Embodiments of a method and apparatus are described for operating a mobile computing device in different modes using different operating systems. An apparatus may comprise, for example, a memory operative to store multiple operating systems, a processor operative to execute the multiple operating systems, an operating system management module operative to select a first operating system when the mobile computing device is in a first mode or a second operating system when the mobile computing device is in a second mode and the mobile computing device is coupled to one or more external devices. Other embodiments are described and claimed.

Systems enable secure communication links with classified or unclassified networks using a single mobile computing device. In one embodiment, the system includes: a mobile computing device without an integrated data storage device that is configured to interchangeably receive an unclassified or classified data storage device; an encrypter device in signal communication with the mobile computing device; network security device in signal communication with the encrypter device; a classified data storage device loaded with a computer readable code configured for booting the mobile computing device when the classified data storage device is connected to the mobile computing device; and an unclassified data storage device loaded with a computer readable code configured for booting the mobile computing device when the unclassified data storage device is connected to the mobile computing device.

A controller used in a computing device executes the following steps. When a security profile stored in a storage device is successfully verified, according to a security profile configuration stored in the controller, an operation mode described in the security profile is used. When the used operation mode is in a non-secure mode, the booting of the computer device is directly completed. When the used operation mode is a secure mode and a main BIOS of the computing device is not valid, at least one BIOS stored in the storage device is used to recover the main BIOS, and the computer device is rebooted. When the used operation mode is a secure mode and the main BIOS is valid, but the storage device does not store the main BIOS, the main BIOS is backed up and to be stored in the storage device.

As an example, a computing device having a Unified Extensible Firmware Interface (UEFI) may boot into a preinstallation environment (associated with a first operating system), determine that a second operating system is to be installed on the computing device, and write an image of the second operating system to the boot disk. The image may include a special partition. The computing device may write the preinstallation environment (associated with first operating system) to the special partition of the image of the second operating system, and create a boot entry in the UEFI to cause the computing device to boot into the preinstallation environment (Windows PE). After booting into the preinstallation environment, the computing device may execute one or more diagnostic tests, delete the boot entry, and reboot the computing device to install a basic input output system (Coreboot) to replace UEFI and install the second operating system (Chrome OS).

In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may read configuration information that indicates utilization of a custom information handling system firmware IHSFW image by an information handling system (IHS); provide the custom IHSFW image and a signature of the custom IHSFW image to a processor of the IHS; decrypt the signature of the custom IHSFW image to obtain a hash value of the custom IHSFW image; determine a test hash value of the custom IHSFW image; determine if the hash value matches the test hash value; if the hash value matches the test hash value, boot a custom IHSFW from the custom IHSFW image; and if the hash value does not match the test hash value, boot another IHSFW from another IHSFW image stored by a non-volatile memory medium of the IHS.

Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

A computing device in accordance with an example includes a first operating system and a second operating system. The computing device includes a communication channel to exchange data between the first and second operating systems, and a controller to select one of the first and second operating systems based on a mode of the computing device, where the first and second operating systems are executed substantially in parallel on a processor of the computing device.

Protecting secured boot secrets while starting an operating system. Embodiments include starting a first operating system using a trusted computing base, protecting a portion of the system memory to prevent access to the portion of the system memory by the first operating system, and storing secured boot secrets in the protected portion of the system memory. Based at least on identifying that a second operating system is to be started to replace the first operating system, embodiments include configuring one or more memory data structures, including code of the second operating system, in the protected portion of the system memory. The protected portion of the system memory is unprotected, while mitigating attacks on the portion of system memory, and processor state is set to execute the code of the second operating system. The second operating system starts using the secured boot secrets stored in the portion of the system memory.

An operating system hot-switching method, applied to a mobile terminal running multiple operating systems, where the multiple operating systems include one foreground operating system and at least one background operating system, a current foreground operating system is a first operating system. The method includes obtaining an operating system switching instruction, where the operating system switching instruction includes an identifier of the second operating system and a switching identifier, releasing, according to the switching identifier, a hardware resource occupied by the first operating system, and switching the foreground operating system from the first operating system to the second operating system. Hence, the operating system hot-switching method ensures, to some extent, mutually exclusive access to and coordinated use of a hardware resource by multiple operating systems, thereby ensuring use reliability of the hardware resource after switching of an operating system.

A dual-processor system includes a power supply, a temporary memory, a non-volatile memory and two processors. The non-volatile memory stores an initialization program code, a first configuration file corresponding to a first operating system, and a second configuration file corresponding to a second operating system. Compared to the first operating system, the second operating system has a shorter interrupt latency and a shorter thread switching latency. After the power supply starts to supply power, the first processor executes the initialization program code to perform operations of initializing the temporary memory, loading the second configuration file into the temporary memory, notifying the second processor to fetch the second configuration file from the temporary buffer, loading the first configuration rile into the temporary memory and establishing the first operating system according to the first configuration file.