BIOS based secure execution environment
First Claim
Patent Images
1. A method comprising:
- initiating a hardware interrupt, at regular intervals, by an embedded controller of a computing device;
in response to the interrupt, executing a lower provisioning module at the regular intervals, the lower provisioning module stored in a basic input/output system (BIOS), the lower provisioning module configured to enforce one or more policies that describe how a functionality of the computing device is controlled, the lower provisioning module further configured to;
determine whether to constrain functionality of the computing device based on a balance stored in the BIOS, the balance comprises an amount of time the computing device is available to a user, wherein an adjustment to the balance results in the computing device entering one or more operating modes comprising;
a full function mode enabling the computing device to execute one or more application modules using full resources of the computing device,a reduced function mode permitting limited execution of the one or more application modules, ora hardware lock mode preventing execution of the operating system;
detect and counter, using a tampering module, attempts to tamper with the balance stored in the BIOS;
in response to the attempts to tamper with the balance, output, using the tampering module, an identification code to remove the hardware lock mode; and
receiving at the lower provisioning module a provisioning packet to regain access to a functionality of the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide a secure execution environment are described. In an implementation, a method includes initiating a hardware interrupt by an embedded controller of a computing device. In response to the interrupt, a module is executed that is stored in a basic input/output system (BIOS). The module, when executed, determines whether constrain functionality of the computing device based on a balance.
-
Citations
15 Claims
-
1. A method comprising:
-
initiating a hardware interrupt, at regular intervals, by an embedded controller of a computing device; in response to the interrupt, executing a lower provisioning module at the regular intervals, the lower provisioning module stored in a basic input/output system (BIOS), the lower provisioning module configured to enforce one or more policies that describe how a functionality of the computing device is controlled, the lower provisioning module further configured to; determine whether to constrain functionality of the computing device based on a balance stored in the BIOS, the balance comprises an amount of time the computing device is available to a user, wherein an adjustment to the balance results in the computing device entering one or more operating modes comprising; a full function mode enabling the computing device to execute one or more application modules using full resources of the computing device, a reduced function mode permitting limited execution of the one or more application modules, or a hardware lock mode preventing execution of the operating system; detect and counter, using a tampering module, attempts to tamper with the balance stored in the BIOS; in response to the attempts to tamper with the balance, output, using the tampering module, an identification code to remove the hardware lock mode; and receiving at the lower provisioning module a provisioning packet to regain access to a functionality of the computing device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
receiving by a computing device a hardware interrupt at regular intervals; applying, by the computing device, a policy to manage functionality of the computing device at the regular intervals based on a balance stored in a basic input/output system (BIOS) of the computing device that indicates an amount of time that one or more services of the computing device are available to a user, wherein the balance is maintained locally by the computing device, wherein the policy specifies that when the balance reaches a first amount, a lower provisioning module reduces the functionality of the computing device, and when the balance reaches a second amount, the lower provisioning module further reduces the functionality of the computing device such that execution of an operating system by the computing device is prevented; the computing device entering into a hardware lock mode in response to detection, by a tampering module of the computing device, of attempts to tamper with the lower provisioning module, wherein the attempts to tamper comprise an unauthorized attempt to increase the balance stored in the BIOS; and outputting, by the computing device in response to the detection, an identification code usable to remove the hardware lock mode. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing device, comprising:
-
a processor; a basic input/output system (BIOS) configured to maintain a module and a balance, wherein the balance comprises an amount of time the computing device is available to a user; an embedded controller configured to cause a hardware interrupt of the processor to apply a policy, through execution of the module from the BIOS, to manage functionality of the computing device based on the balance, wherein the policy specifies that; the module reduces a functionality of the computing device in response to the balance reaching a first amount; and the module further reduces the functionality of the computing device to prevent execution of an operating system in response to the balance reaching a second amount, wherein the balance is adjustable through interaction with another computing device over a network through payment of a fee, the interaction comprising receiving a provisioning packet over the network from the other computing device; and a tamper module configured to detect and counter attempts to tamper with an amount of the balance maintained on the BIOS. - View Dependent Claims (15)
-
Specification