MEDIA PROTECTION POLICY ENFORCEMENT FOR MULTIPLE-OPERATING-SYSTEM ENVIRONMENTS

摘要

Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.

主权项

1. A computing device for media protection policy enforcement in a multiple-operating-system environment, the computing device comprising:
a data storage device comprising a plurality of regions; and a policy enforcement module to:
intercept, during execution of an operating system of the computing device, a media access request, wherein the media access request specifies a storage operation and a storage address;determine an identity of the operating system of the computing device;identify a region of the data storage device that includes the storage address of the media access request; anddetermine whether to allow the media access request as a function of (i) the identified region of the data storage device, (ii) the identity of the operating system, and (iii) the storage operation of the media access request.