Patent application number | Description | Published |
20090089566 | SUPPORTING ADVANCED RAS FEATURES IN A SECURED COMPUTING SYSTEM - Systems and methods for enabling Reliability, Availability & Serviceability features after launching a secure environment under the control of LaGrande Technology (LT), or comparable security technology, without compromising security are provided. In one embodiment, the method comprises adding at least one specific capability to a processor to enable at least one of CPU hot-plug, CPU migration, CPU hot removal and capacity on demand. | 04-02-2009 |
20090172372 | METHODS AND APPARATUS FOR GENERATING SYSTEM MANAGEMENT INTERRUPTS - A method includes determining a plurality of memory addresses, each memory address being different from one another. The method further includes generating a plurality of system management interrupt interprocessor interrupts, each system management interrupt interprocessor interrupt having a corresponding processor in a plurality of processors in a system and each system management interrupt interprocessor interrupt including one of the plurality of memory addresses. The method further includes directing each system management interrupt interprocessor interrupt to the corresponding processor. An associated machine readable medium is also disclosed. | 07-02-2009 |
20090172639 | FIRMWARE INTEGRITY VERIFICATION - In some embodiments, the integrity of firmware stored in a non-volatile memory is verified prior to initiation of a firmware reset vector. Other embodiments are described and claimed. | 07-02-2009 |
20090172806 | SECURITY MANAGEMENT IN MULTI-NODE, MULTI-PROCESSOR PLATFORMS - Multi-node and multi-processor security management is described in this application. Data may be secured in a TPM of any one of a plurality of nodes, each node including one or more processors. The secured data may be protected using hardware hooks to prevent unauthorized access to the secured information. Security hierarchy may be put in place to protect certain memory addresses from access by requiring permission by VMM, OS, ACM or processor hardware. The presence of secured data may be communicated to each of the nodes to ensure that data is protected. Other embodiments are described. | 07-02-2009 |
Patent application number | Description | Published |
20100169729 | ENABLING AN INTEGRATED MEMORY CONTROLLER TO TRANSPARENTLY WORK WITH DEFECTIVE MEMORY DEVICES - Embodiments of the invention are generally directed to systems, methods, and apparatuses for enabling an integrated memory controller to transparently work with defective memory devices. In some embodiments, a marginal condition is imposed on a memory module during normal operations of the memory module. The term “marginal condition” refers to a condition that is out of compliance with a specified (or “normal”) operating condition for the memory module. The memory module may exhibit failures in response to the marginal conditions and compensating mechanisms may mitigate the failures. | 07-01-2010 |
20120124356 | METHODS AND APPARATUSES FOR RECOVERING USAGE OF TRUSTED PLATFORM MODULE - Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic. | 05-17-2012 |
20130212406 | TECHNIQUE FOR PROVIDING SECURE FIRMWARE - A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system. | 08-15-2013 |
20130212672 | EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION ON A POINT-TO-POINT INTERCONNECT SYSTEM - Methods and apparatus for initiating secure operations in a microprocessor system are described. In one embodiment, a system includes a processor to execute a secured enter instruction, and a chipset to cause the system to enter a quiescent state during execution of the secured enter instruction. | 08-15-2013 |
20130275980 | HARDWARE PROTECTION OF VIRTUAL MACHINE MONITOR RUNTIME INTEGRITY WATCHER - An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. | 10-17-2013 |
20130326288 | PROCESSOR THAT DETECTS WHEN SYSTEM MANAGEMENT MODE ATTEMPTS TO REACH PROGRAM CODE OUTSIDE OF PROTECTED SPACE - A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting. | 12-05-2013 |
20140040543 | Providing State Storage in a Processor for System Management Mode - In one embodiment, the present invention includes a processor that has an on-die storage such as a static random access memory to store an architectural state of one or more threads that are swapped out of architectural state storage of the processor on entry to a system management mode (SMM). In this way communication of this state information to a system management memory can be avoided, reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a status of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) blocked state, in order to provide an indication to agents inside the SMM. Other embodiments are described and claimed. | 02-06-2014 |
20140282502 | LAYERED VIRTUAL MACHINE INTEGRITY MONITORING - Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed. | 09-18-2014 |
Patent application number | Description | Published |
20090172385 | ENABLING SYSTEM MANAGEMENT MODE IN A SECURE SYSTEM - Apparatuses, methods, and systems for enabling system management mode in a secure system are disclosed. In one embodiment, a processor includes sub-operating-system mode logic, virtual machine logic, and control logic. The sub-operating-system mode logic is to support a sub-operating-system mode. The virtual machine logic is to support virtualization. The control logic is to prevent virtualization from being enabled when the sub-operating-system mode is disabled. | 07-02-2009 |
20090249050 | SYSTEM AND METHOD FOR ESTABLISHING A TRUST DOMAIN ON A COMPUTER PLATFORM - Embodiments of the invention provide systems and methods associated with a measurement engine in a server platform. In one such embodiment of the invention, the measurement engine hardware verifies/authenticates its own firmware and then system initialization firmware by measuring such firmware and storing measurement results in a register that is not spoofable by malicious code. In this instance, the measurement engine holds the host CPU complex in a reset state until the measurement engine has verified the system initialization firmware. In another such embodiment of the invention, the measurement engine hardware also measures firmware associated with one or more system service processors and stores such measurement results in a register. In this case, the measurement engine holds the system service processors and the host CPU complex in reset until the measurements are completed. Other embodiments are described. | 10-01-2009 |
20110161676 | ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction. | 06-30-2011 |
20130103938 | Reconfiguring A Secure System - Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock. | 04-25-2013 |
20130212673 | ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction. | 08-15-2013 |