利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

22 条记录 (耗时 0.018 秒)

    MEMORY ENCRYPTION EXCLUSION METHOD AND APPARATUS
    3.
    发明申请
    MEMORY ENCRYPTION EXCLUSION METHOD AND APPARATUS 审中-公开
    内存加密排除方法和设备

    公开(公告)号:US20160378686A1

    公开(公告)日:2016-12-29

    申请号:US14749301

    申请日:2015-06-24

    申请人: Intel Corporation

    发明人: Nicholas J. Adams Vincent J. Zimmer Baiju V. Patel Rajesh Poornachandran

    IPC分类号: G06F12/14 G06F21/57

    CPC分类号: G06F12/1408 G06F8/654 G06F9/4401 G06F12/1441 G06F21/572 G06F21/575 G06F2212/1052

    摘要: Apparatuses, methods and storage medium associated with memory encryption exclusion are disclosed herein. In embodiments, an apparatus may include one or more processors, memory, and firmware to provide basic input/output services to an operating system. Additionally, the apparatus may include a memory controller to control access to the memory, wherein the memory controller includes an encryption engine to encrypt data, using an encryption key, before the data are stored into an encrypted area of the memory, wherein the encryption engine regenerates the encryption key on a reset transferring execution from the operating system operated by the one or more processors to a pre-boot phase of the firmware. Further, the apparatus may include one or more storage locations to store one or more memory parameters to set aside one or more ranges of the memory as one or more encryption excluded areas. Other embodiments may be described and/or claimed.

    摘要翻译: 本文公开了与存储器加密排除相关联的装置,方法和存储介质。 在实施例中,设备可以包括一个或多个处理器,存储器和固件,以向操作系统提供基本的输入/输出服务。 此外,该装置可以包括控制对存储器的访问的存储器控​​制器,其中存储器控制器在数据被存储到存储器的加密区域之前,使用加密密钥来加密数据的加密引擎,其中加密引擎 在从一个或多个处理器操作的操作系统的复位传送执行到固件的启动前阶段,重新生成加密密钥。 此外,设备可以包括一个或多个存储位置,以存储一个或多个存储器参数,以将存储器的一个或多个范围放置为一个或多个加密排除区域。 可以描述和/或要求保护其他实施例。

    Continuation of trust for platform boot firmware
    4.
    发明授权
    Continuation of trust for platform boot firmware 有权
    继续信任平台启动固件

    公开(公告)号:US09223982B2

    公开(公告)日:2015-12-29

    申请号:US13782512

    申请日:2013-03-01

    申请人: Intel Corporation

    发明人: Nicholas J. Adams Willard M. Wiseman

    IPC分类号: G06F11/30 G06F21/57

    CPC分类号: G06F21/575 G06F21/57

    摘要: This disclosure is directed to continuation of trust for platform boot firmware. A device may comprise a processing module and a memory module including read-only memory (ROM) on which is stored platform boot firmware. On activation, the processing module may load the platform boot firmware. The platform boot firmware may cause the processing module to first load a trusted pre-verifier file to load and verify the signature of a hash table loaded from the platform boot firmware. The processing module may then load firmware program files from the platform boot firmware, calculate a hash for each file, and verify whether each program hash is in the hash table. Firmware program files with hashes in the hash table may be allowed to execute. If any firmware program file hash is not in the hash table, the processing module may perform platform specific security actions to prevent the device from being compromised.

    摘要翻译: 本公开旨在延续平台引导固件的信任。 设备可以包括处理模块和包括只读存储器(ROM)的存储器模块,在其上存储有平台引导固件。 激活时,处理模块可以加载平台引导固件。 平台启动固件可能导致处理模块首先加载可信任的验证者文件以加载并验证从平台引导固件加载的散列表的签名。 然后,处理模块可以从平台引导固件加载固件程序文件,计算每个文件的散列,并验证每个程序散列是否在散列表中。 可以允许在哈希表中使用散列的固件程序文件执行。 如果任何固件程序文件散列不在哈希表中,则处理模块可以执行平台特定的安全动作以防止设备被破坏。

    Trusted boot and runtime operation
    8.
    发明授权
    Trusted boot and runtime operation 有权
    可信的启动和运行时操作

    公开(公告)号:US09384352B2

    公开(公告)日:2016-07-05

    申请号:US14127211

    申请日:2013-10-02

    申请人: Intel Corporation

    发明人: Jiewen Yao Vincent J. Zimmer Nicholas J. Adams Willard M. Wiseman Qin Long Shihui Li

    IPC分类号: G06F9/00 G06F21/57 G06F21/72 G06F9/44

    CPC分类号: G06F21/575 G06F9/4403 G06F21/72

    摘要: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.

    摘要翻译: 实施例包括一种装置,包括:带外密码处理器,包括耦合到具有固定地址的根索引的安全非易失性存储器,并且包括由根索引引用的第一和第二变量; 以及包括用于初始化处理器和嵌入式存储器逻辑的嵌入式处理器逻辑以初始化耦合到所述处理器的存储器的半导体集成代码(SIC); 其中(a)响应于重置所述处理器并且在向引导代码提供控制之前响应于所述SIC执行所述SIC,以及(b)所述SIC响应于访问所述第一和第二变量中的至少一个来执行预引导操作 。 本文描述了其它实施例。

    Power management data package provision method and apparatus
    9.
    发明授权
    Power management data package provision method and apparatus 有权

    公开(公告)号:US10318278B2

    公开(公告)日:2019-06-11

    申请号:US14850733

    申请日:2015-09-10

    申请人: INTEL CORPORATION

    发明人: Krishnakumar Narasimhan Nicholas J. Adams

    IPC分类号: G06F9/24 G06F15/177 G06F8/654

    摘要: Apparatuses, methods and storage medium associated with provision of power management data packages are disclosed herein. In embodiments, an apparatus may include one or more processors, memory to store a power management data package having a first plurality of descriptions of always present fixed platform devices and a second plurality of descriptions of potentially present variable platform devices; and firmware coupled with the one or more processors and memory to provide basic input/output services to an operating system operated by the one or more processors, wherein the operating system has an operational requirement for the power management data package. The basic input/output services may include a service to modify the power management data package to bring the power management data package into compliance with the operational requirement of the operating system. Other embodiments may be described and/or claimed.