DEMAND BASED USB PROXY FOR DATA STORES IN SERVICE PROCESSOR COMPLEX
First Claim
1. A computer-implemented method comprising:
- in a system having a platform controller coupled to an I/O controller capable of generating a System Management Interrupt (SMI), performing the following;
in response to an event requiring secure access to data, generating an SMI to cause the system to enter System Management Mode;
using a resource of the platform controller to create an emulated USB device, wherein the resource stores the data;
copying the data from the emulated USB device via a connection inaccessible by an operating system of the system; and
processing the data prior to exiting System Management Mode.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, system, and computer program product for secure server system management. A payload containing system software and/or firmware updates is distributed in an on-demand, secure I/O operation. The I/O operation is performed via a secured communication channel inaccessible by the server operating system to an emulated USB drive. The secure communication channel can be established for the I/O operation only after authenticating the recipient of the payload, and the payload can be protected from access by a potentially-infected server operating system. Furthermore, the payload can be delivered on demand rather than relying on a BIOS update schedule, and the payload can be delivered at speeds of a write operation to a USB drive.
-
Citations
21 Claims
-
1. A computer-implemented method comprising:
in a system having a platform controller coupled to an I/O controller capable of generating a System Management Interrupt (SMI), performing the following; in response to an event requiring secure access to data, generating an SMI to cause the system to enter System Management Mode; using a resource of the platform controller to create an emulated USB device, wherein the resource stores the data; copying the data from the emulated USB device via a connection inaccessible by an operating system of the system; and processing the data prior to exiting System Management Mode. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system comprising:
-
a processor; a platform controller; an I/O controller capable of generating a System Management Interrupt (SMI); a memory coupled to the processor, the memory comprising instructions for performing the following; in response to an event requiring secure access to data, generating an SMI to cause the system to enter System Management Mode; using a resource of the platform controller to create an emulated USB device, wherein the resource stores the data; copying the data from the emulated USB device via a connection inaccessible by an operating system of the system; and processing the data prior to exiting System Management Mode. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising:
-
a computer-readable storage medium; and instructions in the computer-readable storage medium, wherein the instructions, when executed in a processing system having a platform controller coupled to an I/O controller capable of generating a System Management Interrupt (SMI), cause the processing system to perform operations comprising; in response to an event requiring secure access to data, generating an SMI to cause the system to enter System Management Mode; using a resource of the platform controller to create an emulated USB device, wherein the resource stores the data; copying the data from the emulated USB device via a connection inaccessible by an operating system of the system; and processing the data prior to exiting System Management Mode. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification