Examples of computing devices are described herein. In some examples, a computing device may include a controller to generate a key upon boot of the computing device. In some examples, the computing device may include a kernel driver. In some examples, the kernel driver may be to receive the key from a basic input/output system (BIOS) during operating system (OS) boot. In some examples, the kernel driver may be to receive an action request for a BIOS action from an application. In some examples, the kernel driver may be to sign the action request with the key in response to determining that the application is authorized to request the BIOS action. In some examples, the computing device may include the BIOS to perform the BIOS action in response to receiving the signed action request.

An apparatus comprises a processing device configured to determine, utilizing a firmware-based agent running in firmware, a boot flag status during a boot process of the processing device. The processing device is also configured to execute, responsive to the boot flag status being a first value, a system update handler of the firmware-based agent configured for provisioning of a secured runtime operating system on the processing device, wherein the provisioning comprises digitally signing an image of the secured runtime operating system utilizing a hardware-based root of trust key. The processing device is further configured to execute, responsive to the boot flag status being a second value, a secured operating system boot handler of the firmware-based agent configured for validating and loading secured runtime operating system, wherein the validation comprises performing attestation of a signature of the image of the secured runtime operating system utilizing the hardware-based root of trust key.

The present disclosure provides a secure booting method, apparatus, device for an embedded program and a storage medium. The method includes: when a boot program is running, acquiring data of an application program, including signature information, public key information, parameter information, encrypted data, and a digital check code; performing signature check according to the signature information; performing integrity check according to the digital check code if the signature check passes; and performing data decryption according to the public key information and the parameter information if the integrity check passes. The present disclosure may improve information security.

An information handling system may determine a personality flag value during a boot process and execute, responsive to detecting that the information handling system entered a secure environment and based on the personality flag value, a system update handler configured for discovering and connecting to a control plane. The system may also provision a secure ephemeral operating system, including receiving an image of the secure ephemeral operating system from the control plane responsive to a secure profile and validating the image prior to loading the secure ephemeral operating system to a random access memory.

A second processor verifies validity of at least a first boot program using a verification program, and a first processor executes a selection program to select a boot program verified as valid by the second processor, and executes the selected program.

Boot integrity of a storage platform is verified by comparing observed boot data values with expected boot data values stored in a secure remote cloud. The boot data values include hashes of software that runs at each stage of a boot sequence, e.g., BIOS, bootloader, kernel, and runlevel programs. The observed boot data values may be provided by a TPM using an AIK and nonce. If the observed boot data values fail to match the expected boot data values then a boot integrity service running on the storage platform limits functionality such as by disabling IO services, disabling remote data replication, enabling a diagnostic service, enabling a data collection service, disabling access by non-service accounts, and protecting a management database.

An end-user computing device can include a theft detector that maintains a registered host device list containing identifiers of at least one registered host device. The theft detector can have root access to operations of the end-user device and the theft detector can provides a secure reboot request in response to detecting a possible theft condition. The end-user computing device can also include a boot loader that executes a secure reboot of the end-user device in response to a secure reboot request from the theft detector. The secure reboot of the end-user device resets the end-user device to prevent access to the end-user device.

A mobile device can detect an idle state and, in response, initiate an access monitoring function to covertly monitor activity involving a human interaction with the mobile device. The covert monitoring is undetectable by a user of the mobile device. The mobile device can then detect a human interaction with the mobile device and, in response, cause the mobile device to covertly capture and log one or more human interactions with the mobile device. An authorized user of the mobile device is enabled to review the log of human interactions with the mobile device.

An information processing apparatus includes a control unit, a storage unit configured to store a program to be executed by the control unit, a verification unit configured to read the program from the storage unit and to verify the read program, and a light-emitting unit configured to be changed to a predetermined light-emitting state or to be changed from the predetermined light-emitting state based on a result of the verification of the program by the verification unit.

Systems and methods are disclosed herein that may implement an information handling system including a gateway and a peripheral device monitor. The gateway may interface peripheral devices and control access of host resources of the information handling system by any of the peripheral devices. The peripheral device monitor may detect connection of an unverified peripheral device to the gateway, perform a trust verification process with the unverified peripheral device, control the gateway to enable access of the host resources by the unverified peripheral device when the unverified peripheral device becomes verified, and control the gateway to prevent access to the host resources by the unverified peripheral device when the unverified peripheral device fails the trust verification process. The trust verification process may include validating a device certificate and verifying a digest of boot code of the peripheral device. The peripheral device monitor may perform a verification failure procedure when the unverified peripheral device fails the trust verification process.