公开(公告)号：US12200130B1

公开(公告)日：2025-01-14

申请号：US17248066

申请日：2021-01-07

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: H04L9/32 ,  G06F1/16 ,  G06F3/14 ,  G06F21/52 ,  G06F21/64

Abstract: Systems, methods, and devices authenticate processor instructions stored by a read-only memory (ROM). In one example, a ROM stores a block of register words. The block of register words includes a first register word specifying an authentication tag and one or more register words that each specify an instruction. A security controller identifies the first register word as specifying the authentication tag and performs authentication of the authentication tag. Upon successfully authenticating the authentication tag, the security controller forwards the register words that each specify instructions to a processor for execution. Upon unsuccessfully authenticating the authentication tag, the security controller blocks the register words that each specify instructions from execution by the processor.

公开(公告)号：US12299183B1

公开(公告)日：2025-05-13

申请号：US17301274

申请日：2021-03-30

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: G06F21/79 ,  G06F15/78 ,  G06F21/31 ,  G06F21/55 ,  G06F21/60 ,  G11C29/32 ,  G11C29/52

Abstract: This disclosure describes systems on a chip (SOCs) that prevent trim attempts. The SOCs include one-time programmable (OTP) memory and an engine configured to determine if the one-time programmable (OTP) memory has been trimmed; and if the one-time programmable (OTP) memory has been trimmed, to prevent trimming of the OTP memory.

公开(公告)号：US20240289466A1

公开(公告)日：2024-08-29

申请号：US18175358

申请日：2023-02-27

Applicant: Meta Platforms Technologies, LLC

Inventor： Wojciech Stefan Powiertowski ,  Avdhesh Chhodavdia ,  Gregory Edward Ehmann ,  Nagendra Gupta Modadugu ,  Sudhir Satpathy

IPC: G06F21/60 ,  G06F21/55 ,  G06F21/79

CPC classification number: G06F21/602 ,  G06F21/556 ,  G06F21/79

Abstract: In one embodiment, a method by an Energy processing Unit (EPU) of a computing system includes detecting an event that triggers an integrity verification on a block of the local memory, determining that a hash for the block of the local memory is available, causing data corresponding to the block of the local memory to be read from a source location in response to the determination, performing an in-line hash operation on the data corresponding to the block of the local memory, and comparing an output of the in-line hash operation and a known hash for the block of the local memory.

公开(公告)号：US11941131B1

公开(公告)日：2024-03-26

申请号：US17248883

申请日：2021-02-11

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: G06F21/60 ,  G06F1/16 ,  G06F3/01 ,  G06F15/78 ,  G06F21/10 ,  G06F21/64 ,  G06F21/79 ,  G06T19/00

CPC classification number: G06F21/602 ,  G06F1/163 ,  G06F3/012 ,  G06F15/7807 ,  G06F21/64 ,  G06F21/79 ,  G06T19/006 ,  G06F21/107

Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.

公开(公告)号：US11755747B2

公开(公告)日：2023-09-12

申请号：US17248886

申请日：2021-02-11

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: G06F21/60 ,  G06F21/64 ,  G06F21/79 ,  G06F13/28 ,  G06F3/01 ,  G06F15/78

CPC classification number: G06F21/602 ,  G06F3/012 ,  G06F13/28 ,  G06F15/7807 ,  G06F21/64 ,  G06F21/79 ,  G06F2221/0751

Abstract: An example system on a chip (SoC) includes a security processor configured to store a plurality of key-pairs associated with subsystems of the SoC to a key vault; and an encryption engine configured to: determine a first tweak value based on a first sector address of a storage device; encrypt the first tweak value according to the second key of the key-pair associated with a subsystem; encrypt a first portion of the source data according to a first key of the key-pair and the encrypted first tweak value; determine a second tweak value based on a second sector address of the storage device and encrypt the second tweak value according to the second key prior to completing the encryption of the first portion of the source data; and encrypt a second portion of the source data according to the first key and the encrypted second tweak value.