Data protection in a pre-operation system environment based on an embedded key of an embedded controller

What is claimed is: 1. A system with a pre-OS (Operating System) environment, the pre-OS environment comprises: a private memory that is isolated from a processor of the system; and an embedded controller (EC) coupled to the private memory, wherein the EC includes an embedded key; the EC to execute instructions to: generate an encryption key based on the embedded key; generate a signature key based on the embedded key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, wherein the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory in a first memory block, wherein the private memory includes a solid-state non-volatile computer storage medium that employs NOR logic gates; store the integrity-verification tag in the private memory in association with the stored encrypted data, wherein the private memory includes data sets that are used by the EC during a system's initial boot sequence and hardware initialization, and wherein the EC compares a second integrity-verification tag with the integrity-verification tag when the EC reads the stored encrypted data for integrity verification; and store a subsequent encrypted data set in the first memory block, wherein any bit “1” of a first addressable location is changed to “0” to indicate alteration of the stored encrypted data. 2. The system of claim 1 , wherein the encrypted data stored in the private memory is accessible only to the EC. 3. The system of claim 1 , wherein the embedded key is inaccessible and unattainable outside of the EC. 4. The system of claim 1 , wherein the integrity-verification tag includes a hash message authentication code (HMAC) that is based upon a keyed cryptographic hash function. 5. The system of claim 4 , wherein the EC reads the HMAC based on the signature key. 6. A non-transitory machine-readable storage medium encoded with instructions executable by a processor of a system, the machine-readable storage medium comprising instructions to: generate an encryption key based upon an embedded key installed into an embedded controller (EC) of the system; generate a signature key based on the embedded key; obtain data; produce an integrity-verification tag based on a function of the obtained data, wherein the function employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in memory in a first memory block, wherein the memory includes a solid-state non-volatile computer storage medium that employs NOR logic gates; store the integrity-verification tag in the memory in association with the stored encrypted data, wherein the memory includes data sets that are used by the EC during a system's initial boot sequence and hardware initialization, and wherein the EC compares a second integrity-verification tag with the integrity-verification tag when the EC reads the stored encrypted data for integrity verification; and store a subsequent encrypted data set in the first memory block, wherein any bit “1” of a first addressable location is changed to “0” to indicate alteration of the stored encrypted data. 7. The non-transitory machine-readable storage medium of claim 6 , wherein the encryption key is based upon a combination of an initialization vector and a randomly generated number, the randomly generated number being seeded from the embedded key. 8. The non-transitory machine-readable storage medium of claim 7 further comprising instructions to update the encryption key by incrementing the initialization vector used in a previous encryption of data. 9. The non-transitory machine-readable storage medium of claim 6 , wherein the embedded key is inaccessible and unattainable outside of the EC. 10. The non-transitory machine-readable storage medium of claim 6 , wherein the function is a keyed cryptographic hash function. 11. A non-transitory machine-readable storage medium encoded with instructions executable by an embedded controller (EC) of a pre-OS (Operating System) environment, the machine-readable storage medium comprising instructions to: generate an encryption key based upon an embedded key of the EC, wherein the embedded key is inaccessible and unattainable outside the EC; generate a signature key based on the embedded key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, wherein the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in memory in a first memory block, wherein the memory includes a solid-state non-volatile computer storage medium that employs NOR logic gates; store the integrity-verification tag in the memory in association with the stored encrypted data, wherein the memory includes data sets that are used by the EC during a system's initial boot sequence and hardware initialization, and wherein the EC compares a second integrity-verification tag with the integrity-verification tag when the EC reads the stored encrypted data for integrity verification; and store a subsequent encrypted data set in the first memory block, wherein any bit “1” of a first addressable location is changed to “0” to indicate alteration of the stored encrypted data. 12. The non-transitory machine-readable storage medium of claim 11 , the machine-readable storage medium further comprising instructions to update an initialization vector used, at least in part, to generate another encryption key. 13. The non-transitory machine-readable storage medium of claim 11 , wherein the integrity-verification tag includes a hash message authentication code (HMAC) that is based upon a keyed cryptographic hash function.