-
公开(公告)号:US08327415B2
公开(公告)日:2012-12-04
申请号:US12156223
申请日:2008-05-30
申请人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
发明人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
IPC分类号: G06F21/00
CPC分类号: G06F12/145
摘要: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于设置可扩展策略机制的方法,以保护包括页表的根数据结构,解释字节代码解释器中的预引导驱动程序的字节码,以及控制对基于存储器位置的访问 关于可扩展的政策机制。 描述和要求保护其他实施例。
-
公开(公告)号:US20090063835A1
公开(公告)日:2009-03-05
申请号:US11897355
申请日:2007-08-30
申请人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
发明人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
IPC分类号: G06F15/177
CPC分类号: G06F21/54 , G06F9/45558 , G06F12/1491 , G06F2009/45583 , G06F2221/2141 , G06F2221/2149
摘要: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于确定是否存在隔离驱动器并且处理器支持虚拟化的方法,以与系统特权级别和用户权限级别不同的第一特权级别启动隔离驱动程序,创建1:1虚拟 使用隔离驱动程序在虚拟地址和物理地址之间进行映射,并使用隔离驱动程序控制对内存页的访问。 描述和要求保护其他实施例。
-
公开(公告)号:US07984286B2
公开(公告)日:2011-07-19
申请号:US12215071
申请日:2008-06-25
申请人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
发明人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
IPC分类号: G06F15/177 , H04L9/32
CPC分类号: G06F21/575
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,存储在第一存储器位置的引导块,存储在第二存储器位置的封装更新,启动 认证代码模块,以确保在基于处理器的系统重新启动时引导块的完整性,该代码可由基于处理器的系统执行,以使基于处理器的系统使用启动认证代码模块来验证引导块 重新启动基于处理器的系统,并且如果启动块被成功验证,则使用启动认证代码模块验证基于处理器的系统的胶囊更新。 公开和要求保护其他实施例。
-
公开(公告)号:US20090327684A1
公开(公告)日:2009-12-31
申请号:US12215071
申请日:2008-06-25
申请人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
发明人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,存储在第一存储器位置的引导块,存储在第二存储器位置的封装更新,启动 认证代码模块,以确保在基于处理器的系统重新启动时引导块的完整性,该代码可由基于处理器的系统执行,以使基于处理器的系统使用启动认证代码模块来验证引导块 重新启动基于处理器的系统,并且如果启动块被成功验证,则使用启动认证代码模块验证基于处理器的系统的胶囊更新。 公开和要求保护其他实施例。
-
公开(公告)号:US20090300370A1
公开(公告)日:2009-12-03
申请号:US12156223
申请日:2008-05-30
申请人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
发明人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
CPC分类号: G06F12/145
摘要: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于设置可扩展策略机制的方法,以保护包括页表的根数据结构,解释字节代码解释器中的预引导驱动程序的字节码,以及控制对基于存储器位置的访问 关于可扩展的政策机制。 描述和要求保护其他实施例。
-
6.发明授权Method for isolating third party pre-boot firmware from trusted pre-boot firmware 有权从信任的预引导固件中隔离第三方预引导固件的方法公开(公告)号:US07827371B2
公开(公告)日:2010-11-02
申请号:US11897355
申请日:2007-08-30
申请人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
发明人: Jiewen Yao , Vincent J. Zimmer , Qin Long , Liang Cui
IPC分类号: G06F12/00
CPC分类号: G06F21/54 , G06F9/45558 , G06F12/1491 , G06F2009/45583 , G06F2221/2141 , G06F2221/2149
摘要: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于确定是否存在隔离驱动器并且处理器支持虚拟化的方法,以与系统特权级别和用户权限级别不同的第一特权级别启动隔离驱动程序,创建1:1虚拟 使用隔离驱动程序在虚拟地址和物理地址之间进行映射,并使用隔离驱动程序控制对内存页的访问。 描述和要求保护其他实施例。
-
7.发明申请Method and System for Secure Booting Unified Extensible Firmware Interface Executables 审中-公开用于安全引导统一可扩展固件接口可执行程序的方法和系统公开(公告)号:US20100083002A1
公开(公告)日:2010-04-01
申请号:US12242655
申请日:2008-09-30
申请人: Liang Cui , Qin LONG , Vincent J. Zimmer , Jiewen Yao
发明人: Liang Cui , Qin LONG , Vincent J. Zimmer , Jiewen Yao
IPC分类号: G06F21/22
CPC分类号: G06F21/575
摘要: A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module.
摘要翻译: 用于安全引导统一的可扩展固件接口可执行程序的方法和计算设备包括生成平台私钥,签名第三方凭证,将签名的第三方凭证存储在位于可信平台模块中的数据库中,以及执行统一的可扩展固件接口 只有在相关的签名的第三方凭据存储在可信平台模块中才可执行。
-
公开(公告)号:US20100169631A1
公开(公告)日:2010-07-01
申请号:US12346532
申请日:2008-12-30
申请人: Jiewen Yao , Ned McArthur Smith , Vincent J. Zimmer , Qin Long
发明人: Jiewen Yao , Ned McArthur Smith , Vincent J. Zimmer , Qin Long
IPC分类号: G06F15/177 , G06F1/32
CPC分类号: G06F9/4418 , G06F9/44 , G06F21/575
摘要: Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation.
摘要翻译: 呈现从休眠状态恢复后执行认证操作的方法和系统。 在一个实施例中,一种方法包括从睡眠状态开始引导过程。 该方法还包括提供平台服务以支持作为引导过程的一部分的认证操作,并且至少基于认证操作的结果来确定是否完成引导过程。
-
9.发明申请METHOD AND SYSTEMS TO DISPLAY PLATFORM GRAPHICS DURING OPERATING SYSTEM INITIALIZATION 审中-公开在操作系统初始化过程中显示平台图形的方法和系统公开(公告)号:US20100079472A1
公开(公告)日:2010-04-01
申请号:US12242217
申请日:2008-09-30
申请人: Sean Shang , Hua Fang , Jiewen Yao , Vincent J. Zimmer , Qin Long , Jiong Gong , Ruiyu Ni , Michael A. Rothman
发明人: Sean Shang , Hua Fang , Jiewen Yao , Vincent J. Zimmer , Qin Long , Jiong Gong , Ruiyu Ni , Michael A. Rothman
IPC分类号: G09G5/36 , G06F9/00 , G06F9/455 , G06F15/177
CPC分类号: G06F9/4401
摘要: Methods and systems to display platform graphics during initialization of an computer system, including to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge platform graphics data with graphics generated by operating system initialization logic. The methods and systems include virtualization methods and systems and system management mode methods and systems.
摘要翻译: 在计算机系统初始化期间显示平台图形的方法和系统,包括中断操作系统的初始化和在操作系统的初始化中断时用平台图形数据更新视频帧缓冲器,以及将平台图形数据与 图形由操作系统初始化逻辑生成。 方法和系统包括虚拟化方法和系统以及系统管理模式的方法和系统。
-
公开(公告)号:US20090119748A1
公开(公告)日:2009-05-07
申请号:US12317446
申请日:2008-12-23
申请人: Jiewen Yao , Vincent J. Zimmer , Qin Long
发明人: Jiewen Yao , Vincent J. Zimmer , Qin Long
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F9/45558 , G06F2009/45587
摘要: A system, method, and computer-readable medium with instructions for capturing a system management interrupt instruction by trusted system management mode code running in a system. The system management interrupt instruction is dispatched to other system management mode code, which may be untrusted. In response to an attempt to access a protected resource of the system by the other system management mode code, a determination is made whether the second system management mode code is authorized to access the protected resource. If the second system management mode code is not authorized to access the protected resource, access to the protected resource by the other system management mode code is prevented. Other embodiments are described and claimed.
摘要翻译: 一种具有用于通过在系统中运行的可信系统管理模式代码捕获系统管理中断指令的指令的系统,方法和计算机可读介质。 系统管理中断指令被发送到其他系统管理模式代码,这可能是不可信的。 响应于通过其他系统管理模式代码访问系统的受保护资源的尝试,确定第二系统管理模式代码是否被授权访问受保护的资源。 如果第二系统管理模式代码未被授权访问受保护的资源,则防止其他系统管理模式代码访问受保护的资源。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.02 秒)
