-
公开(公告)号:US09311138B2
公开(公告)日:2016-04-12
申请号:US13799327
申请日:2013-03-13
CPC分类号: G06F9/4812 , G06F11/0772
摘要: Technologies for system management interrupt (“SMI”) handling include a number of processor cores configured to enter a system management mode (“SMM”) in response to detecting an SMI. The first processor core to enter SMM and acquire a master thread lock sets an in-progress flag and executes a master SMI handler without waiting for other processor cores to enter SMM. Other processor cores execute a subordinate SMI handler. The master SMI handler may direct the subordinate SMI handlers to handle core-specific SMIs. The multi-core processor may set an SMI service pending flag in response to detecting the SMI, which is cleared by the processor core that acquires the master thread lock. A processor core entering SMM may immediately resume normal execution upon determining the in-progress flag is not set and the service pending flag is not set, to detect and mitigate spurious SMIs. Other embodiments are described and claimed.
摘要翻译: 用于系统管理中断(“SMI”)处理的技术包括配置为响应于检测到SMI而进入系统管理模式(“SMM”)的多个处理器核心。 进入SMM并获取主线程锁的第一个处理器核心设置正在进行的标志,并执行主SMI处理程序,而不必等待其他处理器内核进入SMM。 其他处理器核心执行从属SMI处理程序。 主SMI处理程序可以指示下级SMI处理程序来处理核心特定的SMI。 响应于检测到由获取主线程锁的处理器核心清除的SMI,多核处理器可以设置SMI服务挂起标志。 进入SMM的处理器核心在确定进行中标志未被设置并且未设置服务暂挂标志时,可以立即恢复正常执行,以检测和减轻假SMI。 描述和要求保护其他实施例。
-
72.发明授权Entering a secured computing environment using multiple authenticated code modules 有权使用多个经过身份验证的代码模块进入安全的计算环境公开(公告)号:US09202015B2
公开(公告)日:2015-12-01
申请号:US12650579
申请日:2009-12-31
申请人: Sham M. Datta , Ernie F. Brickell , Mohan J. Kumar
发明人: Sham M. Datta , Ernie F. Brickell , Mohan J. Kumar
CPC分类号: G06F21/00 , G06F21/57 , G06F21/572 , G06F21/71 , G06F2221/2149 , G06F2221/2153
摘要: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.
摘要翻译: 公开了系统,装置和方法以及使用多个认证代码模块输入安全系统环境。 在一个实施例中,处理器包括解码器和控制逻辑。 解码器是对安全的输入指令进行解码。 控制逻辑是在主认证代码模块的匹配表中找到与处理器相对应的条目,并且响应于对安全的进入指令进行解码,从主认证代码模块读取主标题和单独的认证代码模块。
-
73.发明申请公开(公告)号:US20140188829A1
公开(公告)日:2014-07-03
申请号:US13728451
申请日:2012-12-27
IPC分类号: G06F17/30
CPC分类号: G06F16/21
摘要: Technologies to generate an error record are described herein. A method includes performing a scan of one or more error logs to identify a source of data in response to an attempt to access the data, determining whether an amount of time to complete the scan will exceed a threshold value, and generating a notice that the error record will be deferred based on the determination. A system includes a data collector to scan one or more error logs to identify a source of data in response to an attempt to access the data, a controller to determine whether an amount of time to scan the error logs to identify the source of data will exceed a threshold value, and a signal generator to generate a signal indicating that the error record is to be deferred based on the determination.
摘要翻译: 本文描述了生成错误记录的技术。 一种方法包括:响应于访问数据的尝试,执行一个或多个错误日志的扫描以识别数据源,确定完成扫描的时间量是否将超过阈值,以及生成通知 错误记录将根据确定推迟。 系统包括数据收集器,用于扫描一个或多个错误日志以响应于访问数据的尝试来识别数据源;控制器,用于确定扫描错误日志以识别数据源的时间量是否将 超过阈值,以及信号发生器,用于基于该确定产生指示错误记录被延迟的信号。
-
公开(公告)号:US20130212406A1
公开(公告)日:2013-08-15
申请号:US13837640
申请日:2013-03-15
申请人: Shamanna M. Datta , Mohan J. Kumar
发明人: Shamanna M. Datta , Mohan J. Kumar
IPC分类号: G06F21/60
摘要: A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.
摘要翻译: 验证固件的技术。 本发明的一个实施例使用处理器的微代码来验证系统的固件,使得固件可以与操作系统一起被包括在可信赖的代码链中。
-
公开(公告)号:US08473945B2
公开(公告)日:2013-06-25
申请号:US11967779
申请日:2007-12-31
申请人: Sham M. Datta , Mohan J. Kumar , Maheeh Natu
发明人: Sham M. Datta , Mohan J. Kumar , Maheeh Natu
IPC分类号: G06F9/455
CPC分类号: G06F9/30087 , G06F9/45533
摘要: Apparatuses, methods, and systems for enabling system management mode in a secure system are disclosed. In one embodiment, a processor includes sub-operating-system mode logic, virtual machine logic, and control logic. The sub-operating-system mode logic is to support a sub-operating-system mode. The virtual machine logic is to support virtualization. The control logic is to prevent virtualization from being enabled when the sub-operating-system mode is disabled.
摘要翻译: 公开了一种用于在安全系统中启用系统管理模式的装置,方法和系统。 在一个实施例中,处理器包括子操作系统模式逻辑,虚拟机逻辑和控制逻辑。 子操作系统模式逻辑是支持子操作系统模式。 虚拟机逻辑是支持虚拟化。 控制逻辑是防止在禁用子操作系统模式时启用虚拟化。
-
公开(公告)号:US08429418B2
公开(公告)日:2013-04-23
申请号:US11355697
申请日:2006-02-15
申请人: Shamanna M. Datta , Mohan J. Kumar
发明人: Shamanna M. Datta , Mohan J. Kumar
IPC分类号: G06F21/00
摘要: A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.
摘要翻译: 验证固件的技术。 本发明的一个实施例使用处理器的微代码来验证系统的固件,使得固件可以与操作系统一起被包括在可信赖的代码链中。
-
公开(公告)号:US20110179311A1
公开(公告)日:2011-07-21
申请号:US12971868
申请日:2010-12-17
IPC分类号: G06F11/00
CPC分类号: G06F11/3676
摘要: In some embodiments a request is received to perform an error injection or a memory migration, a mode is entered that blocks requests from agents other than a current processor core or thread, the error is injected or the memory is migrated, and the mode that blocks requests from the agents other than the current processor core or thread is exited. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,接收到执行错误注入或存储器迁移的请求,输入阻止来自除当前处理器核心或线程以外的代理的请求的模式,注入错误或存储器迁移的模式以及阻止 来自除当前处理器核心或线程之外的代理的请求退出。 描述和要求保护其他实施例。
-
公开(公告)号:US20110055469A1
公开(公告)日:2011-03-03
申请号:US12550737
申请日:2009-08-31
申请人: Mahesh S. Natu , Thanunathan Rangarajan , Gautam B. Doshi , Shammanna M. Datta , Baskaran Ganesan , Mohan J. Kumar , Rajesh S. Parthasarathy , Frank Binns , Rajesh Nagaraja Murthy , Robert C. Swanson
发明人: Mahesh S. Natu , Thanunathan Rangarajan , Gautam B. Doshi , Shammanna M. Datta , Baskaran Ganesan , Mohan J. Kumar , Rajesh S. Parthasarathy , Frank Binns , Rajesh Nagaraja Murthy , Robert C. Swanson
IPC分类号: G06F12/06
CPC分类号: G06F13/24 , G06F9/30101 , G06F9/3017 , G06F9/30189 , G06F9/3851 , G06F9/461 , G11C7/1072 , G11C11/40615
摘要: In one embodiment, the present invention includes a processor that has an on-die storage such as a static random access memory to store an architectural state of one or more threads that are swapped out of architectural state storage of the processor on entry to a system management mode (SMM). In this way communication of this state information to a system management memory can be avoided, reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a status of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) blocked state, in order to provide an indication to agents inside the SMM. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括具有诸如静态随机存取存储器之类的片上存储器的处理器,用于存储在进入系统时从处理器的架构状态存储器交换的一个或多个线程的架构状态 管理模式(SMM)。 以这种方式,可以避免该状态信息与系统管理存储器的通信,减少与进入SMM相关联的延迟。 实施例还可以使处理器更新处于长指令流或处于系统管理中断(SMI)阻塞状态中的执行代理的状态,以向SMM内的代理提供指示。 描述和要求保护其他实施例。
-
79.发明申请公开(公告)号:US20090249050A1
公开(公告)日:2009-10-01
申请号:US12056452
申请日:2008-03-27
申请人: Sham M. Datta , Mohan J. Kumar , Ernest Brickell
发明人: Sham M. Datta , Mohan J. Kumar , Ernest Brickell
IPC分类号: G06F9/24
CPC分类号: G06F21/57
摘要: Embodiments of the invention provide systems and methods associated with a measurement engine in a server platform. In one such embodiment of the invention, the measurement engine hardware verifies/authenticates its own firmware and then system initialization firmware by measuring such firmware and storing measurement results in a register that is not spoofable by malicious code. In this instance, the measurement engine holds the host CPU complex in a reset state until the measurement engine has verified the system initialization firmware. In another such embodiment of the invention, the measurement engine hardware also measures firmware associated with one or more system service processors and stores such measurement results in a register. In this case, the measurement engine holds the system service processors and the host CPU complex in reset until the measurements are completed. Other embodiments are described.
摘要翻译: 本发明的实施例提供了与服务器平台中的测量引擎相关联的系统和方法。 在本发明的一个这样的实施例中,测量引擎硬件通过测量这样的固件来验证/认证其自己的固件,然后验证其自身的固件,并将测量结果存储在恶意代码不能欺骗的寄存器中。 在这种情况下,测量引擎将主机复合体保持在复位状态,直到测量引擎已经验证了系统初始化固件。 在本发明的另一个这样的实施例中,测量引擎硬件还测量与一个或多个系统服务处理器相关联的固件并将这样的测量结果存储在寄存器中。 在这种情况下,测量引擎将系统服务处理器和主机CPU复合体保持在复位状态,直到测量完成。 描述其他实施例。
-
公开(公告)号:US20090067618A1
公开(公告)日:2009-03-12
申请号:US11899574
申请日:2007-09-06
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
CPC分类号: G06F7/588 , G06F7/58 , H04L9/0662 , H04L2209/20
摘要: Systems, methods, and other embodiments associated with random number generators are described. One system embodiment includes a random number generator logic that may produce an initial random number from a first set of three inputs. The system embodiment may receive the three inputs from sources including an internal counter entropy source (ICES), an internal arbitrary entropy source (IAES), and an external entropy source (EES). The system embodiment may generate a first random number from a first set of three inputs (e.g., value from ICES, value from IAES, value from EES) but may then generate subsequent random numbers from a different set of three inputs (e.g., value from ICES, value from IAES, previous random number).
摘要翻译: 描述与随机数生成器相关联的系统,方法和其他实施例。 一个系统实施例包括随机数发生器逻辑,其可以从第一组三个输入产生初始随机数。 系统实施例可以从包括内部计数器熵源(ICES),内部任意熵源(IAES)和外部熵源(EES)的源接收三个输入。 系统实施例可以从第一组三个输入(例如,来自ICES的值,来自IAES的值,来自EES的值)生成第一随机数,然后可以从不同的三个输入集合(例如,来自 ICES,IAES的值,以前的随机数)。
-
-
-
-
-
-
-
-
-
搜索结果
109 条记录 (耗时 0.038 秒)
