4532 results about "BIOS" patented technology

A method or system for supporting a computer systems self repair, including the computer executed steps for booting from a first boot device, and booting from a second boot device in response to a signal indicating a need for repair. While booted from the second boot device the computer system is capable of repairing software on the first boot device. The signal may effect a logical or physical switch. Repairing software may be performed in part by copying BIOS, template, backup or archive software from a device other than the first boot device. Repairing software may be performed automatically without direction by a user or according to preset preferences.

A method for providing a secure firmware update. A first authentication credential is securely stored on a platform in an encrypted form using a key generated by a secure token, such as a trusted platform module (TPM). Typically, the authentication credential will identify a manufacture and the operation will be performed during manufacture of the platform. A configuration of the platform is “imprinted” such that an identical configuration is required to access the key used to decrypt the first authentication credential by sealing the key against the platform configuration. During a subsequent firmware update process, a firmware update image containing a second authentication credential is received at the platform. If the platform configuration is the same as when the key was sealed, the key can be unsealed and used for decrypting the first authentication credential. A public key in the first authentication credential can then be used to authenticate the firmware update image via the second authentication credential.

A method for gaming terminals, gaming kiosks and lottery terminals to ensure that the code-signing verification process of downloaded game software can be trusted. Drivers independently developed from the operating system supplier are embedded within the operating system kernel to verify that the micro-coded hardware components, the BIOS (808), the operating system components and the downloaded game software can be trusted.

The present invention proposes a computer system and a method capable of performing integrity detection, comprising: a running mode unit which comprises an integrity detection boot variable to determine whether or not to initiate an integrity detection boot mode by judging said running mode unit; an EFI integrity detection unit (5), which is used for performing an integrity detection on EFI image codes in the integrity detection boot mode, and comprises an integrity metric value for being compared with an EFI integrity calculated value generated after the EFI integrity detection unit performs the integrity detection on the EFI image codes, to determine the integrity of the EFI image codes; an operating system integrity detection unit (6); and an integrity management unit. The present invention is based on the EFI BIOS to perform the integrity detection on the operating system during the pre-boot stage, having better reliability and security.

A method and apparatus for protecting a computer system. Specifically, a method and system for validating portions of memory at each power-on cycle is described. A Boot Block is used to validate the BIOS, CMOS and NVRAM of a system. The BIOS may also be used to validate the Boot Block, CMOS and NVRAM.

A virtual appliance environment (VAE) consists of components residing on a computer BIOS ROM and also on a mass storage device. The VAE includes a virtual appliance (VA) for diagnosing malfunctioning hardware or software. The VA for diagnosing malfunctions tests the hardware and/or software resident in the computer and transmits the results of the test to a server, which diagnoses the problem and transmits instructions to the VAE for saving the data, determining whether the computer is under warranty, and providing shipping information to a user. The VAE can also download a VA for scanning viruses. The VAE transmits the results of the virus scan to the server, which determines the type of virus infecting the computer and transmits instructions to the virtual appliance for downloading the appropriate VA for removing the virus. The VAE can save the data to another source, remove the virus, and restore the data or simply remove the virus.

A method and apparatus for booting a client computer connected to a network without a boot ROM and without an operating system is provided. Instructions from a BIOS ROM are executed to load a boot code loader from a nonvolatile, read/write memory, such as a diskette or hard disk. The boot code loader executes to load a control program from the diskette, and the control program executes to load a set of programs and/or device drivers from the diskette without loading an operating system. The set of programs and/or device drivers communicate with a network server to retrieve a boot program from the network server, and the boot program executes to complete the boot process of the client, such as downloading an operating system from the server.

An embodiment of the present invention is a system and method relating to automatic firmware image update by proxy for BIOS or other embedded firmware image. When a server equipped with a baseboard management controller (BMC) and detects that its BIOS code image is corrupted or out of date, it may broadcast a request for an image update over an out-of-band network. One or more donor systems on the network may respond to the request and send the requestor a new image. The recipient system uses management policies to determine from which donor system to accept an update. In another embodiment, the BMC retrieves a new BIOS image from a predetermined location and updates the BIOS image accordingly.

A computer system includes a dual basic input-output system (BIOS) read-only memory (ROM) system to initialize the computer. When the computer is first powered on or reset, the primary BIOS ROM is initially enabled. The computer analyzes the contents of the primary BIOS memory to detect data errors. If a data error is detected, a chip enable circuit disables the primary BIOS ROM and enables a secondary BIOS ROM containing essentially the same initialization instructions as the primary BIOS ROM. If no errors are detected in the secondary BIOS ROM, the initialization of the computer proceeds using the secondary BIOS ROM. As part of the initialization procedure, the contents of the secondary BIOS ROM are copied to a random access memory. The primary BIOS ROM can then be reprogrammed with the contents of the secondary BIOS ROM using the copy in random access memory, or from the secondary BIOS ROM itself.

In accordance with one aspect of the current invention, the system comprises a memory for storing instruction sequences by which the processor-based system is processed, where the memory includes a physical memory and a virtual memory. The system also comprises a processor for executing the stored instruction sequences. The stored instruction sequences include process acts to cause the processor to: map a plurality of predetermined instruction sequences from the physical memory to the virtual memory, determine an offset to one of the plurality of predetermined instruction sequences in the virtual memory, receive an instruction to execute the one of the plurality of predetermined instruction sequences, transfer control to the one of the plurality of predetermined instruction sequences, and process the one of the plurality of predetermined instruction sequences from the virtual memory. In accordance with another aspect of the present invention, the system includes an access driver to generate a service request to utilize BIOS services such that the service request contains a service request signature created using a private key in a cryptographic key pair. The system also includes an interface to verify the service request signature using a public key in the cryptographic key pair to ensure integrity of the service request.

A computer system including several nonconcurrently active hard disk drives ordinarily loaded with unique software bundles. Each active hard drive introduces an especial operating system setup and applications installation which is unconditionally denied access by activities obtained under another hard disk drive's software instructions. An absolute isolation between two or more user's application programs and data files is achieved while sharing a common set of computer system hardware and peripherals. Each category of nonconcurrent user operates independently without a threat of corruption from activities of another prior or subsequent user utilizing the same computer system for another disparate activity. In an IDE/ATA interface environment, a typical arrangement includes a setting of ROM-BIOS to only recognize a MASTER drive with a subsequent user determined swapping of MASTER and SLAVE modes between at least two hard drives utilizing a manual switch-over to obtain operation under operating system and programs uniquely installed on each of the intently selected MASTER drives, while denying access to the alternant SLAVE drive. In an SCSI interface environment, several drives set with the same SCSI-ID number are selected between by manually controlling a completion of the SCSI bus SEL line to the active intended drive and interrupting the SEL line to designated inactive drives. Virus corruption of one primary drive is fire-walled against inadvertent transfer into an alternate primary drive thereby assuring system operating integrity for one user category in spite of virus contamination, command errors, or careless or malicious hacking introduced by another user category.

The present invention provides methods and apparatus that utilize a portable apparatus to operate a host computer. The portable apparatus including an operating system and a list of software applications is installed in a removable data storage medium. The basic input/output system (BIOS) of the host computer will directly or indirectly identify the portable apparatus as its boot drive. The host computer will further load the operating system in the portable apparatus into its random access semiconductor memory (RAM). A hardware profile is stored in the host computer, which contains information about the host computer and its peripheral devices. During the loading, the operating system will incorporate information in the hardware profile in order to fully operate the host computer and the hardware devices defined in the profile.

A computer system includes a flash memory device for storing BIOS code. The BIOS code is stored in an unprotected area of the flash memory. A boot block, stored in a protected area of the flash memory, is used for rebooting the computer system in the event that the flash memory device becomes corrupted. During normal operation, the BIOS code is updated using a radio link. If the BIOS is corrupted while being updated, a recovery routine stored in the boot block is executed. The recovery routine permits the corrupted BIOS to be reprogrammed using a serial interface instead of the radio link.

The invention discloses a trust chain transfer method for a trusted computing platform. A trusted computing module (TCM) serving as a starting point of starting a trust chain is started and actively initiated at first to verify the trustiness of a BIOS (basic input output system) chip; after the trusted BIOS chip is started, a MAIN BLOCK of the BIOS chip performs concentrated integrity verification on key files of an MBR (master boot record), an operating system loader and an operating system kernel; in the starting process of an operating system, the starting and running of an unauthorized program are prevented in a way of combining the integrity verification based on a white list and running program control; and hashing operations for the integrity verification are finished by a hardware computing engine. When a user starts any executable program, a security module in the operating system kernel checks the integrity of the program and checks whether the program is in the trusted program white list or not, and only application programs which are in the trusted program white list of the system and have integrity measures consistent with an expected value are permitted to be run. High-efficiency and fine-grained trust chain transfer is realized, the damages of viruses to system files and program files can be prevented, and the execution of the unauthorized program can be prevented.

Executable applications on a gaming machine are verified before they can be executed, for security purposes and to comply with jurisdictional requirements. Unlike in prior systems for authenticating the executable applications, embodiments allow for new executable applications to be provided and verified over time with different private and public key pairs, even after the operating code of the gaming machine is certified by the jurisdiction and deployed in the field.

In a processing system that includes a baseboard management controller (BMC) and which has a plurality of modes of operation, including a startup mode, a shutdown mode, a basic input/output system (BIOS) recovery mode, and a normal operating mode, the BMC is used to facilitate installation of firmware in the processing system while the processing system is in any of the plurality of modes of operation.

A computer system includes a first portion of a Hypervisor is loaded into the memory as a part of an Extensible Firmware Interface upon start up and prior to loading of an operating system. The first portion is responsible for context switching, at least some interrupt handling, and memory protection fault handling. The first portion runs on a root level. An operating system is loaded into a highest privilege level. A second portion of the Hypervisor is loaded into operating system space together with the operating system, and runs on the highest privilege level, and is responsible for (a) servicing the VMM, (b) servicing the VMs, (c) enabling communication between code launched on non-root level with the second portion of the Hypervisor to perform security checks of trusted code portions and to enable root mode for the code portions if allowable. The VMM runs on the highest privilege level. A Virtual Machine is running under control of the VMM. Trusted code runs on non-root level. The first portion of the Hypervisor verifies trusted code portions during their loading or launch time, and the trusted code is executed on root level.

A method and system for the provisioning of software that enable large scale installation and management of software in computer units in a highly secure manner. The BIOS of the target computer unit is adapted such that upon power up the system attempts to boot from an external media. The BIOS features functions within the code for the implementing a system watchdog for assuring the system remains in a known state, a function for digital signature verification, and loads drivers for a file system. The external media includes the operating system (OS) image and other bootstrap files, each having been digitally signed with an asymmetric private key that corresponds to the public key. A programmable read-only parameter memory on the motherboard is configured to store the public keys and the (failure) state of the system independently of the primary and secondary media enabling reboot from an alternative boot path.

An arrangement and method are disclosed herein for operating a computer system including a host computer having system RAM. The host computer uses a BIOS to control the operation of the system. The operation of the system requires the host computer to obtain the BIOS device and store the BIOS within the system RAM. The arrangement and method of the invention allows at least a portion of the BIOS to be stored within the mass memory storage of a mass memory storage peripheral computer device rather than being stored within ROM. The BIOS may be expansion BIOS associated with a particular peripheral computer device or system BIOS associated with the host computer.