Abstract: The present disclosure relates generally to a system that includes a storage component that stores data and a processor. The processor may install an application using a portion of the storage component, partition the portion of the storage component from a remaining portion of the storage component, and execute the application via the portion of the storage component.

Abstract: Method for defining a code to be executed by programmable control devices comprising: —providing a programming language; —providing a code written in that programming language; —compiling such code in machine language; —transferring said machine language code on a program memory for its execution by the control device, wherein said machine language code is divided into core code and application code, said application code being loaded into the program memory regardless of the core code, without performing a linking operation of the two codes before said transfer. A corresponding system is also disclosed.

Abstract: A system and related method for optimizing warm-start loading in a multi-core processing environment (MCPE) responds to a power transient event. The MCPE system memory activates a self-refresh mode, maintaining stored data throughout the power event. A boot loader in nonvolatile flash memory identifies the warm-start condition and fetches from the flash memory the hypervisor binary image. Rather than copy the entire image to allocated system memory, the boot loader copies only the modifiable portions of the hypervisor image, transferring control to the hypervisor. The hypervisor spawns guest processes that copy guest OS and application images from flash memory, copying only the modifiable portions of these images to the appropriate destinations in allocated memory before transferring control to the guest processes. By loading only modifiable image segments and sections, the system reduces the time required for the warm-start sequence.

Abstract: Embodiments of the disclosure are directed to a persistent enrollment of a device in a management system. Upon detection of a triggering event, detection of whether an activator application is installed is performed. Then, detection of whether an agent application is installed also performed. The agent application can then complete an enrollment of the device with a management system. Certain components of such a process can be bundled with the device operating system or as a system application.

Abstract: Variety of approaches to optimize performance based on behavioral and situational signals are described. A productivity service initiates operations to optimize performance upon receiving a behavioral signal and/or a situational signal associated with a user. The behavioral signal and/or the situational signal are analyzed to infer a usage pattern associated with a component of an application. Next, a failure of the usage pattern is detected in a comparison to an utility threshold. In response, the application is instructed to interrupt an execution of the component.

Abstract: A method for multi-user CAx editing includes monitoring an operational state of a processor of a first CAx client, receiving, at a communication filter of the first CAx client, a first remote operation to be executed by the first CAx client in a CAx environment, populating the first remote operation to a queue formed in a memory structure in response to a determination that the operational state of the processor of the first CAx client is executing a local operation when the first remote operation is received, and executing the first remote operation in the CAx environment on the first CAx client in response to a determination that the operational state of the processor of the first CAx client is idle. A computer program product such as a computer readable medium and a computer system corresponding to the above method are also disclosed herein.

Abstract: An apparatus in one embodiment comprises a processing platform that includes a plurality of processing devices each comprising a processor coupled to a memory. The processing platform is configured to implement virtual resources of one or more clouds for use by applications of at least one application management domain. The processing platform further comprises an application manager configured in accordance with a multi-layer application management architecture. The application manager implements at least one of a startup procedure, a shutdown procedure, a reboot procedure and an isolation procedure for at least a portion of each of one or more of the applications. A given instance of at least one of the startup procedure, the shutdown procedure, the reboot procedure and the isolation procedure is applied to a particular designated set of controlled components. The given instance is configurable under user control so as to provide a customized version of the corresponding procedure.

Abstract: A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.

Abstract: A method for preventing digital content misuse can include receiving, by a digital content delivery system, a request from a client-side computing device to access digital content maintained by the digital content delivery system; determining, by the digital content delivery system, that a number of times the client-side computing device has accessed digital content meets or exceeds a threshold number of times the client-side computing device is permitted to access digital content; and in response to determining that the number of times the client-side computing device has accessed digital content meets or exceeds the threshold number, denying the request and executing a remedial action.

Abstract: A firmware can include multiple features for multiple users enabled based on the presence of authenticated variables. When attempting to access functionality of a feature, the firmware will check for the presence of an authenticated variable corresponding to the feature. The authenticated variable for the feature may be installed by a user. The firmware may data to enable a feature that includes an authenticated variable for enabling the feature and an authenticated variable corresponding to an end-user of the firmware. If the firmware has access to the end-user authenticated variable, the feature authenticated variable is installed.

Abstract: A control apparatus connected to a device includes a first control unit configured to execute a program, a second control unit configured to access the device to control the device, and a third control unit configured to control a reset of the control apparatus by transmitting a watchdog reset signal to the first and the second control units. When a condition for triggering a watchdog reset is satisfied, the third control unit transmits a watchdog reset prior notification to the second control unit before transmitting the watchdog reset signal. Upon reception of the watchdog reset signal, the first control unit executes a watchdog reset on the control apparatus. When a watchdog reset is executed, the second control unit controls the device to perform processing for making the device ready to accept a command based on information acquired upon reception of the watchdog reset prior notification.

Abstract: An information handling system includes a memory, a remote access controller, and a host processor. The memory to store an extensible firmware interface (EFI) system resource table (ESRT) and an ESRT capsule. The remote access controller to detect an insertion of a hot-pluggable device into the information handling system, to retrieve firmware details for the hot-pluggable device, to create a firmware capsule payload based on the firmware details, and to store the firmware capsule payload in the memory. The host processor to operate in a pre-boot mode, and in an operating system runtime mode. The host processor, while in the operating system runtime, to retrieve the firmware capsule payload from the memory, to update a cached operating system ESRT based on the firmware capsule payload, to retrieve updated firmware for the hot-pluggable device, and to create the ESRT capsule based on the updated firmware.

Abstract: The invention relates to a modular computer system (1), comprising a chassis (2) having a plurality of receiving bays (7) for receiving corresponding function modules (13), in particular server modules (22). The modular computer system (1) comprises a non-volatile memory device arranged in the chassis (2) and at least one controller arranged in the chassis (2) and connected to the memory device. Here, the memory device is configured to store configuration data of a plurality of function modules (13). The memory device is configured to receive requests to write, read and/or delete configuration data received by a function module (13) accommodated in a receiving bay (7), to map the requests on an address space of the memory device and to transmit corresponding control commands to the memory device. The invention further relates to a server module (22) for use in such a modular computer system (1).

Abstract: An apparatus and method for reducing boot time of an electronic device are provided. The electronic device includes electronic device is provided. The electronic device includes a processor including at least one system register; and an Operating System (OS) including an OS component having at least one reserved area, each reserved area including a static memory structure. The OS component is configured to, during a booting process, copy addresses of the at least one static memory structure into at least one of the plurality of system registers, and initialize the static memory structures located at the copied addresses.

Abstract: A method and apparatus for protecting boot variables is disclosed. A computer system includes a main processor and an auxiliary processor. The auxiliary processor includes a non-volatile memory that stores variables associated with boot code that is also stored thereon. The main processor may send a request to the auxiliary processor to alter one of the variables stored in the non-volatile memory. Responsive to receiving the request, the auxiliary processor may execute a security policy to determine if the main processor meets the criteria for altering the variable. If the auxiliary processor determines that the main processor meets the criteria, it may grant permission to alter the variable.

Abstract: Provided are systems, methods, and computer program products for a cyber-vaccination technique. In various implementations, the technique includes determine characteristics of a testing environment. A testing environment can be used to analyze malware programs. The technique can further include configuring a production network device with the characteristics, so that the production network device resembles the testing environment. The production network device is used for network operations, which excludes analyzing malware programs.

Abstract: Systems and methods are included for causing a computing device to request ownership information and configure itself based on which tenant is associated with the computing device. During launch of an operating system, such as WINDOWS, the computing device can contact a server that tracks ownership information. The server can be identified in firmware or an operating system image of the computing device. The server can determine which operating system image and applications to install at the computing device. The server can provide addresses that the computing device can contact to retrieve portions of the operating system or applications.

Abstract: A method and apparatus are provided for implementing enhanced deployment of a virtual machine (VM) in a cloud environment. VM boot profiling is performed and used for providing VM image download prioritization. The VM boot profiling facilitates the transfer of the earliest needed portions of the VM image first, allowing the VM to boot and begin operating quickly while the later needed portions of the VM image are still transferring.

Abstract: During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.

Abstract: The present disclosure provides a dynamic method for automated Security Information and Event Management (SIEM) custom correlation rule generation through the use of an interactive network visualization. The visualization is based on log data received from network endpoints and inputs received from a user, and is provided to the user for feedback before the SIEM custom correlation rules are automatically generated based on the visualization. The automatically generated SIEM custom correlation rules are then used to determine whether to trigger actions based on event data received from the network endpoints.

Abstract: A mechanism is described for facilitating dynamic capsule generation and recovery in computing environments according to one embodiment. A method of embodiments, as described herein, includes accessing a current firmware and a capsule driver binary file (“capsule file”) from a storage device, and merging the current firmware with the capsule file and a capsule header into a capsule payload. The method may further include assigning a security protocol to the capsule payload to ensure a secured capsule payload, and storing the secured capsule payload at the storage device for subsequent updates.

Abstract: A system and method for automatic recovery of a firmware image is disclosed. The method can include creating a shadow firmware image in a storage device from a firmware image in non-volatile memory. It is determined whether an abnormal event affecting the firmware image has occurred. The shadow firmware image is recovered from the storage device. The shadow firmware image is copied to the non-volatile memory.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: The present invention relates to. The operating system conversion device for a mobile terminal operates by means of a first operating system (OS), and, when connected to a vehicle, operates by means of an agent, the operating system conversion device comprising: a reception unit which receives, from the vehicle, a second operating system which is different from the first operating system and is exclusively used for the vehicle during connection with the vehicle; and a conversion unit which, during connection with the vehicle, converts the operating system from the first operating system to the second operating system.

Abstract: Disclosed in some examples are memory systems, computing systems, and machine readable mediums for protecting memory at identified addresses based upon access rules defining permissible access to the identified memory addresses that depends on the value of one or more registers stored in the memory system. In some examples, the value of the registers (e.g., a Platform Configuration Register) may depend on a state of a computing device in which the memory system is installed.

Abstract: A method of rebooting a computing system in which a virtual machine (VM) runs on top of a hypervisor and a host operating system (OS) includes the following steps. Those steps are sending, from the host OS to the hypervisor, a pre-reboot notification that the host OS is going to reboot, in response to reception of the pre-reboot notification, saving by the hypervisor state of a session that is executing in the VM, rebooting the host OS, after the host OS is rebooted, logging on to the host OS using a credential provider that was previously registered with the host OS and sending a post-reboot notification from the host OS to the hypervisor, and in response to reception of the post-reboot notification, instantiating by the hypervisor a VM in which the session is resumed using the saved state of the session.

Abstract: Debug trace statements from a firmware are captured during a boot cycle of a computer executing the firmware. The debug trace statements are written to a motherboard's Serial Peripheral Interface (“SPI”) device. A microcontroller's SPI device receives the debug trace statements from the motherboard's SPI device, transforms the data format of the debug trace statements, and transmits the transformed debug trace statements over a serial communications port of the microcontroller.

Abstract: An information handling system includes a data processor, a security co-processor, and a baseboard management controller (BMC). The security co-processor operates during a first in time portion of a boot process of the information handling system. The BMC provides first video display content during the first in time portion of the boot process. The data processor provides second video display content during a second in time portion of the boot process.

Abstract: Various systems, methods, and processes to protect virtual machine data in cloud computing environments are disclosed. A request for application data is received. The application data is encrypted, the request is received at an encryption virtual machine, and the encryption virtual machine is configured to receive the request from application virtual machines via loaders. A map file is accessed to identify an application virtual machine for which the application data is requested and the application data is accessed in a storage volume. The storage volume is communicatively coupled to the encryption virtual machine, and the encryption virtual machine is coupled between the application virtual machines and the storage volume. The application data is received from the storage volume and decrypted at the encryption virtual machine. The decrypted application data is sent to the loaders.

Abstract: A malicious code analysis device and method used on an external device connected via a USB cable. The malicious code analysis method includes connecting a malicious code analysis device to an analysis target terminal, on which malicious code is to be executed, from outside the analysis target terminal via a USB cable, multi-booting the analysis target terminal based on multiple Operating System (OS) image files stored in the malicious code analysis device; providing user input to the analysis target terminal so that malicious code is incapable of recognizing that a current environment is an analysis environment, and analyzing, by the malicious code analysis device, the malicious code in consideration of both data modified by the malicious code, among pieces of data corresponding to the multiple OS image files, and the user input.

Abstract: An information handling system pre-boot fault monitor tracks errors detected before boot of an operating system and stores the errors in persistent memory as error hashes generated from information associated with the error. Corrective actions associated with error hashes are determined by data mining error hashes provided from a population of deployed systems and stored in the persistent memory of the deployed systems. As the pre-boot fault monitor detects errors, a matching comparison between detected error hashes and stored corrective action hashes provides pre-boot instructions with corrective actions so that boot can be completed and the error managed with the operating system after POST.

Abstract: The invention relates to a computer implemented system that automates ATM deployment. The innovative system identifies software installation data for one or more ATM remote devices; transmits the software installation data as a preload to the one or more ATM remote devices, prior to a software build; identifies an associated network segment of the one or more ATM remote devices; and identifies bandwidth data for the network segment relevant to software download progress.

Abstract: A security system and method for the Internet of Things integrates a multitude of devices and protocols. The security system includes an OAS security gateway that protects the local IoT devices from external network-based attacks through remote attestation requests to a remote attestation server. The remote attestation message is used by the remote attestation server to analyze the software execution history of the local IoT device, so as to detect malware or insecure software. A cryptographic chip operatively integrates in the security gateway. The security system also performs data packet encryption and decryption of communications between the local IoT devices and remote user devices with an encryption engine. A service virtualization engine converts incompatible communication protocols between the IoT device and the remote user device. A network traffic sanitization engine filters data packet communications between the local IoT device and the remote attestation server.

Abstract: Systems and methods are disclosed for validating firmware and/or firmware images. A data storage device may transmit a request to validate a firmware image, to a storage drive. The data storage device may receive data indicating whether the firmware image is valid, from the storage drive. The data storage device may initiate operation using the firmware image if the firmware image is valid.

Abstract: Systems and methods embed a random-access non-volatile memory array in a managed-NAND system to execute the boot code or other time-sensitive applications. By embedding this random-access non-volatile memory in the managed-NAND system, either on the memory controller chip or as a separate chip within the managed-NAND system package, an application may be read with fast initial access time, alleviating the slow access time limitations of NAND Flash technology. Depending on the size of the application, the system may be configured to read the whole application content or only a time-critical portion from this embedded random-access non-volatile memory array.

Abstract: A dependency-based startup method in a multi-modality medical processing system that includes receiving initialization information about a plurality of executable components to be started, the plurality of executable components including an executable modality component configured to communicate with a medical device communicatively coupled to the multi-modality medical processing system. The method also includes receiving dependency information about the executable modality component, the dependency information identifying one or more of the executable components upon which the executable modality component depends and transforming the initialization information and the dependency information into a dependency map that represents the dependencies between the plurality of executable components.

Abstract: Techniques utilizing library and pre-boot components to ensure that a driver associated with a kernel-mode component is initialized before other drivers during a boot phase are described herein. The library component is processed during a boot phase; the pre-boot component, which may be an alternative to the library component, is processed during a pre-boot phase. By ensuring that the driver is the first driver initialized, the components enable the driver to launch the kernel-mode component before other drivers are initialized. The library component may also determine whether another driver is to be initialized before the kernel-mode component driver, may ensure that kernel-mode component driver is initialized first, and may alert the kernel-mode component. Also, the library component may retrieve information that is to be deleted by the operating system before initialization of drivers and may provide that information to the kernel-mode component.

Abstract: A method may include determining if both of two redundant operating system images for executing functionality of a chassis management controller were found during one or more previous boot sessions of the chassis management controller to be unsecure, wherein each operating system image comprises an integrated kernel and initial file root system stored in a respective first partition of a memory of the chassis management controller, verity hashes of a root file system of such operating system image, the verity hashes stored in a respective second partition of the memory, and the root file system of such operating system image stored in a respective third partition of the memory. The method may also include, in response to determining that one of the two redundant operating system images is secure, initiate verification of such operating system image to determine if such operating system image has indicia of tampering.

Abstract: Technology for rapid deployment of computing instances from images is provided. In one example, a method may include instantiating a base computing instance and building an application layer on the base computing instance to create a modified computing instance. A machine image of the modified computing instance may be saved. The modified computing instance may be instantiated based on the machine image and a customer-defined configuration may be applied to the modified computing instance to obtain a configured computing instance.

Abstract: A hardware architecture for a universal testing system used for performing Wifi tests on wireless devices under test (DUT) is disclosed. According to certain embodiments, test information travels from a Wifi port of the test server to the Wifi port's antenna in a Faraday cage, and then travels over the air to DUT's Wifi antenna in the same Faraday cage, and then to a LAN Ethernet port of the DUT, and then to the test server's Ethernet port.

Abstract: Various examples described herein provide for firmware verification on a peripheral device that can couple to a computing device. Before operating firmware is executed on the peripheral device, boot firmware can execute on the peripheral device and cause the peripheral device to generate a hash of the operating firmware. The peripheral device can transmit the hash to a validator external to the peripheral device, such as a management processor. The peripheral device can receive, from the validator, a validation decision based on the transmitted hash. In response to the validation decision indicating invalidity of the operating firmware, the peripheral device can execute recovery firmware to cause the peripheral device to retrieve replacement firmware. Depending on the example, the retrieved replacement firmware may replace the operating firmware or the operating firmware may be updated based on the retrieved replacement firmware.

Abstract: A method includes transmitting, over a virtual private network (VPN) to a remotely-located control platform, a request for first information associated with a BOOTP protocol synchronization process. The method also includes receiving, from the control platform, a first response comprising the requested first information. The method further includes receiving, over a local network from an embedded device in a distributed control system, a request for second information associated with the BOOTP protocol. In addition, the method includes transmitting, to the embedded device, a second response comprising the requested second information.

Abstract: A method, information handling system (IHS) and sub-system for enabling booting of the IHS using different operating system configurations. The method includes retrieving, via a processor, a unified extensible firmware interface (UEFI) image from a storage device and initializing at least one UEFI runtime service. The processor determines if a memory map corresponding to the UEFI runtime service defines multiple memory descriptors. In response to determining that the memory map defines multiple memory descriptors, a common memory descriptor is identified. The UEFI runtime service and the corresponding memory map are aligned to the common memory descriptor. The aligned UEFI runtime service and the corresponding memory map are copied to a system memory of the IHS. The operating system is booted, wherein the aligned UEFI runtime service and the corresponding memory map are compatible with operating systems that support single runtime memory descriptors.

Abstract: An electronic system includes: an interface control unit configured to receive a write buffer command; a command core, coupled to the interface control unit, configured to execute a firmware update based on the write buffer command; a non-volatile memory array, coupled to the command core, configured to store an image of a primary file system, a secondary file system, a primary firmware, and a secondary firmware; a tightly coupled memory (TCM), coupled to the command core, configured to contain an operating firmware; and a volatile memory, coupled to the interface control unit, configured to store the write buffer command including a product image; wherein: the command core is configured to execute in order: verify the product image, extract an operating firmware executable and a solid state file system (SSFS) update from the product image, copy the operating firmware executable to the secondary firmware and the TCM, restart the operating firmware as the operating firmware executable in the TCM, extract a sol

Abstract: A user may desire to execute a process in a target environment. However, administrators may want control over processes that haven't been preapproved to prevent the execution of processes that may affect security and compliance within the environment. Implementation of a multi-factor execution gateway may grant the user limited access to execute the process himself at an otherwise restricted, protected, or decoupled environment, while ensuring security and compliance by obtaining approval from the appropriate authorities. For example, a request to execute the process in the environment may be detected, and a fingerprint may be generated based on parameters of the request. A signature for the fingerprint in the form of private key(s) acquired from authorizer(s) based on a level of authorization required for the process may be received to generate a key, and execution of the process may then be allowed at the environment using the key.

Abstract: A method for automatically detecting and diagnosing problems in computer system functioning includes determining changed objects from computer system monitoring data, calculating temporal correlations from errors and changes sequences for each changed object, identifying and ranking suspicious computer system behavior patterns from the temporal correlations, and outputting said ranked suspicious computer system behavior patterns.

Abstract: Method and system for securely communicating with a machine to machine, M2M, device comprising sharing a secret or data derived from the secret between the M2M device and a server. Establishing a connection between the M2M device and the server. Using the shared secret or data derived from the shared secret to establish cryptographic material on both the M2M device and the server. Securing communication between the M2M device and the server with a cryptographic protocol using the established cryptographic material. The cryptographic material is unrecoverable from the shared secret or data derived from the shared secret alone.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus may be a service processor. The service processor allocates a plurality of frame buffers. The service processor also writes image data of a predetermined image to a first frame buffer of the plurality of frame buffers. The service processor further loads a first application. The service processor displays the predetermined image in accordance with the image data stored in the first frame buffer while the first application is being loaded. The service processor then writes image data of the first application to a second frame buffer of the plurality of frame buffers.

Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.

Abstract: A method and device for using a set of APIs are provided. Some of the functions which used to be performed by software are now accelerated through hardware.