server to determine a group of storage devices accessible by the target server. The system can further identify a storage device of the group of storage devices that has a highest priority for operating system installation. The system can further determine a unique identifier of the storage device. The system can further install the operating system on the storage device using the unique identifier.

Abstract: Various techniques are provided to implement fast boot for programmable logic devices (PLDs). In one example, a method includes performing a read operation on a non-volatile memory to obtain a first value. The method further includes comparing the value to a predetermined value to obtain a comparison result. The method further includes determining whether a boot image stored on the non-volatile memory is to be read based at least on the first comparison result. The method further includes performing, based on the determining, a read operation on the boot image to obtain data associated with booting of a device. The method further includes booting the device based at least on the data. Related systems and devices are provided.

Abstract: A method for returning to a basic input/output system (BIOS) setup utility while in a shell environment during a booting process of a computing system includes: upon execution of an update Unified Extensible Firmware Interface (UEFI) (BIOS) firmware file, storing a dynamic command in a command storage; storing a back protocol in the storage module, the back protocol being linked to a back function that, when executed, causes the CPU to call a program file that, when executed by the CPU, causes the CPU to enter a BIOS setup utility, the dynamic command being linked to accessing a memory location in which the back protocol is stored; and in response to receipt of the dynamic command while in the shell environment, locating the back protocol, performing the back function and calling the specific program file, which causes the CPU to enter the BIOS setup utility.

Abstract: Methods, systems, and devices for error information storage for boot-up procedures are described. A memory system may detect an error associated with performing the boot-up procedure of the memory system and may store error information associated with the detected error in a persistent register at the memory system. In some cases, the memory system may additionally store the error information in a cache at the memory system. After storing the error information, the memory system may reset and, after resetting, may transfer the error information from the persistent register to a non-volatile memory device at the memory system. In cases that the memory system stores error information in the cache prior to the reset, the memory system may additionally transfer the error information from the cache to the non-volatile memory device.

Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: A storage device that includes a nonvolatile memory device is described. The storage device includes areas and a controller. The controller receives a write command and data from an external host device. The controller then preferentially writes the data in an area associated with a turbo write based on a turbo write policy, or in an area not associated with a turbo write based on a normal write policy. The controller also receives a move command from the external host device and moves data stored in the area to a different area based on the move command.

Abstract: Multi-socket computing system employing a parallelized boot architecture with partially-concurrent processor boot-up operations. In a boot of the multi-socket computing system, a first, master CPU in a master CPU socket is configured to receive a master reset signal indicating a boot-up state. In response, the first, master CPU is configured to execute a first boot program code to perform a first CPU boot-up operation. To parallelize the boot operation of a second, slave CPU in a slave CPU socket, the execution of the first boot program code by the first, master CPU includes communicating a slave boot-up synchronization signal indicating the boot-up state to the second CPU to execute a second boot program code to perform a second CPU boot-up operation. The second CPU starts to perform its CPU boot-up operation partially concurrent with the performance of the CPU boot-up operation to reduce overall boot-up time.

Abstract: A memory sub-system, such as a solid state drive (SSD), having host interface configured to receive at least read commands and write commands from an external host system. The SSD has memory cells formed on at least one integrated circuit die, and a processing device configured to control executions of the read commands to retrieve data from the memory cells and executions the write commands to store data into the memory cells. During a burn-in operation of the memory sub-system in a manufacturing facility, the memory sub-system is configured to perform read/write operations for the generation of a proof of space plot. After the burn-in operation, the memory sub-system is provided as a product of the manufacturing facility; and the proof of space plot stored in the memory sub-system is provided as a by-product of the burn-in operation.

Abstract: Facilitation of transfer of pre-operating system (pre-OS) data to a persistent store is enabled relative to an operation performed external to the OS. A system can comprise a processor, and a memory that stores computer executable instructions that, when executed by the processor, can facilitate performance of operations. The operations can comprise writing data relative to a pre-OS environment to a partition external to an operating system (OS) partition, and, in response to a reboot operation, booting an OS and transferring the data or a copy of the data to the OS partition. Alternatively, the operations can comprise, writing data relative to an updating operation to a log accessible by an OS of the system, assigning a variable value to the log, automatically searching, while operating the OS, for the variable value, and copying or transferring the data relative to the OS via identifying the variable value upon the identification.

Abstract: A data storage device and method for device-initiated hibernation are provided. In one embodiment, the data storage device comprises a non-volatile memory and a controller. The controller is configured to: receive, from a host during a set-up phase of a hibernation process, a plurality of write commands with a current state of a volatile memory in the host; store the plurality of write commands in a queue, wherein the plurality of write commands are not executed during the set-up phase of the hibernation process; receive a trigger from the host to perform an execution phase of the hibernation process; and in response to receiving the trigger, execute the plurality of write commands to store the current state of the host's volatile memory in the non-volatile memory of the data storage device. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.