Method for SMI arbitration timeliness in a cooperative SMI/driver use mechanism
    1.
    发明授权
    Method for SMI arbitration timeliness in a cooperative SMI/driver use mechanism 失效
    合作SMI /驾驶员使用机制中SMI仲裁及时性的方法

    公开(公告)号:US06981081B2

    公开(公告)日:2005-12-27

    申请号:US10325776

    申请日:2002-12-19

    CPC分类号: G06F13/378

    摘要: A Bus Driver implements an arbitration mechanism to allow both the system management interrupt (SMI) and the Bus Driver to cooperatively use a Bus host controller hardware. This mechanism employs a hardware-based semaphore (status bit) to allow either the SMI or the driver to claim ownership of the Bus host controller for an arbitrary period of time. While either the SMI or the driver may own the status bit, the other party must poll the bit until ownership is achieved. For the SMI, this involves scheduling a periodic SMI interrupt. The driver performs self arbitration of claiming the status bit to provide the periodic SMI interrupt the opportunity to claim the bit. The mechanism allows the SMI access to the Bus host controller in a “timely” manner, while minimizing impact to driver access to the Bus host controller, which could impact driver Bus transaction throughput.

    摘要翻译: 总线驱动器实现仲裁机制,允许系统管理中断(SMI)和总线驱动程序协同使用总线主机控制器硬件。 该机制采用基于硬件的信号量(状态位)来允许SMI或驱动程序在任意一段时间内声明对总线主机控制器的所有权。 虽然SMI或驱动程序可能拥有状态位,但是对方必须轮询该位,直到实现所有权。 对于SMI,这涉及调度周期性SMI中断。 驱动程序执行声称状态位的自我仲裁,以使周期性SMI中断有机会声明该位。 该机制允许SMI以“及时”的方式访问总线主机控制器,同时最小化对驱动程序访问总线主机控制器的影响,这可能会影响驱动器总线事务吞吐量。

    Protected boot flow
    3.
    发明授权
    Protected boot flow 有权
    保护引导流程

    公开(公告)号:US06711675B1

    公开(公告)日:2004-03-23

    申请号:US09503046

    申请日:2000-02-11

    IPC分类号: G06F15177

    CPC分类号: G06F21/575 G06F9/4401

    摘要: A protected boot sequence in a computer system. A reset vector directs the system to a boot program including a protected program. This protected program verifies the integrity of the BIOS contents before branching to the BIOS for execution of normal bootstrap functions. The protected program can also lock down various blocks of bootstrap code to prevent them from being changed after a certain point in the boot sequence. The protected boot sequence can proceed in layers, with each layer providing some level of validation or security for succeeding layers.

    摘要翻译: 计算机系统中的受保护引导序列。 复位向量将系统引导到包括受保护程序的引导程序。 此受保护的程序在分支到BIOS以执行正常引导功能之前验证BIOS内容的完整性。 受保护的程序还可以锁定引导代码的各种块,以防止在引导顺序中的某一点之后它们被更改。 受保护的引导序列可以分层进行,每个层为后续层提供一定程度的验证或安全性。

    Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line
    4.
    发明授权
    Method and apparatus for initializing a computer system that includes disabling the masking of a maskable address line 失效
    用于初始化计算机系统的方法和装置,包括禁用掩蔽可屏蔽地址线

    公开(公告)号:US06473853B1

    公开(公告)日:2002-10-29

    申请号:US09337369

    申请日:1999-06-21

    IPC分类号: G06F9445

    CPC分类号: G06F9/4403

    摘要: A method of securing a boot process for a computer system enables a processor to boot from a location identified by a boot vector. The method includes the step of disabling masking of a maskable address line in response to a processor initialization event. In one embodiment, an apparatus includes a processor coupled to a memory by at least one maskable address line wherein the memory is storing a first initialization instruction. The apparatus includes a mask control wherein the mask control disables masking of the maskable address line before the processor attempts to access the first initialization instruction in response to an initialization event. In one embodiment a processor chipset gates a first address mask control with an inhibit bit to generate a second address mask control. The second address mask control is independent of the first address mask control when the inhibit bit is set to a first value. The processor chipset sets the inhibit bit to the first value in response to a processor initialization event. In various embodiments the initialization event include at least one of an application of power to the processor, a processor RESET, or a processor INIT.

    摘要翻译: 确保计算机系统的引导过程的方法使得处理器能够从由引导向量识别的位置引导。 该方法包括响应于处理器初始化事件禁用可屏蔽地址线的屏蔽的步骤。 在一个实施例中,一种装置包括通过至少一个可屏蔽地址线耦合到存储器的处理器,其中存储器正在存储第一初始化指令。 该设备包括掩模控制,其中掩码控制在处理器响应于初始化事件尝试访问第一初始化指令之前禁用可屏蔽地址线的掩蔽。 在一个实施例中,处理器芯片组用禁止位对第一地址掩码控制进行门控以产生第二地址掩码控制。 当禁止位被设置为第一值时,第二地址掩码控制与第一地址掩码控制无关。 处理器芯片组响应于处理器初始化事件将禁止位设置为第一值。 在各种实施例中,初始化事件包括向处理器施加电力,处理器RESET或处理器INIT中的至少一个。

    Secure replay protected storage
    5.
    发明授权
    Secure replay protected storage 有权
    安全重放保护存储

    公开(公告)号:US09405707B2

    公开(公告)日:2016-08-02

    申请号:US13997896

    申请日:2011-12-20

    IPC分类号: G06F11/30 G06F12/14 G06F13/14

    摘要: Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks.Embodiments of the invention enable secure standard storage flash memory devices such as SPI flash memory devices to achieve replay protection for securely stored data. Embodiments of the invention utilize flash memory controllers, flash memory devices, unique device keys and HMAC key logic to create secure execution environments for various components.

    摘要翻译: 本发明的实施例在闪存设备(例如,串行外围设备接口(SPI)闪存设备)中创建底层基础设施,使得其可以被保护免受用户攻击 - 例如,替换SPI闪存设备或管理员 - 中间(MITM)攻击,即时修改SPI闪存内容。 在现有技术中,单调计数器不能存储在SPI闪存设备中,因为所述设备不为计数器提供重放保护。 用户还可以移除闪存设备并对其进行重新编程。 仅主机平台无法防范此类硬件攻击。 本发明的实施例使得诸如SPI闪存设备之类的安全标准存储闪存设备能够实现用于安全存储的数据的重放保护。 本发明的实施例利用闪存控制器,闪存设备,唯一设备密钥和HMAC密钥逻辑来为各种组件创建安全的执行环境。

    Method, apparatus and system for generating access information from an LRU tracking list
    6.
    发明授权
    Method, apparatus and system for generating access information from an LRU tracking list 有权
    用于从LRU跟踪列表生成访问信息的方法,装置和系统

    公开(公告)号:US08364915B2

    公开(公告)日:2013-01-29

    申请号:US12822034

    申请日:2010-06-23

    IPC分类号: G06F12/00

    CPC分类号: G06F12/123

    摘要: Techniques for generating access information indicating a least recently used (LRU) memory region in a set of memory regions. In an embodiment, data is stored in an entry of an LRU tracking list (LTL) based on a touch message indicating when a memory group has been touched—e.g. read from, written to and/or associated with a memory region. The data stored in an LTL entry may include an identifier of a memory group and/or validity data specifying whether that LTL entry stores a set of default data. In another embodiment, access information may be generated based on the memory group identifier and the validity data.

    摘要翻译: 用于产生指示一组存储器区域中的最近最少使用(LRU)存储器区域的访问信息的技术。 在一个实施例中,基于指示何时触摸存储器组的触摸消息,将数据存储在LRU跟踪列表(LTL)的条目中 - 例如, 读取,写入和/或与存储器区域相关联。 存储在LTL条目中的数据可以包括存储器组的标识符和/或指定该LTL条目是否存储一组默认数据的有效性数据。 在另一个实施例中,可以基于存储器组标识符和有效性数据来生成访问信息。