Virtual and hidden service partition and dynamic enhanced third party data store

摘要

A system reserves and manages a hidden service partition through components of the hardware platform of a computing device. The hidden partition is not accessible by way of a host operating system on the computing device. A hardware platform controller provisions a portion of nonvolatile storage through configuration settings of the hardware platform controller. When the host system requests settings related to storage in the system, the request is routed through the interfaces of the hardware platform, and the hardware platform controller reports in accordance with the configuration settings, hiding the service partition. The hidden partition is dynamically modifiable through secure remote access to the hardware platform controller, not through the host system such as operating system or BIOS.

主权项

1. A method comprising:
receiving, by a hardware platform controller on hardware logic of a computing device separate from hardware logic that executes a host operating system (OS), a request to reserve a portion of storage on the computing device for a hidden partition, the request being received from a remote console over a secure out-of-band (OOB) communication channel, the secure OOB communication channel being hidden from the host operating system,
wherein the hardware platform controller is part of a peripheral interface hardware platform separate from host processor hardware that executes the host OS, the platform to provide connections for peripherals to the host processor of the computing device; reserving the portion of storage on the computing device for the hidden partition including:
provisioning a first portion of a first nonvolatile storage device of the computing device and a second portion of a second nonvolatile storage device of the computer device to reserve the requested portion of storage for the hidden partition by setting one or more configuration parameters of the hardware platform controller to hide the first portion of the first nonvolatile storage device and the second portion of the second nonvolatile memory from the host OS, including changing an amount of storage space available to the host OS, wherein the first nonvolatile storage device is a hard drive and the second nonvolatile storage device is a flash storage device; synchronizing data for the hidden partition including synchronizing data stored in the first portion of the first nonvolatile memory device with data stored in the second portion of the second nonvolatile memory device; providing the remote console with secure remote access to the hidden partition via the secure OOB communication channel, remote access including providing remote access to the hidden partition via the secure OOB communication channel in a low power state of the computing device; receiving a request for storage device details from a host system executing on the host processor hardware; and reporting to the host system executing on the host processor hardware, in response to the request for storage device details, storage space of the nonvolatile storage excluding the portion of the nonvolatile storage reserved for the hidden partition, the reported storage space being different from an amount reported prior to the provisioning.