172 results about "Unified Extensible Firmware Interface" patented technology

In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed.

The invention discloses a unified extensible firmware interface (UEFI) trusted supporting system and a method for controlling the same. The UEFI trusted supporting system comprises UEFI trusted supporting system firmware and a trusted platform control module (TPCM), wherein the UEFI trusted supporting system firmware is stored on a nonvolatile memory and connected with the TPCM by a system bus; and the TPCM is connected with a trusted computation platform by the system bus. The method for controlling the UEFI trusted supporting system comprises the following steps of: firstly, loading a driver for the TPCM; secondly, sequentially authenticating the identity of users, performing measurement validation on a basis input/output system (BIOS), the characteristic data of hardware and a master boot record (MBR) / operating system (OS) Loader/OS Kernel, controlling different hardware peripheral interfaces according to an I/O strategy of the users, and performing safety guide setting on the system by a safety guide module; and finally, controlling by the BIOS or the OS. By the system and the method, trusted computation, the configuration management of the TPCM, the backup/recovery of the BIOS/MBR/OS Loader/OS Kernel and the physical protection of key data are realized on a firmware layer. The invention can be simultaneously applied to a Linux system which opens source codes and a Windows system which does not open the source codes, so that a fault does not occur in a trust chain between BIOS firmware and OS software, and the safety of a computer and the friendliness of human-computer interaction are improved.

The invention discloses a computer security access control system and a computer security access control method, and belongs to the technical field of information security. A unified extensible firmware interface (UEFI) chip and a transmission control module (TCM) chip are included; a control system comprises an operating system pre-booting access control subsystem and an operating system running access control subsystem, wherein the operating system pre-booting access control subsystem comprises USBKey equipment, a USBkey equipment initialization module, a user management module, an operating system pre-booting identity authentication module and an encryption storage module; and the operating system running access control subsystem comprises USBKey equipment, an operating system user logon module, and an operating system user running protection module. The control method comprises an initialization method, an operating system pre-booting access control method and an operating system running access control method. The invention solves the problems that in the operating system, the reliability of access control is low, user identity information storage is insecure, and identity protection is insufficient in the running process after a user with legal identity logs on.

A mechanism for allowing firmware in a UEFI-compliant device to implement the UEFI specification driver signing and Authenticated Variable elements while at the same time protecting the system security database holding the library of approved keys and lists of allowed and forbidden programs from unauthorized modifications is discussed.

A system and method can update unified extensible firmware interface (UEFI) setting information of a computer. The method creates a system management interrupt (SMI) function based on a UEFI platform of the computer, and stores the SMI function in a SMRAM of the computer. The method further generates an access address of the SMI function when a configuration command is input from an input device, and generate a SMI handler according to the access address. Additionally, the method calls a runtime service function of the UEFI platform by executing the SMI function through the SMI handler, and executes the runtime service function to configure UEFI setting information stored in a flash memory chip and to update BIOS data stored in a CMOS chip related to the UEFI setting information.

Firmware in a UEFI-compliant computing device is used to administer and alter a Secure Boot process for the computing device while continuing to provide protection from unauthorized third-party code.

The invention provides a capsule type custom-made updating method based on a universal and extensible firmware interface firmware system. The method is based on a capsule mechanism of a unified extensible firmware interface (UEFI) firmware system and gets rid of that the current mainstream firmware updating technology depends on system management interrupt (SMI) drive. Through analysis of a capsule, a firmware volume (FV) module to be updated is obtained, the FV module is identified, and obtained data are wrote in firmware file system target addresses, therefore updating of the selected FV module is achieved, and a method which needs to update a whole basic input/output system (BIOS) is got rid of. The capsule mechanism solves the problem that updating tools on different hardware platforms and operation systems cannot be unified. The firmware updating method is flexile, high in application value and capable of being applied to the aspects of firmware remote refreshing, automatic firmware recovery and the like.

A firmware-based system and method for detecting an indicator of an override condition during a Unified Extensible Firmware Interface (UEFI) Secure Boot sequence. The indicator of the override condition may be detected based upon the pressing of a specialized button, designated key or keys or other received input that indicates both physical presence of the user and the desire, on the current boot, to bypass UEFI Secure Boot. An embodiment may work for only a single boot, not require access into a setup application, and may be accessed by externally accessible features of the computer system.

The present disclosure provides a network architecture and verification platform for analyzing the various modules of a Unified Extensible Firmware Interface (UEFI) firmware image. In one embodiment, the disclosed network architecture and verification platform obtains various UEFI firmware images, such as UEFI firmware image residing on a client device or a UEFI firmware image hosted by a hardware manufacturer. The network architecture and verification platform may then segregate the various UEFI firmware modules that make up the UEFI firmware image, and subject the modules to different types of analysis. By analyzing the UEFI firmware modules individually, the network architecture and verification platform builds a repository of Globally Unique Identifiers (GUIDs) referenced by a given UEFI firmware module, which may then be referenced in future analyses to determine whether any changes, and the extent of such changes, have been made to an updated version of the given UEFI firmware module.

A computer system configured to control advanced configuration and power interface ACPI information is provided. The computer system includes a non-volatile memory configured to store an ACPI table, and a processor configured to execute a unified extensible firmware interface (UEFI), wherein a boot service of the UEFI provides a shell application, and the shell application includes an extended command to control information of the ACPI table.

Restoring from a legacy OS environment to a Unified Extensible Firmware Interface (UEFI) pre-boot environment, including: storing, under the UEFI pre-boot environment, context in the UEFI pre-boot environment that needs to be preserved, where the context in the UEFI pre-boot environment that needs to be preserved includes CPU execution context; restoring a first portion of the CPU execution context in response to the UEFI pre-boot environment failing to load the legacy OS; making a CPU associated with the UEFI pre-boot environment enter into System Management Mode, and restoring a second portion of the CPU execution context under the System Management Mode; and exiting from CPU System Management Mode, thereby returning to the UEFI pre-boot environment.

Exemplary features pertain to providing trusted platform module (TPM) support for ARM®-based systems or other Reduced Instruction Set Computing (RISC) systems. In some examples, secure firmware (e.g., TrustZone firmware) operates as a shim between an unsecure high level operating system (HLOS) and a discrete TPM chip or other trusted execution environment component. The secure firmware reserves a portion of non-secure memory for use as a command response buffer (CRB) control block accessible by the HLOS. The secure firmware translates and relays TPM commands/responses between the HLOS and the TPM via the non-secure CRB memory. The system may also include various non-secure firmware components such as Advanced Configuration and Power Interface (ACPI) and Unified Extensible Firmware Interface (UEFI) components. Among other features, the exemplary system can expose the TPM to the HLOS via otherwise standard UEFI protocols and ACPI tables in a manner that is agnostic to the HLOS.

The invention provides firmware system long-distance updating methods based on a unified extensible firmware interface. A client server structure is adopted by the methods. The client server structure comprises a server and a client machine. A network protocol stack is achieved on UEFIBIOS by the client server structure, and data transmission is carried out by the client machine through a network and the server. The number of the long-distance updating methods is two. One method is that a client machine UEFIBIOS long-distance updating method is started by the server, and the other method is that UEFIBIOS long-distance updating method is started by the client machine. According to the long-distance updating methods, no assistance of mobile devices is needed, long-distance updating of UEFIBIOS is achieved through the network by the server, labor power and cost is reduced, and good control of the upgrading of UEFIBIOS is achieved.

The invention discloses a design method of a firmware GUI (graphical user interface) based on SVG (scalable vector graphics). The method comprises the steps that the SVG of an extensible markup language is used for indicating constituent elements of the firmware GUI; an interface file described by the SVG is obtained; an SVG resolver is called for resolving the described file of the firmware GUI; basic elements of the SVG are extracted; an interface element structure tree is generated; and the extracted elements of the SVG are drawn and displayed according to a graphic output protocol provided by a UEFI (unified extensible firmware interface). With the adoption of the firmware GUI designed by the method, configuration and management of hardware are more visual and quicker; interface customization is individual; an interface indication file occupies a small space; the interface can play an animation effect; and compared with the traditional BIOS (basic input output system) textual interface, the firmware GUI based on the SVG has the characteristics that the firmware GUI is visual, friendly and easy to operate.

The invention relates to a UEFI (Unified Extensible Firmware Interface) firmware implementation method based on a Feiteng portable computer, and belongs to the technical field of computer firmware. Firmware is divided into a hardware abstraction layer, a firmware core layer, an equipment protocol layer and a firmware application layer, wherein the hardware abstraction layer is used for realizing the initialization of key hardware components such as a processor, an internal memory and a chipset, packaging and abstracting other board-level hardware and realizing the initialization, and also providing a function interface for accessing bottom-layer hardware equipment for an upper module; the firmware core layer is used for establishing a system service table in a UEFI to carry out the unified management of all modules in the firmware and the management of various resources; the equipment protocol layer is used for realizing various standard industrial specifications; the firmware application layer is used for realizing all functions of the firmware, such as interface configuration, system monitoring, file system and operating system guiding. The UEFI firmware implementation method can realize firmware products, with high expandability and perfect functions, meeting international mainstream UEFI firmware specifications on the Feiteng portable computer so as to support the normal start and operation of the Feiteng portable computer.

A mechanism for controlling the execution of Option ROM code on a Unified Extensible Firmware Interface (UEFI)-compliant computing device is discussed. A security policy enforced by the firmware may be configured by the computing platform designer/IT administrator to take different actions for different types of detected expansion cards or other devices due to the security characteristics of Option ROM drivers associated with the expansion card or device. The security policy may specify whether authorized signed UEFI Option ROM drivers, unauthorized but signed UEFI Option ROM drivers, unsigned UEFI Option ROM drivers and legacy Option ROM drivers are allowed to execute on the UEFI-compliant computing device.

The invention relates to a UEFI (Unified Extensible Firmware Interface) firmware implementation method based on a Feiteng server, and belongs to the technical field of computer firmware. Firmware is divided into a hardware abstraction layer, a firmware core layer, an equipment protocol layer and a firmware application layer, wherein the hardware abstraction layer is used for realizing the initialization of key hardware components such as a processor, an internal memory and a chipset, packaging and abstracting other board-level hardware and realizing the initialization, and also providing a function interface for accessing bottom-layer hardware equipment for an upper module; the firmware core layer is used for establishing a system service table in a UEFI to carry out the unified management of all modules in the firmware and the management of various resources; the equipment protocol layer is used for realizing various standard industrial specifications; the firmware application layer is used for realizing all functions of the firmware, such as interface configuration, system monitoring, file system and operating system guiding. The UEFI firmware implementation method can realize firmware products, with high expandability and perfect functions, meeting international mainstream UEFI firmware specifications on the Feiteng server so as to support the normal start and operation of the Feiteng server.

Methods, systems, apparatuses and program products are disclosed for providing parametric policy isolation in builds of Unified Extensible Firmware Interface based Personal Computer firmware, typically but not essentially as BIOS.

Policy Description, including means for enabled description of desired system behavior under code execution and operational hardware exigencies are provided through project file statements.

Provision is made for direction of policy at a project file that is not embedded in core functions. This allows a less expert and more efficient approach to policy adaptation and evolution in response to evolving PC product requirements.

Methods, systems, apparatuses and program products are disclosed for providing parametric driven build of Unified Extensible Firmware Interface based Personal Computer firmware, typically but not essentially as BIOS.

Provision is made for source databases providing for multiple configurations, variants, revisions and levels of capabilities including on non-hierarchical bases.

The invention discloses a method of realizing a wireless card driver in a UEFI (unified extensible firmware interface) layer. The method comprises the steps of transplanting and modifying the wireless card driver, adding the codes of wireless card driver detection and initiation and realizing a network protocol interface; rewriting, recompiling and programming the codes to a development board; powering on the system, operating the UEFI firmwire, initializing the hardware and realizing all the services defined by all the needed UEFI standards for an upper interface. A UEFI startup manager loads UEFIShell, the UEFIShell loads the wireless card driver and a transmission control protocol/internet protocol (TCP/IP) stack module, a wireless network communication environment is established, and the operating system is remotely booted through the wireless network. The method can realizing the detection, the initiation and the data read-write of the wireless network equipment in an environment without the operating system and the reliance of the wireless network equipment on the operating system is removed.

The invention discloses a UEFI (unified extensible firmware interface) based server NVME (non-volatile memory express) hard disk back plate function testing method. The testing method comprises steps as follows: 1) a machine is started through a uefi shell; 2) a uefi starting script is guided into a testing USB disk; 3) a procedure performs quantity checking and read-write function testing on the NVME hard disks on a back plate according to parameters including 'the number of the NVME hard disks, the number of to-be-tested sectors and the offset'; 4) the function of an NVME hard disk back plate is normal and the NVME hard disk back plate is a non-defective product if the number of the NVME hard disks is consistent and the read-write function is normal, and otherwise, the NVME hard disk back plate is a defective product. By means of the method, the problems that an existing testing method consumes long time and is dependent on a system, an operating system requires daily maintenance and large-scale testing of a factory is hindered are solved, simplicity in operation, fast speed, saving of testing time and test fixtures and high expandability and flexibility during large-scale testing of the NVME hard disk back plate are realized, and testing of the NVME hard disk back plate is simplified and rapid.

The invention discloses a Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and an implementation method of the Xen virtual machine framework. The Xen virtual machine framework comprises a hardware platform, a BIOS (basic input /output system) system, a virtual machine monitor and an operating system, wherein the UEFI BIOS comprises a UEFI boot service and a UEFI runtime service; a privilege domain is communicated with a device front drive as one part of the UEFI runtime service in an operation stage of the operating system; the virtual machine monitor is located between the system hardware platform and the operating system software of the virtual computing domain to monitor lower hardware; the operating system comprises a device front drive in an inner nuclear layer and a functional test program in a user layer. Because the privilege domain is not stored in the hardware and is stored in a Flash chip as UEFI runtime service, the Xen virtual machine framework solves the problem that the existing Xen virtual machine framework has low-level safety protection. The simplification of the Xen privilege domain is achieved.