-
公开(公告)号:US20240231471A1
公开(公告)日:2024-07-11
申请号:US18410552
申请日:2024-01-11
Applicant: Meta Platforms Technologies, LLC
Inventor: Shrirang Madhav Yardi , Dinesh Patil , Neeraj Upasani
IPC: G06F1/3293
CPC classification number: G06F1/3293
Abstract: A system on a chip (SoC) comprises SoC memory; one or more processor subsystems, wherein each processor subsystem includes a processor connected to the SoC memory; and a low power subsystem integrated as a separate subsystem in the SoC, wherein the low power subsystem includes a microcontroller and a power management unit (PMU), wherein the microcontroller executes a real-time operating system (RTOS), wherein the PMU is connected to each processor subsystem, the PMU operating under the control of the microcontroller to control the power to each processor subsystem, wherein the low power subsystem is configured to boot up the SoC via the microcontroller executing out of SoC memory.
-
公开(公告)号:US11941131B1
公开(公告)日:2024-03-26
申请号:US17248883
申请日:2021-02-11
Applicant: Meta Platforms Technologies, LLC
CPC classification number: G06F21/602 , G06F1/163 , G06F3/012 , G06F15/7807 , G06F21/64 , G06F21/79 , G06T19/006 , G06F21/107
Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.
-
公开(公告)号:US11755747B2
公开(公告)日:2023-09-12
申请号:US17248886
申请日:2021-02-11
Applicant: Meta Platforms Technologies, LLC
CPC classification number: G06F21/602 , G06F3/012 , G06F13/28 , G06F15/7807 , G06F21/64 , G06F21/79 , G06F2221/0751
Abstract: An example system on a chip (SoC) includes a security processor configured to store a plurality of key-pairs associated with subsystems of the SoC to a key vault; and an encryption engine configured to: determine a first tweak value based on a first sector address of a storage device; encrypt the first tweak value according to the second key of the key-pair associated with a subsystem; encrypt a first portion of the source data according to a first key of the key-pair and the encrypted first tweak value; determine a second tweak value based on a second sector address of the storage device and encrypt the second tweak value according to the second key prior to completing the encryption of the first portion of the source data; and encrypt a second portion of the source data according to the first key and the encrypted second tweak value.
-
公开(公告)号:US12299183B1
公开(公告)日:2025-05-13
申请号:US17301274
申请日:2021-03-30
Applicant: Meta Platforms Technologies, LLC
Abstract: This disclosure describes systems on a chip (SOCs) that prevent trim attempts. The SOCs include one-time programmable (OTP) memory and an engine configured to determine if the one-time programmable (OTP) memory has been trimmed; and if the one-time programmable (OTP) memory has been trimmed, to prevent trimming of the OTP memory.
-
5.
公开(公告)号:US20240231091A1
公开(公告)日:2024-07-11
申请号:US18410539
申请日:2024-01-11
Applicant: Meta Platforms Technologies, LLC
Inventor: Shrirang Madhav Yardi , Dinesh Patil , Neeraj Upasani
IPC: G02B27/01 , G06F1/3296 , G06T19/00
CPC classification number: G02B27/017 , G06F1/3296 , G06T19/006
Abstract: A system on a chip (SoC) comprises SoC memory; one or more processor subsystems, wherein each processor subsystem includes a processor connected to the SoC memory; and a low power subsystem integrated as a separate subsystem in the SoC, wherein the low power subsystem includes a microcontroller and a power management unit (PMU), wherein the microcontroller executes a real-time operating system (RTOS), wherein the PMU is connected to each processor subsystem, the PMU operating under the control of the microcontroller to control the power to each processor subsystem.
-
公开(公告)号:US20230252156A1
公开(公告)日:2023-08-10
申请号:US18296870
申请日:2023-04-06
Applicant: Meta Platforms Technologies, LLC
Inventor: Shrirang Madhav Yardi , Neeraj Upasani , Dinesh Patil
CPC classification number: G06F21/575 , G06F1/04 , G06F21/552 , G06F21/62 , G06F21/74 , G06F21/64 , G06F2221/034 , G06F3/011
Abstract: Techniques are described for improving security of a boot sequence of a system, such as an artificial reality system. In some examples, a method includes configuring, by a boot sequencing system, attack detection circuitry based on configuration information accessed from a first storage device; after configuring the attack detection circuitry, starting, by the boot sequencing system, a root of trust processor to initiate a boot sequence; enabling access, by the root of trust processor during the boot sequence, to secret information stored in a second storage device.
-
7.
公开(公告)号:US12200130B1
公开(公告)日:2025-01-14
申请号:US17248066
申请日:2021-01-07
Applicant: Meta Platforms Technologies, LLC
Abstract: Systems, methods, and devices authenticate processor instructions stored by a read-only memory (ROM). In one example, a ROM stores a block of register words. The block of register words includes a first register word specifying an authentication tag and one or more register words that each specify an instruction. A security controller identifies the first register word as specifying the authentication tag and performs authentication of the authentication tag. Upon successfully authenticating the authentication tag, the security controller forwards the register words that each specify instructions to a processor for execution. Upon unsuccessfully authenticating the authentication tag, the security controller blocks the register words that each specify instructions from execution by the processor.
-
公开(公告)号:US11775448B2
公开(公告)日:2023-10-03
申请号:US18048302
申请日:2022-10-20
Applicant: Meta Platforms Technologies, LLC
Inventor: Sudhir Satpathy , Wojciech Stefan Powiertowski , Neeraj Upasani , Dinesh Patil
CPC classification number: G06F12/1408 , G02B27/017 , G06F12/1081 , G06F15/7807 , G06T19/006 , H04L63/0435
Abstract: This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.
-
公开(公告)号:US11637916B2
公开(公告)日:2023-04-25
申请号:US17457599
申请日:2021-12-03
Applicant: Meta Platforms Technologies, LLC
Inventor: Dinesh Patil , Wojciech Stefan Powiertowski , Neeraj Upasani , Sudhir Satpathy
IPC: G06F3/00 , H04L69/22 , H04L9/40 , H04B7/26 , H04L45/745 , G06F13/28 , G06F13/40 , G06F21/60 , G06F21/79 , H04W28/14
Abstract: The disclosure describes wireless communication systems. The wireless communication system includes first memory, second memory, a direct memory access (DMA) controller, an encryption engine in-line between the DMA controller and the second memory, a first microprocessor, and a second microprocessor. The first microprocessor communicates with other systems that generate application data to be wirelessly transmitted. The application data to be wirelessly transmitted is stored in the second memory and programs the DMA controller to transfer packets of the application data to the first memory from the second memory. The encryption engine receives the packets of the application data from the DMA controller, encrypts the packets to generate encrypted application data packets, and outputs the encrypted application data packets for storage to the first memory.
-
公开(公告)号:US11520707B2
公开(公告)日:2022-12-06
申请号:US16694744
申请日:2019-11-25
Applicant: Meta Platforms Technologies, LLC
Inventor: Sudhir Satpathy , Wojciech Stefan Powiertowski , Neeraj Upasani , Dinesh Patil
Abstract: This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.
-
-
-
-
-
-
-
-
-