Patent application number | Description | Published |
20090094421 | Manufacturing mode for secure firmware using lock byte - Upon initialization or startup of an electronic device, the device checks a predetermined section of non-volatile memory, referred to as the signature byte or lock byte, and allows either the manufacturing mode which allows for installation of the final or production version of firmware to be loaded into non-volatile memory, or the production mode which write-protects certain portions of non-volatile memory before giving operating control of the electronic device to another program, for example, an operating system. By only allowing execution of operating system or other executable code after write-protecting certain portions of non-volatile memory, system security, integrity, and robustness are substantially increased. | 04-09-2009 |
20120159520 | EMULATING LEGACY VIDEO USING UEFI - Techniques for supporting legacy VGA video using UEFI standard and extended UEFI graphics drivers. When an operating system that does not natively support the UEFI display protocols requires video services provided by firmware, the operating system communicates a request for video services to a generic video option ROM. The generic video option ROM notifies a generic video SMM driver of the request for video services. Such notification may be performed using a software system management interrupt (SMI). Upon notification, the generic video SMM driver notifies a third party UEFI video driver of the request for video services. The third party video driver provides the requested video services to the operating system. In this way, a third party UEFI graphics driver may support a wide variety of operating systems, even those that do not natively support the UEFI display protocols. | 06-21-2012 |
20140136828 | BIOS USER INTERFACE CONTROL USING MOBILE DEVICE - A technique for managing a Unified Extensible Firmware Interface (UEFI) Basic Input/Output System (BIOS)-controlled computing device from a separate mobile computing device is discussed. | 05-15-2014 |
20140289436 | NETWORK CONTROLLER SHARING BETWEEN SMM FIRMWARE AND OS DRIVERS - A mechanism for reducing the cost of providing network-based remote platform management by allowing system firmware to communicate with a remote platform administrator or process by sharing a NIC that is also used for normal network traffic is discussed. The dual use of the NIC reduces the cost of remote platform management by removing the need for a secondary controller or CPU core on the computing device that is dedicated to remote management tasks. Additionally, performance in the computing device improves as a byproduct of a CPU core or thread not being dedicated to the management task and instead being available for handling of other tasks. | 09-25-2014 |
20140289570 | VIRTUAL BASEBOARD MANAGEMENT CONTROLLER - A system firmware agent providing the capabilities of a Baseboard Management Controller (BMC) from within System Management Mode (SMM) is discussed. A virtual BMC provides dedicated communication channels for system firmware, other BMCs in the platform and remote management agents. The virtual BMC may monitor the status of the system, record system events, and control the system state. | 09-25-2014 |
20140331037 | SECURE BOOT OVERRIDE IN A COMPUTING DEVICE EQUIPPED WITH UNIFIED-EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE - A firmware-based system and method for detecting an indicator of an override condition during a Unified Extensible Firmware Interface (UEFI) Secure Boot sequence. The indicator of the override condition may be detected based upon the pressing of a specialized button, designated key or keys or other received input that indicates both physical presence of the user and the desire, on the current boot, to bypass UEFI Secure Boot. An embodiment may work for only a single boot, not require access into a setup application, and may be accessed by externally accessible features of the computer system. | 11-06-2014 |
20150074387 | SYSTEM AND METHOD FOR AUTO-ENROLLING OPTION ROMS IN A UEFI SECURE BOOT DATABASE - A mechanism for automatically enrolling option ROMs into the system security database used for a UEFI Secure Boot is discussed. A request is received by a computing device to auto-enroll one or more option ROMs for one or more respective devices on the next boot of the system. Upon receiving the request, a flag or other type of indicator indicative of an auto-enroll status is changed to an active mode. The indicator is stored in non-volatile memory and may be stored as a UEFI Authenticated Variable. Following the changing of the indicator, the system is either reset or shut down. During the next boot only, after identifying the indicator indicative of an active mode auto-enroll status, the signatures for the option ROMs of all discovered devices whose signatures do not exist in the system security database are calculated(hashed) and added to the UEFI Secure Boot database without user interaction. | 03-12-2015 |
20150074427 | SYSTEM AND METHOD TO SECURE ON-BOARD BUS TRANSACTIONS - A technique for securing on-board bus transactions in a computing device is discussed. A shared key is generated and then programmed into the read-only non-volatile write-once storage of two on-board components. The shared key may be generated during the manufacturing process. Once complete, all transactions between the two on-board components are encrypted by the components using the shared key without exposing the key on any external bus. | 03-12-2015 |
20150081684 | SYSTEM AND METHOD TO SHARE AN APPLICATION WITH ANOTHER DEVICE - A technique for sharing an application between devices is discussed. Embodiments of the present invention transmit information about an application from a source computing device to a target computing device. An application sharing service on the target computing device then automatically searches the target computing device for a resident corresponding application or its equivalent and if a corresponding application is not found, searches an application store or repository for the corresponding application. If the application or its equivalent is found in the application store or repository, a user may be prompted to download the application or the application may be downloaded automatically. If the corresponding application was found on the target computing device originally, a check may be performed to determine if the most recent update is installed and, if the most recent version is not installed, it may be downloaded from the application store. | 03-19-2015 |
20150089238 | SYSTEM AND METHOD FOR VERIFYING CHANGES TO UEFI AUTHENTICATED VARIABLES - A mechanism for certifying that an operating system-based application has authorization to change a UEFI authenticated variable held in the system firmware is discussed. Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware. The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable. In one embodiment, the password is the system firmware password. | 03-26-2015 |