公开(公告)号：US20150381368A1

公开(公告)日：2015-12-31

申请号：US14318278

申请日：2014-06-27

Applicant: William A. Stevens, JR. ,  Alberto J. Martinez ,  Mukesh Kataria ,  Purushottam Goel ,  Tim Abels ,  Mahesh S. Natu

Inventor： William A. Stevens, JR. ,  Alberto J. Martinez ,  Mukesh Kataria ,  Purushottam Goel ,  Tim Abels ,  Mahesh S. Natu

IPC: H04L9/32 ,  G06Q30/04 ,  G06F9/44

CPC classification number: G06Q30/04 ,  G06F21/44 ,  G06F21/629 ,  G06F21/82 ,  H04L63/0876 ,  H04L63/126

Abstract: Technologies for secure offline activation of hardware features include a target computing device having a platform controller hub (PCH) including a converged security and manageability engine (CSME) and a number of in-field programmable fuses (IFPs). During assembly of the target computing device by an original equipment manufacturer (OEM), the CSME is provided a list of hardware features to be activated. The CSME configures the IFPs to enable the requested features, generates a digital receipt including the activated features and a unique device ID, and signs the receipt using a unique device key. Signed receipts may be periodically submitted to a vendor computing device, which verifies the signed receipts, extracts the active feature list, and bills the OEM for activated features of the PCHs. The vendor computing device may bill the OEM a maximum price for PCHs for which there is no associated signed receipt. Other embodiments are described and claimed.

Abstract translation: 用于硬件特征的安全离线激活的技术包括具有包括融合安全性和可管理性引擎（CSME）的平台控制器集线器（PCH）以及多个现场可编程保险丝（IFP））的目标计算设备。 在由原始设备制造商（OEM）组装目标计算设备的过程中，CSME提供要激活的硬件功能的列表。 CSME配置IFP以启用所请求的功能，生成包含激活的功能和唯一设备ID的数字收据，并使用唯一的设备密钥对收据进行签名。 签署的收据可以定期地提交给供应商计算设备，该设备验证签署的收据，提取活动的特征列表，并为OEM的PCH的激活特征收费。 供应商计算设备可以向OEM收取没有相关签名收据的PCH的最高价格。 描述和要求保护其他实施例。

公开(公告)号：US20150278068A1

公开(公告)日：2015-10-01

申请号：US14226612

申请日：2014-03-26

Applicant: Robert C. Swanson ,  C. Brendan Traw ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Mahesh S. Natu ,  Dimitrios Ziakas ,  Robert W. Cone ,  Madhusudhan Rangarajan ,  Babak Nikjou ,  Kirk D. Brannock ,  Russell J. Wunderlich ,  Miles F. Schwartz ,  Stephen S. Pawlowski

Inventor： Robert C. Swanson ,  C. Brendan Traw ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Mahesh S. Natu ,  Dimitrios Ziakas ,  Robert W. Cone ,  Madhusudhan Rangarajan ,  Babak Nikjou ,  Kirk D. Brannock ,  Russell J. Wunderlich ,  Miles F. Schwartz ,  Stephen S. Pawlowski

IPC: G06F11/34 ,  G06F9/44

CPC classification number: G06F11/3476 ,  G06F9/4403 ,  G06F9/4416 ,  G06F11/1417 ,  G06F21/575 ,  G06F2201/84

Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.

Abstract translation: 平台控制器，计算机可读存储介质以及与计算设备的初始化相关联的方法。 在实施例中，平台控制器可以包括与引导控制器耦合的引导控制器和一个或多个非易失性存储器模块。 在实施例中，一个或多个非易失性存储器模块可以具有存储在其上的第一指令和第二指令。 当由托管平台控制器的计算设备的处理器执行时，第一指令可以引起计算设备的初始化。 第二指令在由引导控制器执行时可能导致引导控制器监视计算设备执行第一指令的至少一部分，并且可以生成第一指令的执行的监视部分的跟踪。 在实施例中，迹线可以存储在一个或多个非易失性存储器模块中。 可以描述和/或要求保护其他实施例。

公开(公告)号：US08904079B2

公开(公告)日：2014-12-02

申请号：US13532085

申请日：2012-06-25

Applicant: Luke Chang ,  Mahesh S. Natu ,  James R. Vash ,  Michelle M. Sebot ,  Robert J. Safranek

Inventor： Luke Chang ,  Mahesh S. Natu ,  James R. Vash ,  Michelle M. Sebot ,  Robert J. Safranek

IPC: G06F13/20

CPC classification number: G06F13/20 ,  G06F15/17 ,  G06F2213/0026

Abstract: Methods and apparatus for tunneling platform management messages through inter-processor interconnects. Platform management messages are received from a management entity such as a management engine (ME) at a management component of a first processor targeted for a managed device operatively coupled to a second processor. Management message content is encapsulated in a tunnel message that is tunneled from the first processor to a second management component in the second processor via a socket-to-socket interconnect link between the processors. Once received at the second management component the encapsulated management message content is extracted and the original management message is recreated. The recreated management message is then used to manage the targeted device in a manner similar to if the ME was directly connected to the second processor. The disclosed techniques enable management of platform devices operatively coupled to processors in a multi-processor platform via a single management entity.

Abstract translation: 通过处理器互连隧道化平台管理消息的方法和装置。 从管理实体（诸如管理引擎（ME））处接收平台管理消息，该管理引擎（ME）处于针对可操作地耦合到第二处理器的被管理设备的第一处理器的管理组件。 管理消息内容被封装在隧道消息中，隧道消息通过处理器之间的套接字到套接字互连链路从第一处理器隧道传送到第二处理器中的第二管理组件。 一旦在第二管理组件被接收到，则提取封装的管理消息内容，并重新创建原始管理消息。 然后，重新创建的管理消息用于以与ME直接连接到第二处理器相似的方式来管理目标设备。 所公开的技术使得能够经由单个管理实体来管理与多处理器平台中的处理器可操作地耦合的平台设备。

公开(公告)号：US20110154104A1

公开(公告)日：2011-06-23

申请号：US12645778

申请日：2009-12-23

Applicant: Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

Inventor： Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

IPC: G06F11/00 ,  G06F12/00 ,  G06F12/16 ,  G06F11/20 ,  G06F12/10

CPC classification number: G06F11/203 ,  G06F11/1666 ,  G06F11/20

Abstract: In one embodiment, the present invention provides an ability to handle an error occurring during a memory migration operation in a high availability system. In addition, a method can be used to dynamically remap a memory page stored in a non-mirrored memory region of memory to a mirrored memory region. This dynamic remapping may be responsive to a determination that the memory page has been accessed more than a threshold number of times, indicating a criticality of information on the page. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明提供了处理在高可用性系统中的存储器迁移操作期间发生的错误的能力。 此外，可以使用一种方法来将存储在存储器的非镜像存储器区域中的存储器页面动态重映射到镜像存储器区域。 该动态重新映射可以响应于确定存储器页已经被访问多于阈值次数，指示页面上的信息的关键性。 描述和要求保护其他实施例。

公开(公告)号：US09566158B2

公开(公告)日：2017-02-14

申请号：US13995742

申请日：2011-12-31

Applicant: Shamanna M. Datta ,  Albert J. Munoz ,  Mahesh S. Natu ,  Scott T. Durrant

Inventor： Shamanna M. Datta ,  Albert J. Munoz ,  Mahesh S. Natu ,  Scott T. Durrant

IPC: G06F9/455 ,  A61F2/34 ,  A61B17/80 ,  A61F2/30 ,  A61B17/82 ,  A61B17/86 ,  A61F2/46

CPC classification number: A61F2/34 ,  A61B17/8066 ,  A61B17/82 ,  A61B17/866 ,  A61B17/8685 ,  A61F2/30734 ,  A61F2/30749 ,  A61F2/30771 ,  A61F2/30907 ,  A61F2/30965 ,  A61F2002/30011 ,  A61F2002/30169 ,  A61F2002/30189 ,  A61F2002/30326 ,  A61F2002/3038 ,  A61F2002/30387 ,  A61F2002/30449 ,  A61F2002/30462 ,  A61F2002/30471 ,  A61F2002/30474 ,  A61F2002/30507 ,  A61F2002/30538 ,  A61F2002/30578 ,  A61F2002/30579 ,  A61F2002/30611 ,  A61F2002/30617 ,  A61F2002/30736 ,  A61F2002/3082 ,  A61F2002/30841 ,  A61F2002/3092 ,  A61F2002/3096 ,  A61F2002/3412 ,  A61F2002/3429 ,  A61F2002/3441 ,  A61F2002/3448 ,  A61F2002/348 ,  A61F2002/3487 ,  A61F2002/4615 ,  A61F2002/4619 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45583 ,  G06F2221/2149

Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.

Abstract translation: 描述了用于虚拟机监视器（VMM）运行时完整性监视器的硬件保护的装置和方法。 一组一个或多个硬件范围寄存器，用于保护存储VMM运行时完整性监视器的连续内存空间。 该组硬件范围寄存器用于保护VMM运行时完整性监视器在加载到连续的内存空间时被修改。 VMM运行时完整性观察器在执行时，在VMM的运行期间对VMM执行完整性检查。

公开(公告)号：US08843732B2

公开(公告)日：2014-09-23

申请号：US12643108

申请日：2009-12-21

Applicant: Mahesh S. Natu ,  John V. Lovelace ,  Rajesh P. Banginwar

Inventor： Mahesh S. Natu ,  John V. Lovelace ,  Rajesh P. Banginwar

IPC: G06F9/24 ,  G06F15/177 ,  G06F1/24 ,  G06F21/85 ,  G06F21/57 ,  G06F21/74

CPC classification number: G06F21/74 ,  G06F9/4403 ,  G06F21/44 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/85 ,  G06F2221/2105 ,  G06F2221/2129 ,  G06F2221/2149 ,  G06F2221/2153

Abstract: Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

Abstract translation: 存储器通道训练参数是存储器件，处理器和存储器通道的电特性的函数。 如果BIOS可以确定自上次启动以来，内存设备，主板和处理器没有更改，则可跳过培训步骤。 存储器件包含用于跟踪目的的序列号，并且大多数主板都包含序列号。 许多处理器不提供BIOS可以跟踪处理器的机制。 这里描述的是允许BIOS跟踪处理器并检测交换而不违反隐私/安全要求的技术。

公开(公告)号：US20130326288A1

公开(公告)日：2013-12-05

申请号：US13997046

申请日：2011-12-31

Applicant: Shamanna M. Datta ,  Rajesh S. Parathasarathy ,  Mahesh S. Natu ,  Frank Binns ,  Mohan J. Kumar

Inventor： Shamanna M. Datta ,  Rajesh S. Parathasarathy ,  Mahesh S. Natu ,  Frank Binns ,  Mohan J. Kumar

IPC: G06F11/07

CPC classification number: G06F11/0754 ,  G06F12/1441 ,  G06F21/52

Abstract: A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.

Abstract translation: 描述了一种方法，其包括通过将系统管理程序代码的存储器访问指令的目标存储器地址再次比较来检测系统管理模式程序代码的存储器访问尝试到达存储器的受保护区域之外的程序代码， 定义保护区域的范围。 该方法还包括响应于检测而提高误差信号。

公开(公告)号：US20130212426A1

公开(公告)日：2013-08-15

申请号：US13848830

申请日：2013-03-22

Applicant: Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

Inventor： Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

IPC: G06F11/20

CPC classification number: G06F11/203 ,  G06F11/1666 ,  G06F11/20

Abstract: In one embodiment, the present invention provides an ability to handle an error occurring during a memory migration operation in a high availability system. In addition, a method can be used to dynamically remap a memory page stored in a non-mirrored memory region of memory to a mirrored memory region. This dynamic remapping may be responsive to a determination that the memory page has been accessed more than a threshold number of times, indicating a criticality of information on the page. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明提供了处理在高可用性系统中的存储器迁移操作期间发生的错误的能力。 此外，可以使用一种方法来将存储在存储器的非镜像存储器区域中的存储器页面动态重映射到镜像存储器区域。 该动态重新映射可以响应于确定存储器页已经被访问多于阈值次数，指示页面上的信息的关键性。 描述和要求保护其他实施例。

公开(公告)号：US08407516B2

公开(公告)日：2013-03-26

申请号：US12645778

申请日：2009-12-23

Applicant: Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

Inventor： Robert C. Swanson ,  Mahesh S. Natu ,  Rahul Khanna ,  Murugasamy K. Nachimuthu ,  Sarathy Jayakumar ,  Anil S. Keshavamurthy ,  Narayan Ranganathan

IPC: G06F11/00

CPC classification number: G06F11/203 ,  G06F11/1666 ,  G06F11/20

Abstract: In one embodiment, the present invention provides an ability to handle an error occurring during a memory migration operation in a high availability system. In addition, a method can be used to dynamically remap a memory page stored in a non-mirrored memory region of memory to a mirrored memory region. This dynamic remapping may be responsive to a determination that the memory page has been accessed more than a threshold number of times, indicating a criticality of information on the page. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明提供了处理在高可用性系统中的存储器迁移操作期间发生的错误的能力。 此外，可以使用一种方法来将存储在存储器的非镜像存储器区域中的存储器页面动态重映射到镜像存储器区域。 该动态重新映射可以响应于确定存储器页已经被访问多于阈值次数，指示页面上的信息的关键性。 描述和要求保护其他实施例。

公开(公告)号：US07539854B2

公开(公告)日：2009-05-26

申请号：US10746579

申请日：2003-12-24

Applicant: Michael A. Rothman ,  Robert P. Hale ,  Andrew J. Fish ,  Vincent J. Zimmer ,  Mahesh S. Natu

Inventor： Michael A. Rothman ,  Robert P. Hale ,  Andrew J. Fish ,  Vincent J. Zimmer ,  Mahesh S. Natu

IPC: G06F7/00 ,  G06F9/00 ,  G06F15/177 ,  G06F17/30

CPC classification number: G06F9/4411 ,  G06F9/45512 ,  G06F15/177 ,  Y10S707/99933

Abstract: An embodiment of the present invention is a system and method relating to seamlessly enable enhanced management and scripting of a computer system and its add-in devices. In at least one embodiment, the present invention enables a system administrator or integrator to script a common configuration for multiple devices and then automatically configure the devices using the script. The language construct and central data repository for configuration settings are extended to comprehend a scripting language. A script is read by a script engine during either pre-boot or runtime. The script engine searches a keyword database on the central data repository to determine requested configuration settings. A data offset is corresponding to a specific op-code is used to determine where configuration settings are located, for modification.

Abstract translation: 本发明的一个实施例是一种与无缝地实现计算机系统及其附加装置的增强的管理和脚本化有关的系统和方法。 在至少一个实施例中，本发明使得系统管理员或集成商可以为多个设备编写通用配置，然后使用脚本自动配置设备。 用于配置设置的语言结构和中央数据存储库被扩展以理解脚本语言。 脚本在预引导或运行期间由脚本引擎读取。 脚本引擎搜索中央数据存储库中的关键字数据库以确定所请求的配置设置。 数据偏移对应于用于确定配置设置位置的特定操作码，以供修改。