-
公开(公告)号:US20230134324A1
公开(公告)日:2023-05-04
申请号:US17452722
申请日:2021-10-28
发明人: Theodore F. Emerson , Shiva R. Dasari , Luis E. Luciani, JR. , Kevin E. Boyum , Naysen J. Robertson , Robert L. Noonan , Christopher M. Wesneski , David F. Heinrich
摘要: An apparatus includes a host and a baseboard management controller. The baseboard management controller includes a semiconductor package; and the semiconductor package includes a memory, a security hardware processor; and a main hardware processor. The main hardware processor causes the baseboard management controller to serve as an agent that, independently from the host, responds to communications with a remote management entity to manage the host. The security hardware processor manages the storage of a secret of the host in the memory.
-
公开(公告)号:US12072990B2
公开(公告)日:2024-08-27
申请号:US17451829
申请日:2021-10-22
CPC分类号: G06F21/606 , G06F21/572 , G06F21/85
摘要: A process includes a first tenant of a plurality of tenants communicating with a security processor of a computer platform, via a first physical request interface of the security processor, to acquire ownership of a first command execution engine of the security processor associated with the first physical request interface. The process includes a second tenant of the plurality of tenants communicating with the security processor, via a second physical request interface of the security processor, to acquire ownership of a second command execution engine of the security processor associated with the second physical request interface. The process includes the security processor receiving a first request from the first tenant in the first physical interface, and the second processor receiving a second request from the second tenant in the second physical request interface. The process includes, pursuant to block, the first command execution engine processing the first request and the second command execution engine processing the second request to perform corresponding trusted computing operations.
-
公开(公告)号:US20230342446A1
公开(公告)日:2023-10-26
申请号:US17660437
申请日:2022-04-25
CPC分类号: G06F21/33 , G06F21/572 , G06F21/64 , G06F21/602 , G06F2221/0751
摘要: A process includes accessing by a management controller of a computer platform, a platform certificate that is stored in a secure memory. The platform certificate includes data representing a reference inventory for the computer platform. The platform certificate includes data representing information designated to bind the platform certificate to a security processor. The security processor is accessible by the management controller. The security processor is inaccessible by an operating system of the computer platform. The process includes verifying the platform certificate. Verifying the platform certificate includes validating, by the management controller, a signature of the platform certificate; and validating, by the management controller, the information designated to bind the platform certificate to the security processor. Verifying the platform certificate includes comparing, by the management controller, a second inventory of the computer platform to the reference inventory.
-
公开(公告)号:US20230129610A1
公开(公告)日:2023-04-27
申请号:US17451829
申请日:2021-10-22
摘要: A process includes a first tenant of a plurality of tenants communicating with a security processor of a computer platform, via a first physical request interface of the security processor, to acquire ownership of a first command execution engine of the security processor associated with the first physical request interface. The process includes a second tenant of the plurality of tenants communicating with the security processor, via a second physical request interface of the security processor, to acquire ownership of a second command execution engine of the security processor associated with the second physical request interface. The process includes the security processor receiving a first request from the first tenant in the first physical interface, and the second processor receiving a second request from the second tenant in the second physical request interface. The process includes, pursuant to block, the first command execution engine processing the first request and the second command execution engine processing the second request to perform corresponding trusted computing operations.
-
公开(公告)号:US12105859B2
公开(公告)日:2024-10-01
申请号:US17452722
申请日:2021-10-28
发明人: Theodore F. Emerson , Shiva R. Dasari , Luis E. Luciani, Jr. , Kevin E. Boyum , Naysen J. Robertson , Robert L. Noonan , Christopher M. Wesneski , David F. Heinrich
CPC分类号: G06F21/78 , G06F21/33 , G06F21/53 , G06F21/602
摘要: An apparatus includes a host and a baseboard management controller. The baseboard management controller includes a semiconductor package; and the semiconductor package includes a memory, a security hardware processor; and a main hardware processor. The main hardware processor causes the baseboard management controller to serve as an agent that, independently from the host, responds to communications with a remote management entity to manage the host. The security hardware processor manages the storage of a secret of the host in the memory.
-
公开(公告)号:US20240256679A1
公开(公告)日:2024-08-01
申请号:US18161934
申请日:2023-01-31
发明人: Shiva R. Dasari , Dwight D. Riley
CPC分类号: G06F21/602 , G06F21/79
摘要: In some examples, a security chip for an electronic device includes a nonvolatile memory to store a collection of encryption keys for encrypting information to produce encrypted information. The security chip includes a discrete secure erase hardware logic and is separate from a collection of device processors of the electronic device. The discrete secure erase hardware logic receives an erase indication indicating a request to erase the encrypted information. In response to the erase indication, the discrete secure erase hardware logic erases the collection of encryption keys in the nonvolatile memory, and activates an output indication to cause activation of an erase indicator at the electronic device.
-
公开(公告)号:US20200272739A1
公开(公告)日:2020-08-27
申请号:US16874109
申请日:2020-05-14
发明人: Suhas Shivanna , Shiva R. Dasari
IPC分类号: G06F21/57 , G06F9/4401 , H04L9/32 , H04L9/08
摘要: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.
-
公开(公告)号:US10318736B2
公开(公告)日:2019-06-11
申请号:US15338723
申请日:2016-10-31
IPC分类号: G06F15/177 , G06F9/00 , G06F21/57 , G06F11/14 , G06F8/654
摘要: Various examples described herein provide for firmware verification on a peripheral device that can couple to a computing device. Before operating firmware is executed on the peripheral device, boot firmware can execute on the peripheral device and cause the peripheral device to generate a hash of the operating firmware. The peripheral device can transmit the hash to a validator external to the peripheral device, such as a management processor. The peripheral device can receive, from the validator, a validation decision based on the transmitted hash. In response to the validation decision indicating invalidity of the operating firmware, the peripheral device can execute recovery firmware to cause the peripheral device to retrieve replacement firmware. Depending on the example, the retrieved replacement firmware may replace the operating firmware or the operating firmware may be updated based on the retrieved replacement firmware.
-
公开(公告)号:US20180330093A1
公开(公告)日:2018-11-15
申请号:US15593546
申请日:2017-05-12
发明人: Suhas Shivanna , Shiva R. Dasari
CPC分类号: G06F21/575 , G06F9/4401 , G06F21/6227 , G06F2221/034 , G06F2221/2141 , H04L9/3234
摘要: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.
-
公开(公告)号:US20180121656A1
公开(公告)日:2018-05-03
申请号:US15338723
申请日:2016-10-31
CPC分类号: G06F21/572 , G06F8/654 , G06F11/14 , G06F21/575
摘要: Various examples described herein provide for firmware verification on a peripheral device that can couple to a computing device. Before operating firmware is executed on the peripheral device, boot firmware can execute on the peripheral device and cause the peripheral device to generate a hash of the operating firmware. The peripheral device can transmit the hash to a validator external to the peripheral device, such as a management processor. The peripheral device can receive, from the validator, a validation decision based on the transmitted hash. In response to the validation decision indicating invalidity of the operating firmware, the peripheral device can execute recovery firmware to cause the peripheral device to retrieve replacement firmware. Depending on the example, the retrieved replacement firmware may replace the operating firmware or the operating firmware may be updated based on the retrieved replacement firmware.
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.022 秒)
