Abstract: The present technology is directed to a system and method for automatic triggering of relevant code segments corresponding to a sequence of code segments or function codes having a preferred execution order. The automatic triggering action is based on the snooping of a response generated from an execution of a previous code segment. Information with respect to the next code segment in the preferred execution order may be obtained by directing a network proxy, such as Envoy to snoop the Uniform Resource Identifier (URI) field of a response packet being forwarded to a client entity. In this way, a network proxy may preemptively spawn and instantiate the following function codes (pointed to by the snooped Uniform Resource Identifier) prior to receiving the corresponding client request. As such, by the time a client request for the subsequent function code is received the code ready for execution.

Abstract: Techniques for action execution based on management controller received action requests are provided. In one aspect, a utility program running under the control of an operating system on a server computer may retrieve an indication of an action request. The action request may be stored in a management controller accessible storage. Storage of the action request may not require operating system administrator credentials. The action specified in the request may be executed by the utility program.

Abstract: Embodiments of information handling systems (IHSs) and methods are provided herein to improve the security and performance of a shared cache memory contained within a multi-core host processor. Although not strictly limited to such, the techniques described herein may be used to improve the security and performance of a shared last level cache (LLC) contained within a multi-core host processor included within a virtualized and/or containerized IHS. In the disclosed embodiments, cache security and performance are improved by using pre-boot Memory Reference Code (MRC) based cache initialization methods to create page-sized cache namespaces, which may be dynamically mapped to virtualized and/or containerized applications when the applications are subsequently booted during operating system (OS) runtime.

Abstract: Systems and methods are included for causing a computing device to assemble and boot from a managed operating system. When the computing device is powered on, it can execute firmware that specifies a server to contact. The server can identify an operating system (OS) to boot, and the location of a pre-enrollment installer for assembling the OS image. The pre-enrollment installer can download base OS images in one or more pieces from multiple locations determined based on ownership information of the computing device. The multiple OS images can relate to enterprise management and company-specific applications and drivers. Once the pre-enrollment installer has combined the base OS images, the computing device reboots using the combined OS image.

Abstract: A power supply control unit controls supply and stoppage of power to a plurality of blocks having two or more modules. A clock control unit controls supply and stoppage of clocks to the two or more modules in the plurality of blocks. A first control unit verifies validity of a program stored in a storage unit. A second control unit executes the program determined to be valid as a result of verification by the first control unit. While the program is verified by the first control unit, the power supply control unit supplies power to a block including a module required for the verification, and the clock control unit stops a clock to a module not required for the verification of the block including a module required for the verification.

Abstract: A method, computer program product, and a system where a secure interface control determines whether an instance of a secure guest image can execute based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest of an owner and managed by the hypervisor that includes control(s) that indicates whether the hypervisor is permitted to execute an instance of a secure guest generated with the image in the computing system based on system setting(s) in the computing system. The SC intercepts a command by the hypervisor to initiate the instance. The SC determines the presence or the absence of system setting(s) in the computing system. The SC determines if the hypervisor is permitted to execute the instance. If so, the SC enables initiation of the instance by the hypervisor. If not, the SC ignores the command.

Abstract: The present invention is directed to an information processing apparatus, comprising: upon accepting updating of a program, switching a predetermined verification function that is included in verification functions to an enabled state or a disabled state based on setting information regarding the verification functions for verifying validity of programs; and updating the program, wherein the control method further includes switching the predetermined verification function to the disabled state before the program is updated, and switching the predetermined verification function to the enabled state after updating of the program is ended.

Abstract: A memory system includes; a memory device, a memory controller including a first interface, a second interface, and a first data processor having a first error correction code (ECC) engine, and a field programmable gate array (FPGA) including a third interface connected to the first interface, a fourth interface connected to the second interface, a fifth interface connected to an external host, and a second data processor having a second ECC engine. The memory controller may configure a normal write operation path or highly reliable write operation path.

Abstract: An accelerating boot time system includes a memory and a processor. The memory is configured to pre-store a boot process to be performed on the first boot. The processor is configured to directly read the boot process from the memory and execute the boot process when the first boot is performed. Also, the processor executes a monitoring process to monitor a plurality of hardware usage rates of the plurality of devices each time the device is powered up, and inserts the hardware usage rates into a machine learning algorithm to determine whether a particular process supported by the devices is abnormal.

Abstract: A single radio equipment test device includes a control unit for testing a plurality of antennas, (e.g., an antenna array). The control unit includes a first interface to operatively couple the control unit to an antenna under test, (e.g., arranged in a test chamber). The control unit further includes a second interface to operatively couple the control unit to a reference antenna, (e.g., also arranged in the test chamber). The control unit is configured to control and/or monitor the antenna under test and the reference antenna.

Abstract: A secure boot system, a secure boot method, and a secure boot apparatus, adapted for a boot apparatus to boot a host device, are provided. The boot apparatus includes a storage device and a processor. In the method, the processor reads a boot code and a boot key for booting the host device from the storage device, and executes a cryptographic algorithm on the boot code by using the boot key to obtain a runtime signature. Besides, the processor reads an original signature from a secure area in the storage device and uses the same to verify the runtime signature. If the runtime signature and the original signature are consistent with each other, the processor provides the boot code for the host device to execute a boot operation.

Abstract: A method and a device for checking the integrity of modules of a technical facility. The technical facility has multiple modules and sets of controls for controlling the technical facility. For starting up each set of controls and the overall technical facility, a master key is used which is utilized for decrypting an encrypted region of the set of controls. The master key for starting up a set of controls of the technical facility is derived from features of all sets of controls installed in the technical facility, and a start or a start-up of the technical facility can take place only when the master key is found to be satisfactory.

Abstract: A controller and techniques for expanding its feature capabilities. Techniques may incorporate using an external memory to store feature sets that can be downloaded to an internal memory for intimate incorporation and usage by the controller. The external memory may be large in comparison to the internal memory. External storage of additional feature sets allows for use of a small and simple controller with access to numerous feature sets that otherwise could not be incorporated by the small controller.

Abstract: A method for erasing stored data from the memory of the network device and requesting data from the memory after completion of the data erasure procedure or accessing the memory of the network device after completion of the data erasure procedure. The method further comprises determining the outcome of the data erasure procedure based on: the results of a comparison between a response received from the network device in reply to the request for data and an expected response which is indicative of a successful erasure of the memory of the network device; or the results of a comparison between any contents of the memory of the network device after completion of the data erasure procedure and expected contents of the memory of the network device after completion of the data erasure procedure which are indicative of a successful erasure of the memory of the network device.

Abstract: An embedded processing system includes processing circuitry configured to execute a plurality of computer executable instructions. The embedded processing system also includes a memory system configured to store a plurality of configuration items, where at least one of the configuration items includes a sequence of the computer executable instructions. The embedded processing system also includes an authentication control configured to authenticate an immutable anchor associated with the embedded processing system, authenticate integrity of a reconfigurable entity map associated with the memory system, authenticate the configuration items based on the reconfigurable entity map, and perform an accommodation measure based on an authentication failure of at least one of the configuration items.

Abstract: Embodiments of the present disclosure provide a method, apparatus, device and storage medium for function processing. The method comprises: loading a first core library in a preset application program, wherein the first core library injects a proxy connect function in the first core library to a second core library to perform centralized management of the invoking of a preset socket, the second core library including a preset connect function, the preset connect function being used to establish a connection with the preset socket; injecting a custom connect function to the second core library based on a preset injection method corresponding to the proxy connect function; in accordance with a determination that the preset application program invokes the preset connect function via the second core library, invoking the custom connect function instead to implement a custom logic so as to delegate the preset socket.

Abstract: A network device may provide heartbeat requests to a plurality of network function producers, and may set states of the plurality of network function producers to suspended based on not receiving responses to the heartbeat requests after a predetermined time. The network device may receive, from a network function consumer, a discovery request requesting identification of network function producers providing a service or with a network function type, and may determine, based on the discovery request, that none of the plurality of network function producers are available based on the states of the plurality of network function producers being set to suspended. The network device may provide, to the network function consumer, a discovery response that includes a list of the plurality of network function producers with status indicators set to active.

Abstract: An integrated circuit comprises a processing unit configured for booting up with a set of boot instructions, then for determining the size of the instructions of an application programme and potentially rebooting on its own initiative, while being reconfigured, in order for it to execute the instructions of the application program. Only one boot memory is needed as a consequence.

Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.

Abstract: An endpoint computing device multi-network slice remediation/productivity system includes a core network system coupled to a RAN system and configured to allocate network slices and make them available for use in wireless communications via the RAN system. While operating in a pre-boot environment, an endpoint computing device determines that it is unable to transition to operating in a runtime environment and, in response, establishes a remediation network connection with a first network slice, and establishes a productivity network connection with a second network slice.

Abstract: An autonomous driving controller includes a plurality of parallel processors operating on common input data. Each of the plurality of parallel processors includes a general processor, a security processor subsystem (SCS), and a safety subsystem (SMS). The general processors, the SCSs, and the SMSs of the plurality of parallel processors are configured to first, boot the plurality of SCSs from ROM second, boot the plurality of SMSs of the plurality of parallel processors from RAM or ROM, and, third, boot the plurality of general processors of the plurality of parallel processors from RAM. Between booting of the SCSs and the SMSs, at least one of the plurality of SCSs may load SMS boot code into the RAM that is dedicated to the plurality of SMSs.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may determine that a platform reset signal from a processor of an information handling system has been asserted; may determine that a power conservation state from the processor was not asserted within an amount of time; may determine that an operating system restart occurred; may notify a hardware root of trust device to authenticate information handling system firmware; may assert a resume reset signal to the processor; may authenticate the information handling system firmware; may de-assert a power OK signal to the processor; may remove power from the processor; may determine that the resume reset signal to the processor is de-asserted and that the processor is out of the power conservation state; and may provide power to the processor.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for when a custom BMC firmware stack is executed on the BMC, monitoring a parameter of one or more of the hardware devices of the IHS. The instructions that monitor the parameter are separate and distinct from the instructions of the custom BMC firmware stack. The instructions also controls the BMC to perform one or more operations to remediate an excessive parameter when the parameter exceeds a specified threshold.

Abstract: A method, computer system and computer program product for processing configuration after a cluster migration are provided. In this method, a network booting program is received at a computing node from a management node for a cluster. The cluster includes at least one computing node. An operating system is booted in a memory of the computing node with the received network booting program. Configuration changes are received from the management node, and the configurations in a local storage of the computing node are updated according to the received configuration changes.

Abstract: Communication network architectures, systems and methods for supporting a network of mobile nodes. As a non-limiting example, various aspects of this disclosure provide communication network architectures, systems, and methods for supporting a dynamically configurable communication network comprising a complex array of both static and moving communication nodes (e.g., the Internet of moving things).

Abstract: A new approach is proposed to support hardware-based PCIe link up based on post silicon characterization of an electronic device. A non-volatile storage medium of a bootup unit on the electronic device maintains an initialization sequence for the physical layer of a PCIe link, and a non-volatile storage medium allows flexible programming. During operation, the bootup unit reads from the non-volatile storage medium instructions to program/override one or more PCIe physical layer settings and controller registers for the PCIe link based on the post silicon characterization of the electronic device. The bootup unit is limited to access and override only to the one or more physical layer settings and controller registers of the PCIe link. The entire process of reading the initialization sequence and programming the one or more PCIe physical layer settings and the controller registers happens within time limit constraints of the PCIe specification for latency reduction.

Abstract: In order to enable a user to acquire a desired content more quickly by performing a matching process by using search target ID information identifying a search target so as to properly acquire a content regarding the search target and to shorten a time required to complete the matching process, a communication device such as router is configured such that, when receiving an interest form a content-centric network, the communication device performs a search process on contents accumulated therein, aiming to find one or more contents which meet a search criteria set specified by the interest, performs the matching process for verifying whether the content found in the search process matches the search target ID information (face image) to acquire a content regarding the search target, and transmits the acquired content to a communication device of a content request source.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rollback resistant security are disclosed. In one aspect, a method, during a boot process of a computing device, includes the actions of obtaining a secret key derived from device-specific information for the computing device. The method further includes verifying that a signature for a software module is valid. The method further includes obtaining information indicating a current version of the software module. The method further includes using the secret key to generate a first encryption key corresponding to the current version of the software module and a second encryption key corresponding to a prior version of the software module. The method further includes preventing future access to the secret key until the computing device is rebooted. The method further includes providing the software module access to the first encryption key and the second encryption key.

Abstract: In accordance with an embodiment, an electronic device includes a secure element configured to implement a plurality of operating systems; and a near field communication module coupled to the secure element by a volatile memory.

Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.

Abstract: Methods, systems, and apparatuses for unlocking a persistent region in memory are disclosed. An information handling apparatus includes a controller, a memory coupled to the controller, the memory having a persistent region that can either be locked or unlocked, and a firmware configured to determine whether the persistent region of the memory is locked, obtain a stored passphrase from a storage device if the persistent region is locked, and use the passphrase to unlock the persistent region of the memory.

Abstract: A command requesting creation of a backup file and issued by a client-side deduplication library is received. Upon creating the file, a first flag is set on the file indicating that the file should be automatically retention locked after a cooling off period has elapsed. During the cooling off period, a command requesting that the file be opened for writes is received. The first flag is cleared to exclude the file from being automatically retention locked after the cooling off period has elapsed. A second flag is set on the file indicating that writes to the file are in progress. A command requesting that the file be closed, the writes to the backup file thereby being complete, is received. The second flag is cleared. The first flag is reset to allow the file to be automatically retention locked after the cooling off period has elapsed.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to utilize non-volatile memory for computer system boot. An example processor platform includes a non-volatile memory coupled to a processing unit via a bus, and a microcontroller to: configure the processing unit to store, on the non-volatile memory, a heap and a stack for execution of boot code, and configure the processing unit to execute the boot code stored on the non-volatile memory.

Abstract: First transistor logic is arranged by a first logic provider in circuit form and provides a minimum of functionality of the semiconductor device employed to bring up the semiconductor device, wherein the minimum of functionality is encrypted using a first encryption key. Second transistor logic is arranged by a second logic provider, different than the first logic provider, in circuit form to include security keys capable to perform cryptographic capabilities using a second encryption key. The second transistor logic further includes functionality that completes the semiconductor device as a chip device and is ready to process secure communication signals.

Abstract: A device is suggested including a cryptographic module, wherein the device is operable in a secure mode and in a non-secure mode, wherein the cryptographic module is configured in the secure mode by storing a secret key and a seed value in the cryptographic module, and wherein the device is operable in the non-secure mode to generate a signature based on input data utilizing the secret key and the seed value. Also, a method for operating such device is provided.

Abstract: Herein are techniques that extend a software system to embed new guest programing languages (GPLs) that interoperate in a transparent, modular, and configurable way. In embodiments, a computer inserts an implementation of a GPL into a deployment of the system. A command registers the GPL, define subroutines for the GPL, generates a guest virtual environment, and adds a binding of a dependency to a guest module. In an embodiment, a native programing language invokes a guest programing language to cause importing intra- or inter-language dependencies. An embodiment defines a guest object that is implemented in a first GPL and accessed from a second GPL. In an embodiment, dependencies are retrieved from a virtual file system having several alternative implementation mechanisms that include: an archive file or an actual file system, and a memory buffer or a column of a database table.

Abstract: A computer chip, such as an System on chip (SOC), can receive firmware updates having two separate signatures; a first of the signatures is used to authenticate the firmware using a processor within the computer chip, and a second of the signatures is used by a controller, separate from the processor. A first key, used by the processor to authenticate the firmware, can be a boot key that is hardwired in the computer chip. A second key, used by the controller, can be a key that is provided to the controller at any time and is updatable. The controller can suspend the processor so that the controller can perform a first authentication of the firmware using the second signature and the second key. If the authentication is successful, the controller can release the processor, which then uses the first key and the first signature to perform a second authentication.

Abstract: An industrial internet of things gateway boot method is described wherein installation, operation and maintenance phases are controlled to limit the chance of a malicious attack on a connected network.

Abstract: An integrated circuit includes a data processing part, a data management part. The data processing part processes data. The data management part manages security of the data processing part. The security management part includes a set value holding part, a start control part and a state control part. The set value holding part holds a set value of security strength. The start control part starts the integrated circuit by secure boot which performs signature verification on a boot program in a case where the security strength shown by the set value is over a predetermined level. The state control part resets the data processing part when falsification of the boot program is detected by the signature verification in the secure boot.

Abstract: In some examples, a device includes a processor, a core hardware logic to execute instructions to perform a task in the device, and a controller separate from the processor. The controller detects corruption of the instructions, and in response to detecting the corruption, load a recovery code to the core hardware logic to trigger recovery of the core hardware logic from the corruption of the instructions.

Abstract: Automatic-switching and deployment of software (SW)- or firmware (FW)-based USB4 connection managers (CMs) and associated methods, apparatus, software and firmware. A handshake is defined between BIOS and an operating system (OS) to discover supported CM capability and dynamically switch from a FW CM to a SW CM and visa verse if there is a mismatch. In addition, a mechanism is defined to deploy the correct FW or SW CM driver based on class code, 2-part or 4-part ID. Support for continued USB4 operation during an OS upgrade or downgrade is provided, while ensuring that the best possible CM solution is used based on the advertised platform and OS capability. USB4 controllers support a pass-through mode under which the host controller FW redirects control packets sent between an SW CM and a USB4 fabric, and a FW CM mode under which control packets are communicated between the host controller FW and the USB4 fabric to configure USB4 peripheral devices and/or USB4 hubs in the USB4 fabric.

Abstract: A control apparatus includes a reception unit which receives distribution data which contains compressed update data and a header which includes information to designate any one of a plurality of update systems, a decompression unit which decompresses the update data from the distribution data received by the reception unit, and a restoration unit which restores a new program after updating according to an update system designated in the header using the update data decompressed by the decompression unit. The decompression unit switches a decompression method when the update data is decompressed on the basis of the update system designated in the header.

Abstract: Methods, systems, and computer programs encoded on computer storage medium, for identifying storage devices of an IHS, wherein a BIOS of the IHS is associated with a first enumeration order of the storage devices; enumerating the storage devices such that a particular storage device of the storage devices is enumerated as the first enumerated storage device for both the BIOS and an OS of the IHS, including: determining that an OS installation mode is enabled, and in response, i) exposing only the particular storage device, and ii) disabling the remaining storage devices to; determining that a LUN is set by the BIOS as the first enumerated storage device, including setting an unique identifier (UID) for the particular storage device, and in response fetching data associated with the LUN based on the UID; parsing the LUN data; assigning, based on the parsing, the LUN as the first enumerated storage device.

Abstract: An information handling system includes a memory manager that may detect corruption of a non-volatile random-access memory, and perform a recovery process of the non-volatile random-access memory that includes determining whether a header of the non-volatile random-access memory is corrupted. If the header is not corrupted, then a data region associated with the header may be recovered from recovery data values in a spare store in the non-volatile random-access memory. If the header is corrupted, then the header and the data region may be recovered from default data values.

Abstract: One or more ECU's in an automotive vehicle have a contingent boot and an authenticated boot. When each such ECU is initialized, that ECU performs the contingent boot and the authenticated boot in parallel. The authenticated boot authenticates operational firmware for that ECU that is stored in flash memory of that ECU, starting with initial firmware of the operational firmware. Contingent boot firmware is stored in flash memory of the ECU or is stored in essentially non-alterable memory of the ECU. The contingent boot executes the ECU contingent boot firmware for that ECU. The contingent boot firmware has limited functionality and does not have the ability to flash the flash memory. Upon successful authentication of the initial firmware, the ECU executes the initial firmware and terminates the contingent boot.

Abstract: Example implementations relate to a logical rack controller. In an example, a logical rack controller receives an inventory of a plurality of physical computing racks. The logical rack controller receives a logical rack definition that indicates selected physical infrastructure from among the inventory to form a logical rack. The logical rack controller validates the logical rack definition by verifying network connectivity of the selected physical infrastructure. After validation of the logical rack definition, the logical rack controller provides, to a provisioning controller, an interface to the logical rack. The provisioning controller can utilize the interface to access the logical rack.

Abstract: This disclosure describes systems, devices, and techniques for migrating virtualized resources from outdated hosts during requested reboots of the virtualized resources, in order to update the outdated hosts. In an example method, a pending reboot a virtualized resource occupying a first host can be identified. At least one component of the first host may be determined to be outdated. In response to identifying the pending reboot and determining that the at least one component is outdated, the virtualized resource may be migrated to a second host. The first host may update the at least one component.

Abstract: A method, computer program product, and computer system for maintaining, by a computing device, a plurality of certificates in a credential store using a distributed data source. A certificate of the plurality of certificates may be loaded in an in-memory location from the distributed data source upon startup. A change in at least one certificate of the plurality of certificates may be detected in the distributed data source. The change in the at least one certificate may be loaded from the distributed data source to the in-memory location without requiring a restart of the computing device.

Abstract: An information processing apparatus includes a detector configured to detect tampering with at least one of a plurality of software components to be executed in accordance with a boot instruction, a storage unit configured to store information for enabling or disabling a function of detecting the tampering, and a rebooter configured to reboot the information processing apparatus on the basis of the information stored in the storage unit and on the basis of a time that elapses after receipt of the boot instruction.

Abstract: A technique for generating a customized program logic for booting a target system includes determining the hardware devices operatively connected with the target system. A list of identifiers of the determined hardware devices is sent to a server system. The server system selects from a set of drivers for each of the device identifiers in the list at least one driver operable to control the identified device to generate a sub-set of said set of drivers. The server system retrieves a core program logic being free of any drivers of the target system and sends the core program logic and the driver sub-set to the target system. The target system creates the customized program logic using the combination of the core program logic and the driver sub-set.