PROVIDING AN IMMUTABLE ANTIVIRUS PAYLOAD FOR INTERNET READY COMPUTE NODES

US 20140025941A1
Filed: 03/30/2012
Published: 01/23/2014
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a non-volatile storage including a first volume to store a basic input/output system (BIOS) and a second volume to store an operating system (OS) payload portion including an antivirus software stack, wherein the OS payload portion is separate from and is a subset of an OS kernel stored in a different storage and the antivirus software stack is to restore an integrity of the different storage subsequent to corruption of the different storage.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes initializing a portion of a computing system in a pre-boot environment using a basic input/output system (BIOS) stored in a non-volatile storage of the computing system, launching a boot manager to enable a launch of an operating system (OS) payload, and if the OS payload is not successfully launched, executing an OS payload portion and an antivirus stack stored in the non-volatile storage to restore an integrity of the mass storage. Other embodiments are described and claimed.

24 Citations

View as Search Results

31 Claims

1. An apparatus comprising:
- a non-volatile storage including a first volume to store a basic input/output system (BIOS) and a second volume to store an operating system (OS) payload portion including an antivirus software stack, wherein the OS payload portion is separate from and is a subset of an OS kernel stored in a different storage and the antivirus software stack is to restore an integrity of the different storage subsequent to corruption of the different storage.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the BIOS is to pass control to a boot manager of the OS kernel stored in the different storage, and if the OS kernel does not successfully launch in a predetermined period, the BIOS to cause execution of the antivirus software stack to restore the integrity of the different storage, wherein the different storage comprises a mass storage.
  - 3. The apparatus of claim 1, wherein a virus definition of the antivirus stack stored in the non-voltage storage is to be updated in a secure management mode of a computing system including the apparatus.
  - 4. The apparatus of claim 1, wherein the OS payload portion comprises a lightweight kernel to validate an image of the OS kernel stored in the different storage.
  - 5. The apparatus of claim 1, wherein the BIOS is to prevent launch of the OS kernel if the antivirus stack is not identified to the BIOS within a predetermined period.

6. A system comprising:
- a processor to execute instructions;
  
  a first non-volatile storage coupled to the processor to store an operating system (OS) kernel; and
  
  a second non-volatile storage to store a basic input/output system (BIOS) and an operating system (OS) payload portion including an antivirus software stack, wherein the OS payload portion is separate from and is a subset of the OS kernel and the antivirus software stack is to restore an integrity of the first non-volatile storage subsequent to corruption of the first non-volatile storage.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the BIOS is to launch a boot manager in a pre-boot environment to enable a launch of the OS kernel.
  - 8. The system of claim 7, wherein the BIOS is to launch the OS payload portion and the antivirus software stack if the OS kernel is not successfully launched.
  - 9. The system of claim 6, further comprising a virus definition database for the antivirus software stack stored in the second non-volatile storage.
  - 10. The system of claim 6, wherein the BIOS is to launch the antivirus software stack if a timer set for a predetermined period expires prior to successful launch of the OS payload.
  - 11. The system of claim 6, wherein the first non-volatile storage comprises a solid state drive for the system.

12. At least one machine readable medium comprising a plurality of instructions that in response to being executed on a computing device, cause the computing device to:
- initialize a hardware portion of the computing device in a pre-boot environment using a basic input/output system (BIOS) stored in a non-volatile storage of the computing device, launch a boot manager in the pre-boot environment to enable a launch of an operating system (OS) payload stored in a mass storage of the computing device, if the OS payload is not successfully launched, execute an OS payload portion and an antivirus stack stored in the non-volatile storage to restore an integrity of the mass storage, and otherwise enter into a boot environment using the OS payload stored in the mass storage.
- View Dependent Claims (13, 14, 15)
- - 13. The at least one machine readable medium device of claim 12, further comprising instructions that in response to being executed on the computing device, cause the computing device to, after restoring the integrity, perform a reset of the computing device to cause the hardware portion to be initialized in the pre-boot environment.
  - 14. The at least one machine readable medium device of claim 12, further comprising instructions that in response to being executed on the computing device, cause the computing device to determine that the OS payload is not successfully launched if a timer set for a predetermined period expires prior to successful launch of the OS payload.
  - 15. The at least one machine readable medium device of claim 12, further comprising instructions that in response to being executed on the computing device, cause the computing device to maintain the antivirus stack and the OS payload portion in a first volume of the non-volatile storage and maintain the BIOS in a second volume of the non-volatile storage.

16. A method comprising:
- initializing a portion of a computing system in a pre-boot environment using a basic input/output system (BIOS) stored in a non-volatile storage of the computing system;
  
  launching a boot manager in the pre-boot environment to enable a launch of an operating system (OS) payload stored in a mass storage of the computing system; and
  
  if the OS payload is not successfully launched, executing an OS payload portion and an antivirus stack stored in the non-volatile storage to restore an integrity of the mass storage, and otherwise entering into a boot environment using the OS payload stored in the mass storage.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The method of claim 16, further comprising after restoring the integrity, performing a reset of the computing system to cause initializing the portion of the computer system in the pre-boot environment.
  - 18. The method of claim 16, further comprising determining that the OS payload is not successfully launched if a timer set for a predetermined period expires prior to successful launch of the OS payload.
  - 19. The method of claim 16, further comprising maintaining the antivirus stack in the non-volatile storage.
  - 20. The method of claim 19, further comprising maintaining the OS payload portion in the non-volatile storage, the OS payload corresponding to a shrink wrap OS instantiation.
  - 21. The method of claim 19, wherein the OS payload portion comprises a lightweight kernel to validate an image of the OS payload stored in the mass storage.
  - 22. The method of claim 16, further comprising updating a virus definition of the antivirus stack stored in the non-voltage storage in a secure management mode of the computing system.
  - 23. The method of claim 16, further comprising maintaining the BIOS in a first volume of the non-volatile storage and maintaining the OS payload portion in a second volume of the non-volatile storage.
  - 24. The method of claim 16, further comprising preventing the launch of the OS if the antivirus stack does not identify itself to the boot manager within a predetermined period.
  - 25. The method of claim 16, further comprising determining the mass storage is corrupt if a secure boot does not occur, a trusted execution launch fails, or a system partition fails.
  - 26. The method of claim 16, further comprising maintaining the mass storage with full disk encryption (FDE).
  - 27. The method of claim 16, further comprising updating a virus definition of the antivirus stack stored in one of a trusted platform module (TPM) and an antivirus cloud database service.

28. (canceled)

29. (canceled)

30. (canceled)

31. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Bulusu, Mallik, Swanson, Robert, Zimmer, Vincent, Bahnsen, Robert Bruce

Granted Patent

US 9,251,347 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 11/1417   Boot up procedures

G06F 21/56   Computer malware detection ...

G06F 21/561   Virus type analysis

G06F 21/568   eliminating virus, restorin...

G06F 21/575   Secure boot

G06F 9/4401   Bootstrapping security arra...

PROVIDING AN IMMUTABLE ANTIVIRUS PAYLOAD FOR INTERNET READY COMPUTE NODES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING AN IMMUTABLE ANTIVIRUS PAYLOAD FOR INTERNET READY COMPUTE NODES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links