公开(公告)号：US10929222B2

公开(公告)日：2021-02-23

申请号：US16405362

申请日：2019-05-07

申请人： Apple Inc.

发明人： Manu Gulati ,  Sukalpa Biswas ,  Jeffrey R. Wilcox ,  Farid Nemati

IPC分类号： G06F11/10 ,  G11C29/52 ,  G11C29/00 ,  G06F12/1072 ,  G06F12/121 ,  G06F12/12 ,  G06F12/06 ,  G06F12/126 ,  G11C29/04 ,  G11C29/44

摘要： In one embodiment, a system includes a memory that includes a live section and a spares section. The live section may be mapped to the address space of the system, and may be accessed in response to memory operations. Once an entry in the live section has been detected as failed, an entry in the spares section may be allocated to replace the failed entry. During subsequent accesses to the failed entry, the allocated entry may be used instead. In an embodiment, the failed entry may be coded with an indication of the allocated entry, to redirect to the allocated entry. In one implementation, for example, the failed entry may be coded with N copies of a pointer to the allocated entry, each copy protected by corresponding ECC.

公开(公告)号：US20180349609A1

公开(公告)日：2018-12-06

申请号：US15721502

申请日：2017-09-29

申请人： Apple Inc.

发明人： Joshua P. de Cesare ,  Timothy R. Paaske ,  Xeno S. Kovah ,  Nikolaj Schlej ,  Jeffrey R. Wilcox ,  Hardik K. Doshi ,  Kevin H. Alderfer ,  Corey T. Kallenberg

IPC分类号： G06F21/57 ,  G06F9/44 ,  G06F21/79

CPC分类号： G06F21/575 ,  G06F9/4401 ,  G06F21/73 ,  G06F21/79

摘要： A method and apparatus for protecting boot variables is disclosed. A computer system includes a main processor and an auxiliary processor. The auxiliary processor includes a non-volatile memory that stores variables associated with boot code that is also stored thereon. The main processor may send a request to the auxiliary processor to alter one of the variables stored in the non-volatile memory. Responsive to receiving the request, the auxiliary processor may execute a security policy to determine if the main processor meets the criteria for altering the variable. If the auxiliary processor determines that the main processor meets the criteria, it may grant permission to alter the variable.

公开(公告)号：US10042701B2

公开(公告)日：2018-08-07

申请号：US15273208

申请日：2016-09-22

申请人： Apple Inc.

发明人： Manu Gulati ,  Sukalpa Biswas ,  Jeffrey R. Wilcox ,  Farid Nemati

IPC分类号： G06F11/10 ,  G11C29/52 ,  G11C29/00 ,  G06F12/1072 ,  G06F12/121 ,  G06F12/12 ,  G06F12/06 ,  G06F12/126 ,  G11C29/04 ,  G11C29/44

摘要： In one embodiment, a system includes a memory that includes a live section and a spares section. The live section may be mapped to the address space of the system, and may be accessed in response to memory operations. Once an entry in the live section has been detected as failed, an entry is in the spares section may be allocated to replace the failed entry. During subsequent accesses to the failed entry, the allocated entry may be used instead. In an embodiment, the failed entry may be coded with an indication of the allocated entry, to redirect to the allocated entry. In one implementation, for example, the failed entry may be coded with N copies of a pointer to the allocated entry, each copy protected by corresponding ECC.

公开(公告)号：US11176280B2

公开(公告)日：2021-11-16

申请号：US15720736

申请日：2017-09-29

申请人： Apple Inc.

发明人： Pierre-Olivier J. Martel ,  Jeffrey R. Wilcox ,  Ian P. Shaeffer ,  Andrew D. Myrick ,  Robert W. Hill ,  Tristan F. Schaap

IPC分类号： H04L29/06 ,  G06F21/76 ,  G06F21/71 ,  G06F21/57 ,  G06F21/74 ,  G06F21/81 ,  G06F1/3237 ,  G06F21/62 ,  G06F1/3287

摘要： Techniques are disclosed in which a secure circuit controls a gating circuit to enable or disable other circuity of a device (e.g., one or more input sensors). For example, the gating circuit may be a power gating circuit and the secure circuit may be configured to disable power to an input sensor in certain situations. As another example, the gating circuit may be a clock gating circuit and the secure circuit may be configured to disable the clock to an input sensor. As yet another example, the gating circuit may be configured to gate a control bus and the secure circuit may be configured to disable control signals to an input sensor. In some embodiments, hardware resources included in or controlled by the secure circuit are not accessible by other elements of the device, other than by sending requests to a predetermined set of memory locations (e.g., a secure mailbox).

公开(公告)号：US11138346B2

公开(公告)日：2021-10-05

申请号：US16859634

申请日：2020-04-27

申请人： Apple Inc.

发明人： Manu Gulati ,  Joseph Sokol, Jr. ,  Jeffrey R. Wilcox ,  Bernard J. Semeria ,  Michael J. Smith

IPC分类号： G06F21/72 ,  G06F12/02 ,  G06F12/1027 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08

摘要： In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

公开(公告)号：US10671762B2

公开(公告)日：2020-06-02

申请号：US15748893

申请日：2016-08-25

申请人： Apple Inc.

发明人： Manu Gulati ,  Joseph Sokol, Jr. ,  Jeffrey R. Wilcox ,  Bernard J. Semeria ,  Michael J. Smith

IPC分类号： G06F21/72 ,  G06F12/02 ,  G06F12/1027 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08

摘要： In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

公开(公告)号：US20180349608A1

公开(公告)日：2018-12-06

申请号：US15721365

申请日：2017-09-29

申请人： Apple Inc.

发明人： Joshua P. de Cesare ,  Timothy R. Paaske ,  Xeno S. Kovah ,  Nikolaj Schlej ,  Jeffrey R. Wilcox ,  Ezekiel T. Runyon ,  Hardik K. Doshi ,  Kevin H. Alderfer ,  Corey T. Kallenberg

IPC分类号： G06F21/57 ,  G06F9/44 ,  G06F21/44

CPC分类号： G06F21/575

摘要： A method and apparatus for performing a secure boot of a computer system is disclosed. A computer system according to the disclosure includes an auxiliary processor and a main processor. The boot process includes initially booting the auxiliary processor. The auxiliary processor includes a non-volatile memory storing boot code for the main processor. The auxiliary processor may perform a verification of the boot code. Subsequent to verifying the boot code, the main processor may be released from a reset state. Once the main processor is no longer in the reset state, the boot code may be provided thereto. Thereafter, the boot procedure may continue with the main processor executing the boot code.

公开(公告)号：US20180314592A1

公开(公告)日：2018-11-01

申请号：US16029829

申请日：2018-07-09

申请人： Apple Inc.

发明人： Manu Gulati ,  Sukalpa Biswas ,  Jeffrey R. Wilcox ,  Farid Nemati

IPC分类号： G06F11/10 ,  G11C29/52

CPC分类号： G06F11/1068 ,  G06F12/0669 ,  G06F12/1072 ,  G06F12/12 ,  G06F12/121 ,  G06F12/126 ,  G06F2212/1032 ,  G06F2212/7204 ,  G06F2212/7207 ,  G11C29/52 ,  G11C29/70 ,  G11C29/72 ,  G11C2029/0409 ,  G11C2029/0411 ,  G11C2029/4402

摘要： In one embodiment, a system includes a memory that includes a live section and a spares section. The live section may be mapped to the address space of the system, and may be accessed in response to memory operations. Once an entry in the live section has been detected as failed, an entry is in the spares section may be allocated to replace the failed entry. During subsequent accesses to the failed entry, the allocated entry may be used instead. In an embodiment, the failed entry may be coded with an indication of the allocated entry, to redirect to the allocated entry. In one implementation, for example, the failed entry may be coded with N copies of a pointer to the allocated entry, each copy protected by corresponding ECC.

公开(公告)号：US20170091026A1

公开(公告)日：2017-03-30

申请号：US15273208

申请日：2016-09-22

申请人： Apple Inc.

发明人： Manu Gulati ,  Sukalpa Biswas ,  Jeffrey R. Wilcox ,  Farid Nemati

IPC分类号： G06F11/10 ,  G11C29/52 ,  G06F12/06 ,  G06F3/06

CPC分类号： G06F11/1068 ,  G06F12/0669 ,  G06F12/1072 ,  G06F12/12 ,  G06F12/121 ,  G06F12/126 ,  G06F2212/1032 ,  G06F2212/7204 ,  G06F2212/7207 ,  G11C29/52 ,  G11C29/70 ,  G11C29/72 ,  G11C2029/0409 ,  G11C2029/0411 ,  G11C2029/4402

摘要： In one embodiment, a system includes a memory that includes a live section and a spares section. The live section may be mapped to the address space of the system, and may be accessed in response to memory operations. Once an entry in the live section has been detected as failed, an entry is in the spares section may be allocated to replace the failed entry. During subsequent accesses to the failed entry, the allocated entry may be used instead. In an embodiment, the failed entry may be coded with an indication of the allocated entry, to redirect to the allocated entry. In one implementation, for example, the failed entry may be coded with N copies of a pointer to the allocated entry, each copy protected by corresponding ECC.

公开(公告)号：US11714924B2

公开(公告)日：2023-08-01

申请号：US17469591

申请日：2021-09-08

申请人： Apple Inc.

发明人： Manu Gulati ,  Joseph Sokol, Jr. ,  Jeffrey R. Wilcox ,  Bernard J. Semeria ,  Michael J. Smith

IPC分类号： G06F21/72 ,  G06F12/02 ,  G06F12/1027 ,  G06F12/14 ,  G06F21/78 ,  H04L9/08

CPC分类号： G06F21/72 ,  G06F12/0246 ,  G06F12/1027 ,  G06F12/1408 ,  G06F21/78 ,  H04L9/0861 ,  H04L9/0894 ,  G06F2212/7206 ,  G06F2212/7208 ,  G06F2221/2143 ,  H04L2209/12

摘要： In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.