Providing a function of a basic input/output system (BIOS) in a privileged domain

US 9,753,738 B2
Filed: 10/21/2011
Issued: 09/05/2017
Est. Priority Date: 10/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method of an electronic device, comprising:

receiving a request to invoke a function of a Basic Input/Output System (BIOS);

routing the request to a privileged domain that includes the function of the BIOS, wherein the request is routed to the privileged domain by a virtual BIOS without passing through a virtual machine monitor;

determining, by the privileged domain, whether to execute the function based on identifying at least one selected from among a source of the request and a context of the request; and

in response to determining that the function is to be executed, accessing the function in the privileged domain to execute the function, wherein executing the function is performed in a trusted runtime environment provided by the privileged domain without entering a system management mode (SMM).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some examples, a privileged domain includes a function of a Basic Input/Output System (BIOS). A request to access the function of the BIOS is routed to the privileged domain. The privileged domain determines whether to execute the function based on identifying at least one selected from among a source of the request and a context of the request.

Citations

19 Claims

1. A method of an electronic device, comprising:
- receiving a request to invoke a function of a Basic Input/Output System (BIOS);
  
  routing the request to a privileged domain that includes the function of the BIOS, wherein the request is routed to the privileged domain by a virtual BIOS without passing through a virtual machine monitor;
  
  determining, by the privileged domain, whether to execute the function based on identifying at least one selected from among a source of the request and a context of the request; and
  
  in response to determining that the function is to be executed, accessing the function in the privileged domain to execute the function, wherein executing the function is performed in a trusted runtime environment provided by the privileged domain without entering a system management mode (SMM).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein receiving the request to invoke the function of the BIOS comprises receiving the request to invoke a service to update code of the BIOS.
  - 3. The method of claim 1, wherein receiving the request to invoke the function of the BIOS comprises receiving the request to invoke a service selected from the group consisting of:
    - a service to update a setting of the BIOS;
      
      a thermal management service to perform thermal management in the electronic device;
      
      a service to transition the electronic device between different power states;
      
      a power management service to control power of a component in the electronic device;
      
      a service to process activation of a button or button sequence of the electronic device;
      
      a service associated with an ambient light sensor of the electronic device;
      
      a service to modify a setting of the BIOS;
      
      a service to modify a setting of a hardware component in the electronic device;
      
      a service to change a boot order of bootable devices of the electronic device;
      
      a service for handling a call between an operating system and the BIOS;
      
      a service to execute a command of an embedded controller; and
      
      a service to support a legacy peripheral device.
  - 4. The method of claim 1, further comprising:
    - invoking, by a physical BIOS running in the electronic device, the virtual machine monitor.
  - 5. The method of claim 4, further comprising:
    - the physical BIOS verifying an image of the virtual machine monitor, and in response to the verifying, electing not to execute a security measure used to prevent unauthorized access of a feature of the electronic device.
  - 6. The method of claim 4, further comprising:
    - receiving a second BIOS access request;
      
      routing the second BIOS access request to the privileged domain; and
      
      performing a communication between the privileged domain and the physical BIOS, in response to the second BIOS access request.
  - 7. The method of claim 1, further comprising:
    - receiving a second BIOS access request;
      
      directing, by the privileged domain, the second BIOS access request to a location external of the electronic device, to invoke a second BIOS function at the external location.
  - 8. The method of claim 1, further comprising:
    - providing a user interface to monitor a status of execution of the function, wherein the user interface is provided by a virtual machine.
  - 9. The method of claim 1, further comprising starting, by the virtual machine monitor, the privileged domain, wherein the privileged domain is separate from the virtual machine monitor.
  - 10. The method of claim 9, wherein the privileged domain is created by the virtual machine monitor.
  - 11. The method of claim 1, wherein the privileged domain has a predefined privilege that another entity is without.
  - 12. The method of claim 1, wherein the determining of whether to execute the function is based on identifying the context of the request, the context comprising a current state of the electronic device, and wherein the request is denied in response to determining that the current state of the electronic device violates a specified rule for execution of the request.

13. An article comprising at least one non-transitory machine-readable storage medium storing instructions that upon execution cause an electronic device to:
- generate, by an entity, a request to access a function of the Basic Input/Output System (BIOS); and
  
  route, by a virtual BIOS, the request to a privileged domain that includes the function of the BIOS, wherein the request is routed to the privileged domain by the virtual BIOS without passing through a virtual machine monitor, wherein the virtual machine monitor is without any virtual BIOS functionality, and the privileged domain is started by the virtual machine monitor and is separate from the virtual machine monitor.
- View Dependent Claims (14, 15, 16)
- - 14. The article of claim 13, wherein the privileged domain is one of domain 0 and a guest virtual machine.
  - 15. The article of claim 13, wherein the electronic device further includes a physical BIOS that boots the virtual machine monitor, and wherein the instructions are executable to cause the electronic device to execute the function of the BIOS in the privileged domain without accessing the physical BIOS.
  - 16. The article of claim 13, wherein the instructions upon execution cause the electronic device to execute the function of the BIOS in response to the request, without entering a system management mode (SMM) of the electronic device.

17. An electronic device comprising:
- at least one processor;
  
  an entity to issue a request to access a function of a Basic Input/Output System (BIOS);
  
  a virtual machine monitor executable on the at least one processor; and
  
  a privileged domain to be invoked by the virtual machine monitor, and the privileged domain separate from the virtual machine monitor, wherein the privileged domain includes the function of the BIOS, and wherein the request from the entity is to be routed by a virtual BIOS to the privileged domain without passing through the virtual machine monitor.
- View Dependent Claims (18, 19)
- - 18. The electronic device of claim 17, further comprising:
    - a guest virtual machine that includes the entity, wherein the guest virtual machine includes the virtual BIOS that is to route the request from the entity to the privileged domain without passing through the virtual machine monitor.
  - 19. The electronic device of claim 17, wherein the privileged domain is to execute the function of the BIOS in response to the request, without entering a system management mode (SMM) of the electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ali, Valiuddin Y., Pires, Jose Paulo Xavier, Mann, James M., Balacheff, Boris, Dalton, Chris I.
Primary Examiner(s)
Huynh, Kim
Assistant Examiner(s)
Neveln, Joshua

Application Number

US14/352,430
Publication Number

US 20140281469A1
Time in Patent Office

2,146 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/654   using techniques specially ...

G06F 9/4401   Bootstrapping security arra...

G06F 9/45558   Hypervisor-specific managem...

Providing a function of a basic input/output system (BIOS) in a privileged domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Providing a function of a basic input/output system (BIOS) in a privileged domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links