A method, system and device are disclosed. A premises device comprising a first operating system and a second operating system is described. The premises device comprises processing circuitry configured to establish a chain of trust at least between the first operating system and at least one software application associated with the second operating system. The processing circuitry is further configured to perform at least one action based at least in part on the established chain of trust.

A read-only memory (ROM) stores firmware code for a hardware component. A firmware controller is directly physically connected to the hardware component and to the ROM. The firmware controller exposes a virtual ROM link to the hardware component. The hardware component accesses the firmware code over the virtual ROM link exposed by the firmware controller.

Methods, systems, and devices for authenticating software images are described. A system may include one or more control units that use software images for managing different functions of the system. The system may also include a secure storage device configured to validate or authenticate the software images used by the different control units of the system. A software image of a control unit may be authenticated by generating a first hash associated with a portion of its underlying source code and generating a second hash associated with a corresponding portion of the source code of the copy of the software image stored to the secure storage device. Different patterns of the source code of the software images may be used to generate the hashes. The first hash and second hash may be compared, and the software image may be authenticated based on the hashes matching.

A firmware protection module implements a hybrid firmware protection scheme on a computing device. The firmware protection module intercepts a message from a processor to a memory of the computing device. The message includes a command and an address in the memory corresponding to a firmware module stored in the module. The firmware protection module determines whether the command in the message is prohibited and whether the address in the message is protected. Responsive to a determination that the command is prohibited and the address is protected, the firmware protection module prevents at least a portion of the message from reaching the memory.

The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Systems and methods are provided for supporting use of system BIOS components (e.g., such as BIOS debug messages, debugger firmware, UEFI drivers, etc.) that are stored separately from the remainder of system BIOS firmware for an information handling system. The system BIOS components may represent only a portion of the total BIOS firmware, and may be selectively retrieved and loaded from the separate storage into system memory when needed by the system BIOS for operating purposes (e.g., such as debugging operations).

An integrated circuit (IC) can include a processor system configured to execute program code, a programmable logic, and a platform management controller coupled to the processor system and the programmable logic. The platform management controller is adapted to configure and control the processor system and the programmable logic independently.

A Basic Input Output System (BIOS)-based multi-user management method and system. The method includes: identifying states of multiple users of a current BIOS to find a user whose state is an enable state; finding a Non-Volatile Random Access Memory (NVRAM) corresponding to the user in the enable state, and reading BIOS configuration parameter information of the user in the enable state; monitoring a hot key boot phase of a BIOS startup process to determine whether there is a key action at the hot key boot phase; and when there is no key action, performing a manipulation to configure the current BIOS with the read BIOS configuration parameter information of the user in the enable state, thereby effectively configuring the BIOS for the multiple users, and retaining more customized parameters in BIOS information. Therefore, a server becomes a diversely used terminal device more easily.

A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.