Pre-boot recovery of a locked computer system
First Claim
1. A method comprising:
- determining, by a basic input/output system (BIOS) of a computer system, on pre-boot, whether a removable storage device is attached to the computer system, wherein the computer system comprises a host operating environment and a manageability engine (ME) that operates independent of the host operating environment to recover the computer system on authentication;
determining, by the BIOS, whether the computer system is in a locked state;
if the removable storage device is detected, transferring, by the BIOS, control to a pre-boot authentication (PBA) module stored on the removable storage device to interact with the ME to restore the computer system from the locked state to an unlocked state; and
if the removable storage device is not detected, shutting down the computer system by the BIOS if the computer system is determined by the BIOS to be in the locked state by querying the ME and no other PBA module to restore the computer system from the locked state to the unlocked state is detected by the BIOS.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure provide methods, apparatuses, articles, and removable storage devices for pre-boot recovery of a locked computer system. In one instance, the method includes determining on pre-boot whether a removable storage device is attached to a computer system, determining whether the computer system is in a locked state and, if the removable storage device is detected, transferring control to a pre-boot authentication module (PBA) stored on the removable storage device to interact with a manageability engine to restore the computer system from the locked state to an unlocked state. If the removable storage device is not detected, the computer system shuts down if the system is determined to be in the locked state and no other PBA is detected. The computer system comprises a host operating environment and a manageability engine that operates independent of the host operating environment. Other embodiments may also be described and claimed.
13 Citations
25 Claims
-
1. A method comprising:
-
determining, by a basic input/output system (BIOS) of a computer system, on pre-boot, whether a removable storage device is attached to the computer system, wherein the computer system comprises a host operating environment and a manageability engine (ME) that operates independent of the host operating environment to recover the computer system on authentication; determining, by the BIOS, whether the computer system is in a locked state; if the removable storage device is detected, transferring, by the BIOS, control to a pre-boot authentication (PBA) module stored on the removable storage device to interact with the ME to restore the computer system from the locked state to an unlocked state; and if the removable storage device is not detected, shutting down the computer system by the BIOS if the computer system is determined by the BIOS to be in the locked state by querying the ME and no other PBA module to restore the computer system from the locked state to the unlocked state is detected by the BIOS. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a host operating environment; a manageability engine (ME) coupled to the host operating environment, but configured to operate independent of the host operating environment, the ME equipped to disable the apparatus on detection of a condition, and to re-enable the apparatus on authentication; a peripheral interface configured to enable a removable storage device to be attached to the apparatus; and a basic input/output system (BIOS) operatively coupled to the host operating environment, the ME, and the peripheral interface, and configured to determine, on pre-boot, whether a removable storage device is attached to the peripheral interface, to transfer control, on detection of a removable storage device attached to the peripheral interface, to a pre-boot authentication (PBA) module stored on the removable storage device to interact with the ME to restore the apparatus from a disabled state to a re-enabled state, and to shut clown the apparatus when the apparatus is disabled by the ME and no PBA module is detected by the BIOS. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture comprising:
-
a non-transitory computer-readable storage medium; and a plurality of instructions stored in the storage medium configured to implement a basic input/output system (BIOS) for a digital device having a host operating environment and a manageability engine (ME) that operates independent of the host operating environment, the BIOS configured to detect, on pre-boot, whether a removable storage device is attached to the digital device, and to transfer control, on detection, to a pre-boot authentication (PBA) module stored on the removable storage device to interact with the ME to recover and return the digital device to a normal operating state from a stolen state, wherein the BIOS is further configured to determine whether the digital device is in the stolen state by querying the ME and to shut down the digital device if the digital device is in the stolen state and no PBA module is detected by the BIOS, wherein the ME is configured to authenticate credentials via the PBA module to recover and return the digital device to the normal operating state from the stolen state. - View Dependent Claims (18, 19, 20)
-
-
21. A removable storage device comprising:
-
a peripheral interface to attach the removable storage device to an electronic device, the electronic device including a central processing unit (CPU) configured to run a host operating environment and a pre-boot firmware and an embedded processor, other than the CPU, configured to run a manageability engine (ME); non-volatile storage coupled to the peripheral interface; and a pre-boot authentication (PBA) module stored in the non-volatile storage, configured to transfer control from the pre-boot firmware of the electronic device, when the pre-boot firmware detects, on pre-boot, attachment of the removable storage device to the electronic device, and to interact with the ME of the electronic device to restore the electronic device to an unprotected state from a protected state, wherein the pre-boot firmware is configured to determine whether the electronic device is in the protected state by querying the ME and to shut down the electronic device if the electronic device is in the protected state and no PBA module is detected by the pre-boot firmware. - View Dependent Claims (22, 23, 24, 25)
-
Specification