Abstract: After a terminal receives any piece of control information sent by a management server, if the control information is used to indicate that a foreground operating system of the terminal is a target operating system, the terminal is controlled according to a control instruction carried in the control information. When the foreground operating system of the terminal is not the target operating system, the terminal does not control the terminal according to the control instruction. In addition, the terminal may store a correspondence between a system identifier of the target operating system and the control instruction, so that after the foreground operating system of the terminal is changed to the target operating system, the terminal may further obtain the control instruction based on the correspondence and control the terminal according to the control instruction.

Abstract: Provided is a system that controls at least one sound signal output device to emit at least one sound signal in at least one chosen area of a premises. This sound signal represents location-specific usage information of at least one electronic device and is intended to induce a control of a usage of this electronic device based on this location-specific usage information.

Abstract: Techniques to facilitate the provision of server-management microservices for baseboard management controllers from a storehouse of such microservices are described herein. A technique described herein includes a server-management microservice storehouse obtaining a request for a server-management microservice for a baseboard management controller (BMC) of a server of a communications network. Further, the storehouse delivers the microservice to the BMC over the communication network. The server-management microservice is a modularized application that interacts with the operating system of the BMC while the microservice executes on the BMC, and the server-management microservice cause management of operations of the server or monitoring of the status of the server.

Abstract: This invention presents methods to utilize more regions for tasks than the number of slots in a memory protection unit and to efficiently distribute regions between multiple tasks within a partition.

Abstract: Embodiments of this application provide a system recovery method and an apparatus and relate to the field of communications technologies, so as to more smoothly guide a user in implementing system recovery of an electronic device. The method is applied to an electronic device, comprising: obtaining a quantity of abnormal shutdowns of the electronic device at a BIOS boot stage of the electronic device; if the quantity of abnormal shutdowns of the electronic device is greater than or equal to a preset threshold, displaying a first interface, where the first interface includes a first system recovery mechanism option; and receiving a selection operation on the first system recovery mechanism option, and running a first system recovery mechanism in response to the selection operation on the first system recovery mechanism option.

Abstract: Accordingly the embodiments herein provide a method for managing scheduling of services during a boot-up process in an electronic device including a multi-core processor. The method includes determining a plurality of services initiated during the boot-up process of the electronic device. Further, the method includes registering system parameters associated with the electronic device for each one of the determined services. Further, the method includes determining whether the service is critical or non-critical for the boot-up process. Further, the method includes tagging a label data to each one of the determined services, wherein the label data represents whether the service is critical or non-critical. Further, the method includes clustering each of the services into one of an accelerating cluster and a decelerating cluster based on the registered system parameters associated with the electronic device and the tagged label data.

Abstract: An on-board vehicle computer system receives a software update package from a remote computer system via a wireless communication network. The update package includes a software update for an updatable electronic component (e.g., an ECU) of the vehicle. Prior to installing the update, the vehicle computer system may check for a valid backup software version in a storage medium in the vehicle computer system to facilitate reversion to a previous software version in the event of an error during installation of the update. Installation of the update may be delayed until a compatible backup software version is obtained. After installation of the update, the system stores the update in the storage medium as the current backup software version for the updatable electronic component. This facilitates roll-back to a functional state in the event of an error during a future update.

Abstract: The present invention discloses an electronic apparatus having secure boot mechanism. The processing circuit executes steps outlined below. Operation-related data is stored in the storage circuit under a normal operation mode. The operation related data is stored in a host terminal. A first hash value is calculated according to the operation related data and is stored in a non-power-off area. A power of the non-power-off area is maintained to be turned on and a power of a power-off area is turned off under a lower power operation mode. The power is restored when the normal operation mode is restored and the operation related data is retrieved from the host terminal to calculate a second hash value. The first and the second hash values are compared such that the operation related data is determined to be valid and the electronic apparatus operates according to the operation related data when the first and the second hash values are matched.

Abstract: A method, computer program product, and a system where a secure interface control determines whether an instance of a secure guest image can execute based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest of an owner and managed by the hypervisor that includes control(s) that indicates whether the hypervisor is permitted to execute an instance of a secure guest generated with the image in the computing system based on system setting(s) in the computing system. The SC intercepts a command by the hypervisor to initiate the instance. The SC determines the presence or the absence of system setting(s) in the computing system. The SC determines if the hypervisor is permitted to execute the instance. If so, the SC enables initiation of the instance by the hypervisor. If not, the SC ignores the command.

Abstract: A system for providing services for microservices applications is described herein. In an embodiment, a system comprises a plurality of container environments, each of which comprising a host node. A virtual fabric edge instance executes on each host node. The host nodes are interconnected through a plurality of switches. A fabric controller manages the plurality of switches and implements policies through the virtual fabric edge instances executing on each host node. The fabric controller additionally provides services for the application instances through the virtual fabric edge instances by routing traffic, data, queries from an application or proxy instance to another application or proxy instance in the container environment through the virtual fabric edge instances.

Abstract: An information handling system may include a processor, a smart network interface card communicatively coupled to the processor, a basic input/output system configured to be the first code executed by the processor when the information handling system is booted and configured to initialize components of the information handling system into a known state, and a management controller configured for out-of-band management of the information handling system. The management controller may further configured to communicate information regarding the smart network interface card to a provisioning server, receive parameters from the provisioning server for a network-based boot of the smart network interface card, and communicate the parameters to the smart network interface card to enable the smart network interface card to boot from an image stored at the provisioning server.

Abstract: A method and system for testing a software application includes receiving and storing a software application for execution in a memory associated with a processor, detecting a first trigger event corresponding to the software application, and attempting to load a disposable code in the memory in response to detecting the trigger event. The method further includes, if the disposable code is successfully loaded in the memory, by the processor: executing the software application to pass a reference to the software application into the disposable code, and executing the disposable code to create an interface between the software application and one or more testing tools. The interface is configured to intercept communications to and from the software application during an execution of the software application.

Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.

Abstract: Methods and systems for monitoring, by a baseboard management controller, a network interface of an information handling system, identifying one or more management information exchanges between the information handling system and a plurality of information handling systems, identifying one or more telemetry metrics associated with the one or more management information exchanges on a hardware level, storing the one or more telemetry metrics into a telemetry metrics database of the information handling system, transmitting a telemetry metrics report including the one or more telemetry metrics to a service provider for analysis, analyzing, by the service provider, the telemetry metrics report to indicate a percent usage of an overall usage capacity associated with each device of a plurality of devices of the information handling system, and transmitting a usage report to each of the plurality of information handling systems based on the analysis of the telemetry metrics report.

Abstract: Device, system, and method of policy enforcement for rich execution environment. An electronic device includes a Trusted Execution Environment (TEE), a Rich Execution Environment (REE), and a hardware-based secure sub-system which includes a cryptographic engine. The REE includes a cryptographic driver configured to initiate a request for TEE authorization to perform a particular cryptographic operation by the cryptographic engine on a data-item that is stored in a memory region that is accessible by the REE. The TEE includes a policies manager to determine whether the request from the REE is approved or rejected, and if approved, to inject data-items into the secure sub-system to enable performance of the requested cryptographic operation by the cryptographic engine.

Abstract: One example method includes moving a volume from a source server to a target server. In one example, the volume is moved and the need to copy the source data is eliminated. The volume to be moved is selected and metadata associated with the save sets stored on the volume is exported to a volume bootstrap, which is also stored on the selected volume. The volume is mounted or attached to the target server and the metadata is imported from the volume bootstrap. The volume is made read/write and is moved from the source server to the target server.

Abstract: Novel tools and techniques are provided for implementing intent-based disaggregated and distributed composable infrastructure. In some embodiments, a computing system might receive, over a network, a request for network services from a customer, the request comprising desired characteristics and performance parameters, without specific information regarding any of hardware, hardware type, location, or network for providing the requested services.

Abstract: An accelerator loading apparatus obtains an acceleration requirement, where the acceleration requirement includes an acceleration function of a to-be-created virtual machine and acceleration performance of the to-be-created virtual machine. The accelerator loading apparatus determines a target accelerator that meets the acceleration function of the to-be-created virtual machine and the acceleration performance of the to-be-created virtual machine. The accelerator loading apparatus determines an image corresponding to the target accelerator, and sends an image loading command to a target host in which the target accelerator is located, where the image loading command is used to enable the target host to load the image for the target accelerator based on the image loading command.

Abstract: Techniques described herein relate to automatically generating standard network device configurations. In one example, one or more groups of network device configuration blocks may be obtained. An analysis of the one or more groups of network device configuration blocks may be performed, including identifying respective frequencies associated with respective network device configuration blocks of the one or more groups of network device configuration blocks. Based on the respective frequencies, one or more network device configuration blocks of the one or more groups of network device configuration blocks may be automatically aggregated into a standard network device configuration.

Abstract: A fire and security system includes a control panel and one or more connected device. The control panel is in signal communication with a data control loop. The connected device is in signal communication with the at least one control panel via the at least one data control loop. The connected device includes a memory unit having a free memory area that stores first data and an active memory area that stores second data different from the first data. In response to operating the connected device according to the second data, the at least one connected device receives updated data delivered by the at least one of the control panel over the data control loop, and replaces the first data stored in the free memory data with the updated data.

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: The present disclosure in some embodiments provides a security system using both key management service (KMS) and a hardware security module (HSM), and a method of operating the security system. At least one embodiment provides a security system including an HSM, a bootstrapping enclave, and one or more KMS enclaves. The HSM is configured to generate, replace or remove a root key, the HSM being physically independent. The bootstrapping enclave is configured to receive the root key from the HSM. The one or more KMSs are configured to perform an attestation procedure with the bootstrapping enclave, to receive the root key from the bootstrapping enclave, and to utilize the root key for establishing a secure channel with the HSM.

Abstract: An auxiliary storage device independently has protection and monitoring functions so as to respond to an attempt to take control of a system by a malicious code, and minimize damage to the system. The auxiliary storage device includes a CPU which performs a function to perform protection and monitoring functions independently of an external computing unit; and a storage medium unit. The storage medium unit is divided into a user area in which an OS of a computing unit is stored and the writing and reading to the computing unit is possible at any time, and a recovery area in which a duplicated copy of the OS of the computing unit is stored and the writing and reading of the computing unit is determined according to a selection mode of a mode selection switch. An application device including the auxiliary memory is provided.

Abstract: An information processing apparatus according to one aspect of the present invention includes a main body and an operation device. The operation device executes an operating system (OS) and a program task operating independently of the OS. The program task is configured to start up earlier than the OS and to perform a part of a start up process required for starting up the operation device. When the main body and the operation device are started, the operation device starts executing the program task in addition to starting execution of the OS. In response to a completion of performing the part of the start up process, the program task transmits a ready state notification to the main body.

Abstract: A system to facilitate operating system (OS) installation is described. The system includes a server and rack controller, including one or more processors to generate an imaging service comprising an OS image container, transmit data via a first network to initiate a boot up process at a server and download an OS image included in the OS image container via a second network, wherein the second network is separate from the first network.

Abstract: A removable device and method for automatically booting a computer running a standard operating system (OS) into an alternative OS. The method comprises a user inserting the removable device into the computer, and the user launching an application stored on the removable device for booting guidance. The user directs the application to boot the computer into the alternative OS, whereupon the application determines a first booting technique to be used on the computer and configures the computer accordingly. The application restarts the computer in an attempt to boot into the alternative OS. If booting the alternative OS fails, the computer boots back into the standard OS, whereupon the application determines a next best booting technique and configures the computer accordingly. This process continues until the alternative OS is successfully booted, or, failing that, the user is given manual booting direction.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. For example, the processing chip includes one or more CPUs and circuitry enabling the CPUs to securely boot from an external, non-volatile memory chip containing encrypted, executable code. The circuitry comprises immutable hardware to hold the CPUs in a reset state while performing a serial presence detect on external interfaces of the processing chip and generating an address map according to results of the serial presence detect. In response to an initial instruction fetch of an initial one of the CPUs, the circuitry is able to return one or more instructions via the address map associating an address of the initial instruction fetch with one of the external memory chips.

Abstract: An apparatus for LAN booting environment-based file security and centralization, a method therefor, and a computer-readable recording medium recorded with a program for performing the method are proposed. The apparatus can include a central server including a storage module for storing a plurality of operating system images; a communication module for communicating with a user device; and a LAN booting management module configured to, when receiving a LAN booting start request message from the user device through the communication module, select an operating system image that can be used in the user device among the plurality of operating systems according to user device information, and transmit the selected operating system image, a user apparatus corresponding to the same, a method for LAN booting environment-based file security and centralization of these devices, and a computer-readable recording medium recorded with a program for performing the method.

Abstract: A non-transitory computer-readable storage medium may comprise instructions for determining health statuses of multiple virtual machine templates stored thereon. When executed by at least one processor, the instructions may be configured to cause a health status server to at least run multiple scripts against multiple virtual machines, each of the multiple virtual machines being generated from one of the multiple virtual machine templates, and generate, for each of the multiple virtual machines, an output report indicating success or failure for each of the multiple scripts.

Abstract: An information processing apparatus includes a control unit, a storage unit configured to store a program to be executed by the control unit, a verification unit configured to read the program from the storage unit and to verify the read program, and a light-emitting unit configured to be changed to a predetermined light-emitting state or to be changed from the predetermined light-emitting state based on a result of the verification of the program by the verification unit.

Abstract: An interface is provided to update a firmware of a persistent memory module at runtime without restarting an operating system on the platform. The operating system initiates the firmware update by triggering a sleep state or by entering a soft reboot. The interface is capable of preserving the state of the platform for all memory modes that support volatile memory regions, persistent memory regions, or both, and reducing or eliminating the demand for access to memory during the firmware update. The persistent memory module is capable of updating the firmware responsive to a platform instruction generated using the interface, including preserving operational states for memory devices in all memory regions, including memory devices in volatile and persistent memory regions.

Abstract: System and method for supporting node role attributes in a high performance computing environment. In accordance with an embodiment, a node role attribute can comprise a vendor defined subnet management attribute. When a subnet manager attempts to discover a high performance computing environment, such as an InfiniBand subnet, or a switch topology, identifying a topology is quite complex when subnet manager can only observe connectivity, without context behind the connectivity (the roles of the different nodes in the connectivity). However, when a subnet has a node role attribute enabled, the subnet manager can map the interconnect more effectively as it can discover not only the connectivity during the initial sweep, but it can also discover the role of each node discovered, thus leading to a more efficient interconnect discovery.

Abstract: A system on chip (SOC) is provided. The system on chip includes a non-volatile memory, an exception detector, and a processor. The non-volatile memory stores a first bootset in a first region, the first bootset including a booting operation bootloader for a first booting operation and stores a second bootset in a second region that is different from the first region. The exception detector is activated after execution of an initialization bootloader, detects an exception occurrence in the system on chip, and generates a reset signal in response to the exception occurrence that is detected. The processor performs a second booting operation by using the second bootset in response to the reset signal received from the exception detector during the first booting operation performed by using the first bootset.

Abstract: Cloud computing techniques utilizing distributed application execution are disclosed herein. One example technique includes receiving a command to launch an application, and in response, determining an execution location corresponding to a type of data consumed by individual components of the application. Upon determining that one of the components is to be executed in a local computing facility, the example technique includes transmitting, from a cloud computing facility to the local computing facility, a request to execute the one of the components in the local computing facility instead of the cloud computing facility. Upon being authorized by the local computing facility, data is requested and received from the one of the components executed at the local computing facility without having direct access from the cloud computing facility to a data source at the local computing facility.

Abstract: The invention discloses a secure boot method for a terminal device, a terminal device and a medium, relates to the technical field of secure boot, and is used for solving a problem of low system boot security caused by lack of protection for system boot in the related art. The terminal device includes a first processor, a second processor and a shared memory. The method includes: acquiring, by the first processor, an SPL image file; acquiring, by the first processor and the second processor, a third duration and starting timing synchronously; in a case that the third duration expires, transmitting, by the first processor, the SPL image file to the second processor via the shared memory; and booting, by the first processor and/or the second processor, a system of the terminal device cooperatively based on the SPL image file received by the second processor.

Abstract: Provided are a resource sharing method, device and system. The method includes: establishing, by a cloud desktop system based on a virtual desktop infrastructure (VDI), links with multiple terminals; and acquiring, by the cloud desktop system, resources of the multiple terminals through the links, and sharing the acquired resources to the multiple terminals.

Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.

Abstract: A method, computer program product, and a system where a secure interface control determines functionality of a secure guest based on metadata. The secure interface control (“SC”) obtains metadata linked to an image of a secure guest to be started by an owner and managed by the hypervisor, where the metadata comprises control(s) that indicate whether a secure guest generated with the image is permitted to obtain a response to a particular request. The SC intercepts, from the secure guest generated with the image, during runtime, a request. The SC determines, based on the control(s), if the secure guest is permitted to obtain a response to the request. If permitted, the SC commences fulfillment of the request, within the computing system. If not permitted, the SC ignores the request.

Abstract: A computer apparatus is provided, which includes a plurality of peripheral apparatuses, a non-volatile memory, a processor, and an authority-control circuit. The memory unit stores a plurality of boot codes and setting values of a function set of the peripheral apparatuses corresponding to each boot code, wherein the boot codes form a chain of trust. In response to the execution of a current boot code being completed, the authority-control circuit sets the setting values of the functions in a second function set corresponding to a next boot code in the chain of trust, sends an authority-control signal to control the peripheral apparatuses corresponding to the second function set according to the setting values of the functions in the second function set, and sets a boot flag corresponding to the next boot code in the authority-control circuit to control the processor to execute the next boot code.

Abstract: Identity information processing method and apparatus are disclosed. The method includes: obtaining customized information of a user process on an integrated chip; determining a target operational firmware preloaded on a reconfigurable chip according to the customized information; generating first process identity information used for verifying the user process based on the target operational firmware and a fixed operational firmware of a non-reconfigurable chip; and providing the first process identity information to a privacy certificate issuing authority for performing firmware legitimacy verification of an operational firmware to determine that an identity of the user process is legitimate according to a result of the firmware legitimacy verification.

Abstract: An information handling system may include a processor and a basic input/output system (BIOS) comprising a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may be further configured to, during a boot of the information handling system, determine whether a BIOS configuration change has been made during a current boot session of the information handling system, and responsive to determining that a BIOS configuration change has been made during the current boot session, store an indication of the BIOS configuration change to a non-volatile memory.

Abstract: Various embodiments relating to an electronic device are described, and according to an embodiment, the electronic device may comprise a communication module which performs wireless communication; at least one processor which is electrically connected to the communication module; and a memory which stores instructions which cause at least one processor to receive or transmit data via communication with an external electronic device using the communication module on the basis of a first operating system and to process the received data or data to be transmitted to the external electronic device using a designated key on the basis of a second operating system, at the time of execution thereof.

Abstract: A method of creating a new page table structure after first stage boot operations has completed but before handoff to a hypervisor occurs. Firmware page tables are reused and copied to a region of memory by a first-stage bootloader while the firmware is running, processed to have an expected multi-stage page table structure and desired access rights, and copied again to another region of memory by the first-stage bootloader after the first-stage bootloader has completed its booting operations and after the firmware has been quiesced.

Abstract: An information handling system may include an embedded controller, a serial peripheral interface (SPI) read-only memory (ROM) device to store a first basic input/output system (BIOS) firmware for the information handling system, and a non-volatile memory device includes a boot partition to store a second BIOS firmware. The embedded controller detects a failure during a boot process, switches a first SPI of a chipset from the SPI ROM to the embedded controller and executes the second BIOS firmware from the non-volatile memory device via a sideband access of the non-volatile memory device.

Abstract: A virtual non-volatile memory system includes a BIOS coupled to a non-volatile storage system and a volatile memory system. The BIOS designates a portion of the volatile memory system as a virtual NVDIMM, reserves a portion of the non-volatile storage system for storing virtual NVDIMM data, reports the virtual NVDIMM to an operating system using an ACPI NFIT, and emulates an NVDIMM controller. When a virtual NVDIMM storage event occurs, the BIOS copies data from the portion of the volatile memory system designated as the virtual NVDIMM to the portion of the non-volatile storage system reserved for storing virtual NVDIMM data. When the BIOS subsequently determines that a virtual NVDIMM recovery event has occurred, it copies the data stored in the portion of the non-volatile storage system reserved for storing virtual NVDIMM data to the portion of the volatile memory system designated as the virtual NVDIMM.

Abstract: A layered composite boot device, and a corresponding layered composite file system, can be implemented by a boot manager. Requests directed to the layered composite boot device and file system, can be serviced from a primary device and file system that are encapsulated by the layered composite boot device and file system. The primary device and file system can correspond to a virtualized file system within a container environment, thereby enabling changes within the container environment to affect early stages of operating system booting in the container environment. Should such requests not be serviceable from the primary layers, the composite device and file system can comprise secondary layers that can correspond to a container host connection and the host file system, providing fallback to existing data if changes within the container environment were not made, thereby enabling booting to proceed in a traditional manner.

Abstract: In some examples, a server receives configuration data from a device. The server receives a software or firmware update from a vendor and determines, based on the configuration data, that the update is installable on the device. The server creates and configures a container, based on the configuration data, to create a replica of the device. The server installs the update in the replica and performs multiple tests that generate logs. If the logs indicate that the update caused no issues, the server sends the update to the device. If the logs indicate that the update caused an issue, the server sends the update to the vendor. In response, the server receives, from the vendor, a modified update that addresses the issue, installs the modified update in the replica, performs the tests, determines that the modified update causes no issues, and sends the modified update to the device.

Abstract: Disclosed herein are an apparatus and method for authenticating an IoT device. The method, performed by the IoT device authentication apparatus, includes transmitting, by the IoT device authentication apparatus, a random number to the IoT device and encrypting, by the IoT device authentication apparatus, the random number using a previously registered first white-box cryptography value through a white-box cryptography method; generating, by the IoT device, a first device response value from a previously registered first device challenge value using a Physical Unclonable Function (PUF) and encrypting, by the IoT device, the random number, received from the IoT device authentication apparatus, using the first device response value; and performing, by the IoT device authentication apparatus, authentication of the IoT device by checking whether the random number encrypted using the white-box cryptography method matches the random number encrypted using the PUF, which is received from the IoT device.

Abstract: A system, computer-readable media and computer-implemented method for automated network adapter activation in connection with fibre channel uplink mapping. The system includes a non-virtualized storage area network switch having a plurality of fibre channel ports. Each of the fibre channel ports is coupled to a corresponding cable to at least partly define a fibre channel uplink. The system also includes a plurality of client devices. Each client device has a network adapter.

Abstract: The multi-operating system device comprises a processor, a transceiver, and an output device. The processor is configured to host a first operating system in the foreground and a second operating system (OS2) in the background, or vice versa. The output device is configured to be controlled by an OS hosted in the foreground. The transceiver is configured to receive a S1 from a notification device over a communication system, the S1 indicating a notification associated to the OS2. The output device further is configured to output the notification associated to the second OS2 when the OS1 is hosted in the foreground.