公开(公告)号：US20170098082A1

公开(公告)日：2017-04-06

申请号：US15380787

申请日：2016-12-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/72 ,  H04L9/06 ,  G06F21/44

CPC classification number: G06F21/572 ,  G06F21/44 ,  G06F21/554 ,  G06F21/6218 ,  G06F21/72 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L9/3242

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), an event detector, and a tamper detector. The BIOS ROM has BIOS contents that are stored as plaintext, and an encrypted message digest, where the encrypted message digest comprises an encrypted version of a first message digest that corresponds to the BIOS contents, and where and the encrypted version is generated via a symmetric key algorithm and a key. The event detector is configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, where the event includes one or more occurrences of a fuse array access. The tamper detector is operatively coupled to the BIOS ROM and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest using the symmetric key algorithm and the key, and is configured to compare the second message digest with the decrypted message digest, and configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The microprocessor includes a dedicated crypto/hash unit disposed within execution logic, where the crypto/hash unit generates the second message digest and the decrypted message digest, and where the key is exclusively accessed by the crypto/hash unit. The microprocessor further has a random number generator disposed within the execution logic, where the random number generator generates a random number at completion of a current BIOS check, which is employed by the event detector to randomly set a number of occurrences of the event that are to occur before a following BIOS check.

公开(公告)号：US20170046516A1

公开(公告)日：2017-02-16

申请号：US15338607

申请日：2016-10-31

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY

IPC: G06F21/57 ,  H04L29/06 ,  H04L9/32 ,  G06F9/44

CPC classification number: G06F21/572 ,  G06F9/4406 ,  G06F2221/2139 ,  H04L9/3234 ,  H04L63/0876 ,  H04L63/123

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage. The fuse is configured to indicate whether programming of the combination of prescribed intervals and event occurrences is to be disabled. The access control element is coupled to the fuse and the JTAG control chain, and is configured to determine a state of the fuse, and is configured to direct the JTAG control chain to disable programming of the combination of prescribed intervals and event occurrences if the fuse is blown.

公开(公告)号：US20170046514A1

公开(公告)日：2017-02-16

申请号：US15338586

申请日：2016-10-31

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY

IPC: G06F21/57 ,  H04L9/06

CPC classification number: G06F21/572 ,  G06F2221/2139 ,  H04L9/0631 ,  H04L9/0643

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, and a JTAG control chain. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage.

Abstract translation: 提供了一种用于保护计算系统中的基本输入/输出系统（BIOS）的装置。 该装置包括BIOS只读存储器（ROM），篡改检测器，随机数发生器和JTAG控制链。 BIOS ROM包括作为明文存储的BIOS内容和加密的消息摘要，其中加密的消息摘要具有对应于BIOS内容的第一消息摘要的加密版本。 篡改检测器可操作地耦合到BIOS ROM，并且被配置为以规定的间隔和事件发生的组合生成BIOS检查中断，并且被配置为在断言BIOS检查中断时访问BIOS内容和加密的消息摘要 并且被配置为引导微处理器产生对应于BIOS内容的第二消息摘要和对应于加密消息摘要的解密消息摘要，并且被配置为将第二消息摘要与解密的消息摘要进行比较，并且被配置为 如果第二消息摘要和解密的消息摘要不相等，则排除微处理器的操作。 布置在微处理器内的随机数发生器，并且在当前BIOS检查完成时产生一个随机数，用于设定以下规定的间隔，由此规定的间隔随机变化。 JTAG控制链被配置为对篡改检测微代码存储器内的规定间隔和事件发生的组合进行编程。

公开(公告)号：US20160179177A1

公开(公告)日：2016-06-23

申请号：US14970354

申请日：2015-12-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY ,  DARIUS D. GASKINS

IPC: G06F1/32 ,  G06F9/30

CPC classification number: G06F1/26 ,  G06F1/24 ,  G06F1/3243 ,  G06F1/3287 ,  G06F9/30076 ,  G06F9/30083 ,  G06F9/44505 ,  G06F9/5094 ,  G06F11/1423 ,  G06F11/3664 ,  G06F13/36 ,  G06F15/163 ,  G06F15/82 ,  Y02D10/14 ,  Y02D10/22

Abstract: A method is provided for managing power consumption within a multi-core microprocessor. An operating system issues an operating system instruction to transition a recipient core to a targeted power and/or performance state that is one of many possible states into which a microprocessor can place a core. Each core of the microprocessor has its own target state, and different cores may have different target states. After receiving the instruction, the recipient core implements any settings associated with its target core state that wouldn't affect resources shared with other cores. The recipient core also initiates an inter-core discovery process to determine a target multi-core state of all the cores sharing the resource. The target multi-core state reflects one or more settings that match the settings of the recipient core's target core state as much as possible without lowering a performance of any resource-sharing core below that core's own target core state.

Abstract translation: 提供了一种用于管理多核微处理器内的功耗的方法。 操作系统发出操作系统指令，以将接收者核心转换为微处理器可放置核心的许多可能状态之一的目标功率和/或性能状态。 微处理器的每个核心都有自己的目标状态，不同的核心可能有不同的目标状态。 收到该指令后，收件人核心将实现与其目标核心状态相关联的任何设置，这些设置不会影响与其他核心共享的资源。 接收者核心还发起核心间发现过程，以确定共享资源的所有核心的目标多核状态。 目标多核状态反映了一个或多个设置，尽可能多地匹配接收者核心的目标核心状态的设置，而不会降低任何资源共享内核在该核心自己的目标核心状态之下的性能。

公开(公告)号：US20160105282A1

公开(公告)日：2016-04-14

申请号：US14884416

申请日：2015-10-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY ,  TERRY PARKS ,  BRENT BEAN ,  THOMAS A. CRISPIN

IPC: H04L9/08 ,  G06F12/08 ,  G06F12/14

CPC classification number: H04L9/0825 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0855 ,  G06F12/0862 ,  G06F12/0875 ,  G06F12/1408 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2212/6026 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0827 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.

Abstract translation: 为执行加密指令的微处理器提供安全存储器，密钥扩展逻辑和解密逻辑。 安全存储器存储多个解密密钥基元。 密钥扩展逻辑从安全存储器中选择两个或多个解密密钥原语，然后从其中导出解密密钥。 解密逻辑使用解密密钥来解密从指令高速缓存取出的加密指令。 解密密钥基元是根据加密指令地址进行选择的，其中一个被转换了由加密指令地址确定的量，然后也根据加密指令地址进行加法或减法累加。

公开(公告)号：US20160104010A1

公开(公告)日：2016-04-14

申请号：US14884525

申请日：2015-10-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY ,  TERRY PARKS ,  BRENT BEAN ,  THOMAS A. CRISPIN

IPC: G06F21/72 ,  H04L9/08 ,  G06F21/74 ,  G06F9/30

CPC classification number: G06F21/72 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/74 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0827 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

Abstract: A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Abstract translation: 微处理器有条件地授予从加密指令不能被执行的正常执行模式切换到安全执行模式（SEM）的请求。 此后，微处理器执行多个指令，包括将一组一个或多个加密密钥值写入微处理器的安全存储器的存储键指令。 在从指令高速缓存获取加密程序之后，微处理器使用微处理器指令处理流水线内的解密逻辑将加密程序解密为明文指令。

公开(公告)号：US20150339232A1

公开(公告)日：2015-11-26

申请号：US14285517

申请日：2014-05-22

Applicant: VIA Technologies, Inc.

Inventor： G. GLENN HENRY ,  DINESH K. JAIN ,  STEPHAN GASKINS

IPC: G06F12/08 ,  G06F9/44

CPC classification number: G06F12/0844 ,  G06F9/4403 ,  G06F9/4418 ,  G06F12/0638 ,  G06F12/0875 ,  G06F15/177 ,  G06F2212/401 ,  G06F2212/601 ,  G11C7/20 ,  G11C17/16

Abstract: An apparatus includes a fuse array, a stores, and a plurality of cores. The fuse array is programmed with compressed configuration data. The stores is for storage and access of decompressed configuration data sets. One of the plurality of cores accesses the fuse array upon power-up/reset to read and decompress the compressed configuration data, and to store the decompressed configuration data sets for one or more cache memories in the stores. Each of the plurality of cores includes reset logic and sleep logic. The reset logic is configured to employ the decompressed configuration data sets to initialize the one or more cache memories upon power-up/reset. The sleep logic is configured to determine that power is restored following a power gating event, and is configured to subsequently access the stores to retrieve and employ the decompressed configuration data sets to initialize the one or more caches following the power gating event.

Abstract translation: 一种装置包括熔丝阵列，存储器和多个核。 保险丝阵列用压缩配置数据编程。 存储用于存储和访问解压缩的配置数据集。 多个核心中的一个核心在加电/复位时访问熔丝阵列以读取和解压缩压缩的配置数据，并将存储器中的一个或多个高速缓冲存储器的解压缩配置数据集存储起来。 多个核心中的每一个包括复位逻辑和睡眠逻辑。 复位逻辑被配置为在上电/复位时使用解压缩的配置数据集来初始化一个或多个高速缓存存储器。 休眠逻辑被配置为确定在电源门控事件之后恢复电力，并且被配置为随后访问存储以检索和使用解压缩的配置数据集来初始化电源门控事件之后的一个或多个高速缓存。

公开(公告)号：US20150338904A1

公开(公告)日：2015-11-26

申请号：US14285412

申请日：2014-05-22

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY ,  DINESH K. JAIN ,  STEPHAN GASKINS

IPC: G06F1/32 ,  G06F12/08 ,  G06F9/44 ,  G06F12/12

CPC classification number: G06F12/0893 ,  G06F1/3275 ,  G06F8/66 ,  G06F9/4403 ,  G06F12/0811 ,  G06F12/12 ,  G06F15/177 ,  G06F2212/222 ,  G06F2212/283 ,  G06F2212/601 ,  G11C7/20 ,  G11C17/16 ,  G11C17/18 ,  G11C2029/4402

Abstract: An apparatus includes a fuse array and a plurality of cores. The fuse array is programmed with compressed data. Each of the plurality of cores accesses the fuse array upon power-up/reset to read and decompress the compressed data, and to store decompressed data sets for one or more cache memories within the each of the plurality of cores in a stores that is coupled to the each of the plurality of cores. Each of the plurality of cores has reset logic and sleep logic. The reset logic employs the decompressed data sets to initialize the one or more cache memories upon power-up/reset. The sleep logic determines that power is restored following a power gating event, and subsequently accesses the stores to retrieve and employ the decompressed data sets to initialize the one or more caches following the power gating event.

Abstract translation: 一种装置包括熔丝阵列和多个芯。 保险丝阵列用压缩数据编程。 多个核心中的每一个在上电/复位时访问熔丝阵列以读取和解压缩压缩数据，并且在耦合的存储器中存储多个核心中的每一个内的一个或多个高速缓冲存储器的解压缩数据集 到多个核心中的每一个。 多个核心中的每一个具有复位逻辑和睡眠逻辑。 复位逻辑采用解压缩数据集在上电/复位时初始化一个或多个高速缓存存储器。 休眠逻辑确定在电源门控事件之后恢复电力，并且随后访问存储以检索和使用解压缩数据集来初始化电源门控事件之后的一个或多个高速缓存。

公开(公告)号：US20150046680A1

公开(公告)日：2015-02-12

申请号：US14522931

申请日：2014-10-24

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY ,  STEPHAN GASKINS

IPC: G06F9/445 ,  G06F15/82

CPC classification number: G06F1/26 ,  G06F1/24 ,  G06F1/3243 ,  G06F1/3287 ,  G06F9/30076 ,  G06F9/30083 ,  G06F9/44505 ,  G06F9/5094 ,  G06F11/1423 ,  G06F11/3664 ,  G06F13/36 ,  G06F15/163 ,  G06F15/82 ,  Y02D10/14 ,  Y02D10/22

Abstract: A method for dynamically reconfiguring one or more cores of a multi-core microprocessor comprising a plurality of cores and sideband communication wires, extrinsic to a system bus connected to a chipset, which facilitate non-system-bus inter-core communications. At least some of the cores are operable to be reconfigurably designated with or without master credentials for purposes of structuring sideband-based inter-core communications. The method includes determining an initial configuration of cores of the microprocessor, which configuration designates at least one core, but not all of the cores, as a master core, and reconfiguring the cores according to a modified configuration, which modified configuration removes a master designation from a core initially so designated, and assigns a master designation to a core not initially so designated. Each core is configured to conditionally drive a sideband communication wire to which it is connected based upon its designation, or lack thereof, as a master core.

Abstract translation: 一种用于动态重新配置多核微处理器的一个或多个核心的方法，所述多核微处理器包括多个核心和边带通信线路，其外部连接到连接到芯片组的系统总线，这有助于非系统总线核心间通信。 为了构建基于边带的核心间通信的目的，至少一些核可操作以可重新配置地指定或不具有主凭证。 该方法包括确定微处理器的核心的初始配置，该配置指定至少一个核心，但不将所有核心指定为主核心，并且根据修改的配置重新配置核心，该修改的配置删除主命名 从最初如此指定的核心，并将主指定分配给最初未指定的核心。 每个核心被配置为基于其指定或不存在作为主核心有条件地驱动其所连接的边带通信线。

公开(公告)号：US20170098080A1

公开(公告)日：2017-04-06

申请号：US15380706

申请日：2016-12-15

Applicant: VIA TECHNOLOGIES, INC.

Inventor： G. GLENN HENRY

IPC: G06F21/57 ,  G06F21/55 ,  G06F13/42 ,  H04L9/06 ,  H04L9/08 ,  G06F9/44 ,  H04L9/32

CPC classification number: G06F21/572 ,  G06F9/4401 ,  G06F13/24 ,  G06F13/4282 ,  G06F21/554 ,  G06F2221/2107 ,  H04L9/06 ,  H04L9/0618 ,  H04L9/0869 ,  H04L9/3231 ,  H04L9/3242 ,  H04L63/0435 ,  H04L63/0876 ,  H04L63/123

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), an event detector, and a tamper detector. The BIOS ROM has BIOS contents that are stored as plaintext, and an encrypted message digest, where the encrypted message digest comprises an encrypted version of a first message digest that corresponds to the BIOS contents, and where and the encrypted version is generated via a symmetric key algorithm and a key. The event detector is configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, where the event includes one or more occurrences of a change in system state. The tamper detector is operatively coupled to the BIOS ROM and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest using the symmetric key algorithm and the key, and is configured to compare the second message digest with the decrypted message digest, and configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The microprocessor includes a dedicated crypto/hash unit disposed within execution logic, where the crypto/hash unit generates the second message digest and the decrypted message digest, and where the key is exclusively accessed by the crypto/hash unit. The microprocessor further has a random number generator disposed within the execution logic, where the random number generator generates a random number at completion of a current BIOS check, which is employed by the event detector to randomly set a number of occurrences of the event that are to occur before a following BIOS check.