Patent application number | Description | Published |
20090019267 | Method, System, and Apparatus for Dynamic Reconfiguration of Resources - A dynamic reconfiguration to include on-line addition, deletion, and replacement of individual modules of to support dynamic partitioning of a system, interconnect (link) reconfiguration, memory RAS to allow migration and mirroring without OS intervention, dynamic memory reinterleaving, CPU and socket migration, and support for global shared memory across partitions is described. To facilitate the on-line addition or deletion, the firmware is able to quiesce and de-quiesce the domain of interest so that many system resources, such as routing tables and address decoders, can be updated in what essentially appears to be an atomic operation to the software layer above the firmware. | 01-15-2009 |
20090024715 | Method, System, and Apparatus for Dynamic Reconfiguration of Resources - A dynamic reconfiguration to include on-line addition, deletion, and replacement of individual modules of to support dynamic partitioning of a system, interconnect (link) reconfiguration, memory RAS to allow migration and mirroring without OS intervention, dynamic memory reinterleaving, CPU and socket migration, and support for global shared memory across partitions is described. To facilitate the on-line addition or deletion, the firmware is able to quiesce and de-quiesce the domain of interest so that many system resources, such as routing tables and address decoders, can be updated in what essentially appears to be an atomic operation to the software layer above the firmware. | 01-22-2009 |
20090055600 | Method, System, and Apparatus for Dynamic Reconfiguration of Resources - A dynamic reconfiguration to include on-line addition, deletion, and replacement of individual modules of to support dynamic partitioning of a system, interconnect (link) reconfiguration, memory RAS to allow migration and mirroring without OS intervention, dynamic memory reinterleaving, CPU and socket migration, and support for global shared memory across partitions is described. To facilitate the on-line addition or deletion, the firmware is able to quiesce and de-quiesce the domain of interest so that many system resources, such as routing tables and address decoders, can be updated in what essentially appears to be an atomic operation to the software layer above the firmware. | 02-26-2009 |
20090265472 | Method, System, and Apparatus for System Level Initialization - Multiple initialization techniques for system and component in a point-to-point architecture are discussed. Consequently, the techniques allow for flexible system/socket layer parameters to be tailored to the needs of the platform, such as, desktop, mobile, small server, large server, etc., as well as the component types such as IA32/IPF processors, memory controllers, IO Hubs, etc. Furthermore, the techniques facilitate powering up with the correct set of POC values, hence, it avoids multiple warm resets and improves boot time. In one embodiment, registers to hold new values, such as, Configuration Values Driven during Reset (CVDR), and Configuration Values Captured during Reset (CVCR) may be eliminated. | 10-22-2009 |
20100262823 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 10-14-2010 |
20100281255 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 11-04-2010 |
20110145506 | Replacing Cache Lines In A Cache Memory - In one embodiment, the present invention includes a cache memory including cache lines that each have a tag field including a state portion to store a cache coherency state of data stored in the line and a weight portion to store a weight corresponding to a relative importance of the data. In various implementations, the weight can be based on the cache coherency state and a recency of usage of the data. Other embodiments are described and claimed. | 06-16-2011 |
20120079590 | METHOD FOR ENFORCING RESOURCE ACCESS CONTROL IN COMPUTER SYSTEMS - A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs. | 03-29-2012 |
20120239906 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 09-20-2012 |
20130103938 | Reconfiguring A Secure System - Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock. | 04-25-2013 |
20130254905 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 09-26-2013 |
20130268777 | Securing Inputs from Malware - A series of touch panel key entries may be secured by shuffling touch entry coordinates. In one embodiment, the entries may be secured by applying a shuffling algorithm that replaces the true coordinates with other incorrect coordinates. Then the correct data may be reassembled in a secure environment. | 10-10-2013 |
20140137231 | INCORPORATING ACCESS CONTROL FUNCTIONALITY INTO A SYSTEM ON A CHIP (SoC) - In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed. | 05-15-2014 |
20140201471 | Arbitrating Memory Accesses Via A Shared Memory Fabric - In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed. | 07-17-2014 |
20140240326 | Method, Apparatus, System For Representing, Specifying And Using Deadlines - In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated order identifier and a deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed. | 08-28-2014 |
20140282819 | METHOD, APPARATUS, SYSTEM FOR QUALIFYING CPU TRANSACTIONS WITH SECURITY ATTRIBUTES - Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator. | 09-18-2014 |
20140298408 | Method For Enforcing Resource Access Control In Computer Systems - A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs. | 10-02-2014 |
20150059007 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 02-26-2015 |