摘要:
A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.
摘要:
Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.
摘要:
Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.
摘要:
A computer system includes a service partition, not directly accessible to a user, having a security agent to inspect data entering and exiting the computer system on a virtual private network (VPN) tunnel, and a service partition VPN unit to communicate with a VPN gateway. The computer system also includes a user partition, accessible to a user, having a user partition VPN unit to initiate construction of the VPN tunnel with the VPN gateway. Other embodiments are described and claimed.
摘要:
A method, apparatus, system, and computer program product for enabling out-of-band access to storage devices through port-sharing hardware. Providing out-of-band access to storage devices enables system management functions to be performed when an operating system is non-functional as well as when the operating system is active. Storage commands originating with a management service can be interleaved with storage commands issued by the host operating system. The host operating system maintains ownership and control over its storage devices, but management activities can be performed while the host operating system is operational.
摘要:
In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.
摘要:
In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要:
An embodiment may include circuitry that may be comprised in a host. The host may include memory and a host processor to execute an operating system. The circuitry may be to determine, independently of the operating system and the host processor, the authenticity of signature list information, based at least in part upon authentication information received by the circuitry from a remote server. The circuitry also may be to determine, independently of the operating system and the host processor, based at least in part upon comparison of at least one portion of the signature list information with at least one portion of contents of the memory, whether authorized and/or malicious data are present in the at least one portion of the contents of the memory. Of course, many variations, modifications, and alternatives are possible without departing from this embodiment.
摘要:
A device capable of remote configuration, provisioning and/or updating comprising a network detector capable of detecting a network regardless of the state of the operating system on the device, wherein the network requires layer two authentication, and an Embedded Trust Agent capable of generating an authentication credential for layer two authentication and communicating the authentication credential via a layer two authentication protocol without a functioning operating system.
摘要:
Methods and systems to detect virtualization of computer system resources, such as by malware, include methods and systems to evaluate information corresponding to a computer processor operating environment, outside of or secure from the operating environment, which may include one or more of a system management mode of operation and a management controller system. Information may include processor register values. Information may be obtained from within the operating environment, such as with a host application running within the operating environment. Information may be obtained outside of the operating environment, such as from a system state map. Information obtained from within the operating environment may be compared to corresponding information obtained outside of the operating environment. Direct memory address (DMA) translation information may be used to determine whether an operating environment is remapping DMA accesses. Page tables, interrupt tables, and segmentation tables may be used to reconstruct a view of linear memory corresponding to the operating environment, which may be scanned for malware or authorized code and data.