摘要:
Techniques for generating access information indicating a least recently used (LRU) memory region in a set of memory regions. In an embodiment, data is stored in an entry of an LRU tracking list (LTL) based on a touch message indicating when a memory group has been touched—e.g. read from, written to and/or associated with a memory region. The data stored in an LTL entry may include an identifier of a memory group and/or validity data specifying whether that LTL entry stores a set of default data. In another embodiment, access information may be generated based on the memory group identifier and the validity data.
摘要:
Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks.Embodiments of the invention enable secure standard storage flash memory devices such as SPI flash memory devices to achieve replay protection for securely stored data. Embodiments of the invention utilize flash memory controllers, flash memory devices, unique device keys and HMAC key logic to create secure execution environments for various components.
摘要:
A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.
摘要:
A Bus Driver implements an arbitration mechanism to allow both the system management interrupt (SMI) and the Bus Driver to cooperatively use a Bus host controller hardware. This mechanism employs a hardware-based semaphore (status bit) to allow either the SMI or the driver to claim ownership of the Bus host controller for an arbitrary period of time. While either the SMI or the driver may own the status bit, the other party must poll the bit until ownership is achieved. For the SMI, this involves scheduling a periodic SMI interrupt. The driver performs self arbitration of claiming the status bit to provide the periodic SMI interrupt the opportunity to claim the bit. The mechanism allows the SMI access to the Bus host controller in a “timely” manner, while minimizing impact to driver access to the Bus host controller, which could impact driver Bus transaction throughput.
摘要:
A protected boot sequence in a computer system. A reset vector directs the system to a boot program including a protected program. This protected program verifies the integrity of the BIOS contents before branching to the BIOS for execution of normal bootstrap functions. The protected program can also lock down various blocks of bootstrap code to prevent them from being changed after a certain point in the boot sequence. The protected boot sequence can proceed in layers, with each layer providing some level of validation or security for succeeding layers.
摘要:
A method of securing a boot process for a computer system enables a processor to boot from a location identified by a boot vector. The method includes the step of disabling masking of a maskable address line in response to a processor initialization event. In one embodiment, an apparatus includes a processor coupled to a memory by at least one maskable address line wherein the memory is storing a first initialization instruction. The apparatus includes a mask control wherein the mask control disables masking of the maskable address line before the processor attempts to access the first initialization instruction in response to an initialization event. In one embodiment a processor chipset gates a first address mask control with an inhibit bit to generate a second address mask control. The second address mask control is independent of the first address mask control when the inhibit bit is set to a first value. The processor chipset sets the inhibit bit to the first value in response to a processor initialization event. In various embodiments the initialization event include at least one of an application of power to the processor, a processor RESET, or a processor INIT.
摘要:
In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.
摘要:
A BIOS includes a core and multiple modules. The modules include both those that are platform specific and those that are not platform specific. Each module has a standard interface that allows the core (or other module) to call the module. A platform vendor constructs a BIOS by selecting modules from one or more vendors, which when executed can select modules that are suitable for the platform the BIOS resides in.