Methods and apparatus for providing seamless file system encryption and redundant array of independent disks from a pre-boot environment into a firmware interface aware operating system
First Claim
1. A method of providing seamless Redundant Array of Independent Disks (RAID) in a computer comprising:
- launching a firmware interface with a host processor in the computer prior to loading an operating system;
identifying a plurality of disks coupled to the host processor;
retrieving a global variable from a nonvolatile memory coupled to the host processor to obtain a specific RAID technique for the computer;
using the firmware interface to map the plurality of disks according to the specific RAID technique and publish a virtual disk interface for the plurality of disks;
enabling the firmware interface to perform a read operation from two or more of the plurality of disks using the specific RAID technique designated in the virtual disk interface if the operating system has not fully loaded; and
providing the virtual disk interface to the operating system to enable a commensurate software RAID to be utilized after the operating system is loaded that matches the specific RAID technique used by the firmware interface.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing seamless functionality in a computer are disclosed. For example, a Redundant Array of Independent Disks (RAID) configuration manager provides an operating system with a content of a virtual disk interface to enable a commensurate software RAID to be utilized after the operating system is loaded, loads a driver to abstract a plurality of disk interfaces for a plurality of disks, publishes a physical access abstraction interface and a device path protocol for each disk, obtains a global variable to obtain a specific RAID technique, publishes a virtual disk interface for the plurality of disks and maps the plurality of disks according to the specific RAID technique. An encrypted file system manager is also included to layer an encoded File Allocation Table on top of a disk and to pass to the operating system an Embedded Root Key to provide access to an encrypted Firmware Interface System Partition.
48 Citations
45 Claims
-
1. A method of providing seamless Redundant Array of Independent Disks (RAID) in a computer comprising:
-
launching a firmware interface with a host processor in the computer prior to loading an operating system;
identifying a plurality of disks coupled to the host processor;
retrieving a global variable from a nonvolatile memory coupled to the host processor to obtain a specific RAID technique for the computer;
using the firmware interface to map the plurality of disks according to the specific RAID technique and publish a virtual disk interface for the plurality of disks;
enabling the firmware interface to perform a read operation from two or more of the plurality of disks using the specific RAID technique designated in the virtual disk interface if the operating system has not fully loaded; and
providing the virtual disk interface to the operating system to enable a commensurate software RAID to be utilized after the operating system is loaded that matches the specific RAID technique used by the firmware interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of providing seamless Redundant Array of Independent Disks (RAID) in a computer comprising:
-
launching a firmware interface with a host processor in the computer prior to loading an operating system;
identifying a plurality of disks coupled to the host processor;
obtaining a device path for each of the disks in the plurality of disks;
retrieving a global variable from a nonvolatile memory coupled to the processor to obtain a specific RAID technique for the computer;
using the firmware interface to map the plurality of disks according to the specific RAID technique and publish a virtual disk interface for the plurality of disks;
enabling the firmware interface and the host processor to perform a read operation from two or more of the plurality of disks using the specific RAID technique designated in the virtual disk interface if the operating system has not fully loaded;
monitoring the computer with the firmware interface for a request from an operating system loader for a set of data corresponding to the virtual disk interface; and
providing the virtual disk interface to the operating system to enable a commensurate software RAID to be utilized by the host processor after the operating system is loaded that matches the specific RAID technique. - View Dependent Claims (10, 11, 12, 13)
-
-
14. For use in a computer having a processor, a Redundant Array of Independent Disks (RAID) configuration management apparatus comprising:
-
a controller to provide an operating system with a content of a virtual disk interface to enable a commensurate software RAID to be utilized after the operating system is loaded;
a driver loader in communication with the controller to load a driver to abstract a plurality of disk interfaces for a plurality of disks coupled to the processor, before the operating system is loaded on the computer;
a driver manager in communication with the controller to aggregate a set of data corresponding to the plurality of disks and to publish a physical access abstraction interface and a device path protocol for each disk in the plurality of disks, before the operating system is loaded;
a RAID I/O driver manager in communication with the controller to retrieve a global variable from a nonvolatile memory coupled to the processor to obtain a specific RAID technique for the computer and to publish a virtual disk interface for the plurality of disks, before the operating system is loaded; and
a RAID mapper in communication with the controller to map the plurality of disks according to the specific RAID technique before the operating system is loaded. - View Dependent Claims (15, 16, 17)
-
-
18. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
-
launch a firmware interface on a host processor in the machine prior to loading an operating system;
identify a plurality of disks coupled to the host processor;
retrieve a global variable from a nonvolatile memory coupled to the processor to obtain a specific RAID technique for the machine;
use the firmware interface to map the plurality of disks according to the specific RAID technique and publish a virtual disk interface for the plurality of disks;
enable the firmware interface to perform a read operation from two or more of the plurality of disks using the specific RAID technique designated in the virtual disk interface if the operating system has not fully loaded; and
provide the virtual disk interface to the operating system to enable a commensurate software RAID to be utilized by the host processor after the operating system is loaded that matches the specific RAID technique. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of providing seamless file system encryption comprising:
-
launching a firmware interface in a computer prior to loading an operating system (OS);
publishing a physical access abstraction interface for a disk coupled to the computer;
the disk having a Firmware Interface System Partition (FISP);
determining if the FISP is encrypted and layering an encoded File Allocation Table (FAT) driver on top of the disk;
allowing the firmware interface to use an Embedded Root Key (ERK) to decrypt a set of data from the FISP corresponding to a read request prior to loading the OS, if the read request is from a trusted source;
passing the ERK from the firmware interface to the OS; and
allowing the OS to use the ERK to decrypt a second set of data from the FISP corresponding to a second read request, if the second read request is from a trusted source. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A method of providing seamless file system encryption comprising:
-
launching a firmware interface in a computer prior to loading an operating system (OS);
publishing a physical access abstraction interface for a disk coupled to the computer;
the disk having a Firmware Interface System Partition (FISP);
determining if the FISP is encrypted and layering an encoded File Allocation Table (FAT) driver on top of the disk;
retrieving a variable from a nonvolatile memory coupled to the computer to obtain an Embedded Root Key (ERK);
allowing the firmware interface to use the ERK to decrypt a set of data from the FISP corresponding to a read request prior to loading the OS, if the read request is from a trusted source;
passing the ERK from the firmware interface to the OS;
monitoring the computer with the firmware interface for an access request to write to the FISP by the OS; and
allowing the OS to use the ERK to encrypt a second set of data that is written to the FISP corresponding to the access request, if the access request is from a trusted source. - View Dependent Claims (33, 34, 35, 36)
-
-
37. For use in a computer having a processor, an encrypted file system management apparatus comprising:
-
a controller to pass to an operating system an Embedded Root Key (ERK) to provide access to an encrypted Firmware Interface System Partition (FISP) after the operating system is loaded;
a driver loader in communication with the controller to load a driver to abstract an interface for a disk coupled to the processor, before the operating system is loaded on the computer;
a driver manager in communication with the controller to publish a physical access abstraction interface and a device path protocol for the disk, before the operating system is loaded;
a File Allocation Table (FAT) file system manager in communication with the controller to layer an encoded FAT on top of the disk, before the operating system is loaded on the computer;
an encryption agent in communication with the controller to use the ERK to encrypt data written to the FISP and to decrypt data read from the FISP; and
a monitoring agent in communication with the controller to monitor the computer for an access request to the FISP. - View Dependent Claims (38, 39, 40)
-
-
41. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
-
launch a firmware interface in the machine prior to loading an operating system (OS);
publish a physical access abstraction interface for a disk coupled to the machine;
the disk having a Firmware Interface System Partition (FISP);
determine if the FISP is encrypted and publish a device path protocol for the disk if the disk is encrypted;
enable the firmware interface to use an Embedded Root Key (ERK) to decrypt a set of data from the FISP corresponding to a read request prior to loading the OS, if the read request is from a trusted source;
pass the ERK from the firmware interface to the OS; and
enable the OS to use the ERK to decrypt a second set of data from the FISP corresponding to a second read request, if the second read request is from a trusted source. - View Dependent Claims (42, 43, 44, 45)
-
Specification