公开(公告)号：US20130212673A1

公开(公告)日：2013-08-15

申请号：US13837837

申请日：2013-03-15

申请人： Sham M. Datta ,  Ernie F. Brickell ,  Mohan J. Kumar

发明人： Sham M. Datta ,  Ernie F. Brickell ,  Mohan J. Kumar

IPC分类号： G06F21/00

CPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/572 ,  G06F21/71 ,  G06F2221/2149 ,  G06F2221/2153

摘要： Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.

摘要翻译： 公开了系统，装置和方法以及使用多个认证代码模块输入安全系统环境。 在一个实施例中，处理器包括解码器和控制逻辑。 解码器是对安全的输入指令进行解码。 控制逻辑是在主认证代码模块的匹配表中找到与处理器相对应的条目，并且响应于对安全的进入指令进行解码，从主认证代码模块读取主标题和单独的认证代码模块。

公开(公告)号：US08209542B2

公开(公告)日：2012-06-26

申请号：US11648511

申请日：2006-12-29

申请人： Mohan J. Kumar ,  Shay Gueron

发明人： Mohan J. Kumar ,  Shay Gueron

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/575 ,  G06F2221/2129

摘要： When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.

摘要翻译： 当处理系统引导时，它可以从非易失性存储器检索加密密钥的加密版本到处理单元，该处理单元可以解密密码密钥。 处理系统还可以检索用于处理系统的软件的预定认证码，并且处理系统可以使用密码密钥来计算软件的当前认证码。 然后，处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。 在各种实施例中，处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密，散列消息认证码（HMAC）可以用作认证码，和/或软件 被认证可以是启动固件，虚拟机监视器（VMM）或其他软件。 描述和要求保护其他实施例。

公开(公告)号：US08010587B2

公开(公告)日：2011-08-30

申请号：US11899574

申请日：2007-09-06

申请人： Mohan J. Kumar ,  Shay Gueron

发明人： Mohan J. Kumar ,  Shay Gueron

IPC分类号： G06F1/02

CPC分类号： G06F7/588 ,  G06F7/58 ,  H04L9/0662 ,  H04L2209/20

摘要： Systems, methods, and other embodiments associated with random number generators are described. One system embodiment includes a random number generator logic that may produce an initial random number from a first set of three inputs. The system embodiment may receive the three inputs from sources including an internal counter entropy source (ICES), an internal arbitrary entropy source (IAES), and an external entropy source (EES). The system embodiment may generate a first random number from a first set of three inputs (e.g., value from ICES, value from IAES, value from EES) but may then generate subsequent random numbers from a different set of three inputs (e.g., value from ICES, value from IAES, previous random number).

摘要翻译： 描述与随机数生成器相关联的系统，方法和其他实施例。 一个系统实施例包括随机数发生器逻辑，其可以从第一组三个输入产生初始随机数。 系统实施例可以从包括内部计数器熵源（ICES），内部任意熵源（IAES）和外部熵源（EES）的源接收三个输入。 系统实施例可以从第一组三个输入（例如，来自ICES的值，来自IAES的值，来自EES的值）生成第一随机数，然后可以从不同的三个输入集合（例如，来自 ICES，IAES的值，以前的随机数）。

公开(公告)号：US07555671B2

公开(公告)日：2009-06-30

申请号：US11513872

申请日：2006-08-31

申请人： Murugasamy Nachimuthu ,  Singaravelan Nallasellan ,  Mohan J. Kumar

发明人： Murugasamy Nachimuthu ,  Singaravelan Nallasellan ,  Mohan J. Kumar

IPC分类号： G06F11/00

CPC分类号： G06F9/4812

摘要： Embodiments include systems and methods for processing Reliability, Availability and Serviceability (RAS) events in a computer system. Embodiments comprise processing critical events in a first portion of a Management Interrupt (MI) period. The MI period is chosen to be not greater than a maximum tolerable Operating System (OS) latency period. If time remains in a current MI period after processing critical events, the system then processes non-critical events during the time remaining in the current MI period. If at the end of the current MI period, some non-critical events remain to be processed, a subsequent MI period is scheduled to process the remaining non-critical events.

摘要翻译： 实施例包括用于处理计算机系统中的可靠性，可用性和可服务性（RAS）事件的系统和方法。 实施例包括处理管理中断（MI）周期的第一部分中的关键事件。 MI周期被选择为不大于最大容许的操作系统（OS）等待时间周期。 如果在处理关键事件之后的时间内仍处于当前的MI周期，则系统在当前MI周期的剩余时间内处理非关键事件。 如果在目前的MI期结束时，一些非关键事件仍然待处理，则随后的MI期间被安排处理剩余的非关键事件。

公开(公告)号：US20090086981A1

公开(公告)日：2009-04-02

申请号：US11864887

申请日：2007-09-28

申请人： Mohan J. Kumar ,  Shay Gueron

发明人： Mohan J. Kumar ,  Shay Gueron

IPC分类号： G06F21/00 ,  H04L9/08 ,  G06F15/177 ,  H04L9/30

CPC分类号： G06F21/572 ,  G06F21/575

摘要： A processing system may include a processing unit and nonvolatile storage responsive to the processing unit. The nonvolatile storage may include a candidate boot code module and an authentication code module. The processing unit may be configured to execute code from the authentication code module before executing code from the candidate boot code module. The authentication code module may have instructions which, when executed by the processing unit, cause the processing unit to read a processor identifier from the processing unit and determine whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier, before executing any instructions from the candidate boot code module. The processing system may also test authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. Other embodiments are described and claimed.

摘要翻译： 处理系统可以包括响应于处理单元的处理单元和非易失性存储器。 非易失性存储器可以包括候选引导代码模块和认证代码模块。 处理单元可以被配置为在从候选引导代码模块执行代码之前从认证代码模块执行代码。 认证码模块可以具有指令，当由处理单元执行时，处理单元至少从处理单元读取处理器标识符并且确定处理器是否属于与特定供应商相关联的预定处理器集合 部分地在标识符上，在执行来自候选引导代码模块的任何指令之前。 在执行来自候选引导代码模块的任何指令之前，处理系统还可以测试候选引导代码模块的真实性。 描述和要求保护其他实施例。

公开(公告)号：US07472266B2

公开(公告)日：2008-12-30

申请号：US11322997

申请日：2005-12-30

申请人： Mohan J. Kumar ,  Murugasamy Nachimuthu

发明人： Mohan J. Kumar ,  Murugasamy Nachimuthu

IPC分类号： G06F9/00 ,  G06F9/24

CPC分类号： G06F11/1417 ,  G06F11/0724 ,  G06F11/0757

摘要： In some embodiments a boot progress of a System Boot Strap Processor in a multi-processor system is monitored and a boot processor failure is detected using an Application Processor. If the boot processor failure is detected at least a portion of the system is reinitialized (and/or the system is rebooted). Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，监视多处理器系统中的系统引导带处理器的引导进程，并且使用应用处理器检测引导处理器故障。 如果检测到引导处理器故障，系统的至少一部分将被重新初始化（和/或系统重新启动）。 描述和要求保护其他实施例。

公开(公告)号：US20080115138A1

公开(公告)日：2008-05-15

申请号：US11513872

申请日：2006-08-31

申请人： Murugasamy Nachimuthu ,  Singaravelan Nallasellan ,  Mohan J. Kumar

发明人： Murugasamy Nachimuthu ,  Singaravelan Nallasellan ,  Mohan J. Kumar

IPC分类号： G06F9/46

CPC分类号： G06F9/4812

摘要： Embodiments include systems and methods for processing Reliability, Availability and Serviceability (RAS) events in a computer system. Embodiments comprise processing critical events in a first portion of a Management Interrupt (MI) period. The MI period is chosen to be not greater than a maximum tolerable Operating System (OS) latency period. If time remains in a current MI period after processing critical events, the system then processes non-critical events during the time remaining in the current MI period. If at the end of the current MI period, some non-critical events remain to be processed, a subsequent MI period is scheduled to process the remaining non-critical events.

摘要翻译： 实施例包括用于处理计算机系统中的可靠性，可用性和可服务性（RAS）事件的系统和方法。 实施例包括处理管理中断（MI）周期的第一部分中的关键事件。 MI周期被选择为不大于最大容许的操作系统（OS）等待时间周期。 如果在处理关键事件之后的时间内仍处于当前的MI周期，则系统在当前MI周期的剩余时间内处理非关键事件。 如果在目前的MI期结束时，一些非关键事件仍然待处理，则随后的MI期间被安排处理剩余的非关键事件。

公开(公告)号：US07065597B2

公开(公告)日：2006-06-20

申请号：US10187385

申请日：2002-06-28

申请人： Mohan J. Kumar ,  Prashant Sethi ,  Sridhar Muthrasanallur

发明人： Mohan J. Kumar ,  Prashant Sethi ,  Sridhar Muthrasanallur

IPC分类号： G06F13/24 ,  G06F13/00 ,  G06F13/42

CPC分类号： G06F13/4027

摘要： A method and apparatus for communicating general purpose events in-band from a downstream controller is presented.

摘要翻译： 提出了一种用于从下游控制器传送带内通用事件的方法和装置。

公开(公告)号：US07024695B1

公开(公告)日：2006-04-04

申请号：US09476737

申请日：1999-12-30

申请人： Mohan J. Kumar ,  Arvind Kumar

发明人： Mohan J. Kumar ,  Arvind Kumar

IPC分类号： G06F11/00 ,  G06F11/22 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F11/36 ,  G06F12/14 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： G06F21/31 ,  G06F11/0748 ,  G06F11/0793 ,  G06F21/305 ,  G06F2221/2103 ,  H04L41/00 ,  H04L41/22 ,  H04L63/083

摘要： To prevent unauthorized access to hardware management information in an out-of-band mode, i.e., when the operating system of the hardware is not executing, a method and apparatus employ an authentication protocol. Upon receiving a request for hardware component information in a service processor that is disposed in a hardware component, which request is received as an open session request and which request passes external to an operating system controlling the hardware component, the service processor transmits a challenge string to the requesting client application. In response to a challenge response received from the requesting client application, the service processor compares the challenge response to an expected response to the challenge. The expected challenge response is calculated by the service processor. Based on the result of the comparison, the service processor transmits an authentication response to the requesting client application indicating success or failure of the authentication process. On the client side, in response to a challenge string from the service processor, the requesting client application transmits to the service processor a challenge response, which includes an sequence number that increments with every new message from the requesting client application. The challenge response also includes a hash number calculated by the requesting client application, which hash number is a function of the challenge string, session identification number, sequence number and/or a password. Each new packet including data and/or commands from the client application includes a similarly calculated hash number.

摘要翻译： 为了防止在带外模式（即，硬件的操作系统未执行）下的硬件管理信息的未经授权的访问，方法和装置采用认证协议。 在接收到在硬件组件中设置的服务处理器中的硬件组件信息的请求时，该请求作为开放会话请求被接收，并且哪个请求在控制硬件组件的操作系统外部通过，服务处理器发送挑战串 到请求的客户端应用程序。 响应于从请求客户端应用程序接收到的挑战响应，服务处理器将挑战响应与对挑战的期望响应进行比较。 预期的挑战响应由服务处理器计算。 基于比较的结果，服务处理器向请求客户端应用发送认证响应，指示认证过程的成败。 在客户端，响应于来自服务处理器的挑战串，请求客户端应用程序向服务处理器发送挑战响应，该响应响应包括随请求的客户端应用程序的每个新消息递增的序列号。 挑战响应还包括由请求客户端应用计算的哈希号，该哈希号是挑战串，会话识别号，序列号和/或密码的函数。 包括来自客户端应用程序的数据和/或命令的每个新分组包括类似地计算的散列数。

公开(公告)号：US20180189081A1

公开(公告)日：2018-07-05

申请号：US15396077

申请日：2016-12-30

申请人： Neeraj S. Upasani ,  Jeanne Guillory ,  Wojciech Powiertowski ,  Sergiu D Ghetie ,  Mohan J. Kumar ,  Murugasamy K. Nachimuthu

发明人： Neeraj S. Upasani ,  Jeanne Guillory ,  Wojciech Powiertowski ,  Sergiu D Ghetie ,  Mohan J. Kumar ,  Murugasamy K. Nachimuthu

IPC分类号： G06F9/445 ,  H04L12/933 ,  H04L12/24 ,  G06F9/44 ,  G06F15/78

CPC分类号： G06F9/44521 ,  G06F8/654 ,  G06F9/4401 ,  G06F15/7807 ,  G06F15/7867 ,  H04L41/0813 ,  H04L41/5054 ,  H04L41/5096 ,  H04L49/109

摘要： Dynamically configurable server platforms and associated apparatus and methods. A server platform including a plurality of CPUs installed in respective sockets may be dynamically configured as multiple single-socket servers and as a multi-socket server. The CPUs are connected to a platform manager component comprising an SoC including one or more processors and an embedded FPGA. Following a platform reset, an FPGA image is loaded, dynamically configuring functional blocks and interfaces on the platform manager. The platform manager also includes pre-defined functional blocks and interfaces. During platform initialization the dynamically-configured functional blocks and interfaces are used to initialize the server platform, while both the pre-defined and dynamically-configured functional blocks and interfaces are used to support run-time operations. The server platform may be used in conventional rack architectures or implemented in a disaggregated rack architecture under which the single-socket and/or multi-socket servers are dynamically composed to employ disaggregated resources, such as memory, storage, and accelerators.