Patent application number | Description | Published |
20130276128 | SECURE OPTION ROM FIRMWARE UPDATES - Option ROM updates are performed in a secure manner with centralized control through system initialization firmware, such as the system BIOS. An option ROM updater manages copying an option ROM update to an auxiliary subsystem if an update bit is set, such as by a secure system management interface with the BIOS. Upon detection of an update bit, the option ROM updater unlocks a write protect at the auxiliary subsystem firmware and copies an option ROM update to the auxiliary subsystem to update the option ROM. After completing the option ROM update, the option ROM updater locks write protection of the option ROM to maintain system security. | 10-17-2013 |
20140143530 | SYSTEMS AND METHODS FOR ISOLATION OF INFORMATION HANDLING RESOURCES IN RESPONSE TO EXTERNAL STORAGE RESOURCE BOOT - An information handling system may include a processor, at least one information handling resource, at least one external port configured to receive an external information handling resource and couple the external information handling resource to the processor, and a basic input/output system. The basis input/output system may comprise a program of instructions executable by the processor and configured to cause the processor to determine whether a current boot session of the information handling system was initiated by a boot from an external storage resource coupled to the at least one external port, and in response to a determination that the current boot session of the information handling system was initiated by a boot from an external storage resource coupled to the at least one external port, disable one or more of the at least one information handling resource for the current boot session. | 05-22-2014 |
20140149730 | SYSTEMS AND METHODS FOR ENFORCING SECURE BOOT CREDENTIAL ISOLATION AMONG MULTIPLE OPERATING SYSTEMS - A method may include designating a key exchange key as an active key exchange key for a boot session of the information handling system. The method may further include during the boot session, in response to a call for updating a value of an authorized database of keys associated with executable code permitted to execute on the information handling system or an authorized database of keys associated with executable code forbidden to execute on the information handling system: determining whether the value is digitally signed with the active key exchange key, determining whether the update is to a database or database entry associated with the active key exchange key, and processing the update in response to determinations that the value is digitally signed with the active key exchange key and that the update is to a database or database entry associated with the active key exchange key. | 05-29-2014 |
20140164781 | SYSTEM AND METHOD FOR GENERATING ONE-TIME PASSWORD FOR INFORMATION HANDLING RESOURCE - In accordance with embodiments of the present disclosure, a method may include generating a random number to be associated with an information handling resource. The method may also include generating a challenge string based at least on the random number. The method may additionally include encrypting the challenge string using a first shared secret. The method may further include receiving a one-time password generated by a vendor associated with the information handling resource, the one-time password generated by decrypting the challenge string using the first shared secret, parsing the random number from the decrypted challenge string, and digitally signing the decrypted challenge string with a digital signature using a second shared secret. The method may also include granting user access to the information handling resource in response to verifying, using the second shared secret, that the digital signature matches the random number. | 06-12-2014 |
20140188949 | METHODS AND SYSTEMS FOR SUPPLY CHAIN ASSURANCE OF INFORMATION HANDLING SYSTEM CODE - In accordance with embodiments of the present disclosure, an information handling system may include a processor and a program of instructions embodied in a computer-readable medium. The instructions may be configured to, when read and executed by the processor: (i) store in an image map file one or more range descriptors recording one or more physical memory address ranges storing code to be installed to a second information handling system; and (ii) store in the image map file one or more hashes, each hash associated with code stored in a respective one of the one or more physical memory address ranges. | 07-03-2014 |
20140344886 | Sensor Aware Security Policies with Embedded Controller Hardened Enforcement - An information handling system (IHS) performs security policy enforcement using security policy data maintained in an embedded controller, which operates within a privileged environment. The security policy data identifies security policies established for the IHS. The EC is directly connected to a number of sensors from which the EC receives sensor data and to at least one integrated functional device. The EC determines whether the received sensor data fulfills any trigger condition of a security policy. If the received sensor data does not fulfill any trigger condition of a security policy described by the security policy data, the EC continues to monitor sensors for updated sensor data. However, if the received sensor data fulfills any trigger condition of the security policy, the EC performs a security measure that involves enabling, disabling, or resetting one or more of the at least one integrated functional devices that can be disabled. | 11-20-2014 |
20150220736 | Continuous Memory Tamper Detection Through System Management Mode Integrity Verification - An information handling system includes a plurality of memory locations, an embedded controller, and a basic input/output system (BIOS). The embedded controller provides an interrupt signal at random intervals. The BIOS is in communication with the embedded controller, and receives data associated with the plurality of memory locations including a first memory location. In response to the interrupt signals, the BIOS performs data integrity verification of the first memory location based on the data associated with the plurality of memory locations. | 08-06-2015 |
20150222669 | SENSOR AWARE SECURITY POLICIES WITH EMBEDDED CONTROLLER HARDENED ENFORCEMENT - An information handling system (IHS) performs security policy enforcement using security policy data maintained in an embedded controller, which operates within a privileged environment. The security policy data identifies security policies established for the IHS. The EC is directly connected to a number of sensors from which the EC receives sensor data and to at least one integrated functional device. The EC determines whether the received sensor data fulfills any trigger condition of a security policy. If the received sensor data does not fulfill any trigger condition of a security policy described by the security policy data, the EC continues to monitor sensors for updated sensor data. However, if the received sensor data fulfills any trigger condition of the security policy, the EC performs a security measure that involves enabling, disabling, or resetting one or more of the at least one integrated functional devices that can be disabled. | 08-06-2015 |