公开(公告)号：DE102007062745B4

公开(公告)日：2010-12-23

申请号：DE102007062745

申请日：2007-12-27

Applicant: INTEL CORP

Inventor： SIDDIQI FARAZ A ,  BRANNOCK KIRK D

IPC: G06F9/46

公开(公告)号：DE102007062745A1

公开(公告)日：2008-07-17

申请号：DE102007062745

申请日：2007-12-27

Applicant: INTEL CORP

Inventor： SIDDIQI FARAZ A ,  BRANNOCK KIRK D

IPC: G06F9/46 ,  G06F9/48

Abstract: An apparatus comprising a memory controller including therein a configuration register, a communication channel coupled to the memory controller, and first and second memory partitions coupled to the communication channel, wherein configuration parameters in the configuration register are set so that the memory controller recognizes one partition at a time. A process comprising setting configuration parameters in a configuration register of a memory controller so that the memory controller recognizes a first memory partition coupled to the memory controller by a communication channel instead of a second memory partition coupled to the memory controller by the communication channel and re-setting the configuration parameters so that the memory controller recognizes the second memory partition instead of the first memory partition.

公开(公告)号：DE10297281T5

公开(公告)日：2004-09-16

申请号：DE10297281

申请日：2002-09-27

Applicant: INTEL CORP

Inventor： BRANNOCK KIRK D ,  STEVENS WILLIAM A

IPC: G06F9/445

公开(公告)号：EP3123299A4

公开(公告)日：2018-01-24

申请号：EP15769354

申请日：2015-01-28

Applicant: INTEL CORP

Inventor： SWANSON ROBERT C ,  TRAW C BRENDAN ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  LINDSLEY JOHN R ,  NATU MAHESH S ,  ZIAKAS DIMITRIOS ,  CONE ROBERT W ,  RANGARAJAN MADHUSUDHAN ,  NIKJOU BABAK ,  BRANNOCK KIRK D ,  WUNDERLICH RUSSELL J ,  SCHWARTZ MILES F ,  PAWLOWSKI STEPHEN S

IPC: G06F9/22 ,  G06F9/44 ,  G06F11/14 ,  G06F11/30 ,  G06F11/34 ,  G06F21/56 ,  G06F21/57

CPC classification number: G06F11/3476 ,  G06F9/4403 ,  G06F9/4416 ,  G06F11/1417 ,  G06F21/575 ,  G06F2201/84

Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.

公开(公告)号：EP3044721A4

公开(公告)日：2017-05-03

申请号：EP14843785

申请日：2014-09-08

Applicant: INTEL CORP

Inventor： CEN SHANWEI ,  BRANNOCK KIRK D

IPC: G06F21/82 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/82

Abstract: Methods and systems may provide for receiving at a secure element of a system, during a boot process of the system, a first pairing authentication value from a pairing agent. In addition, a pairing key may be received from the pairing agent, wherein the first pairing authentication value and the pairing key may be used to establish a trusted channel between the secure element and an input output (IO) device coupled to the system. In one example, the first pairing authentication value is accepted only if the first pairing authentication value is received prior to a predetermined stage of the boot process.

Abstract translation: 方法和系统可以提供在系统的引导过程期间在系统的安全元件处接收来自配对代理的第一配对认证值。 另外，可以从配对代理接收配对密钥，其中第一配对认证值和配对密钥可以用于在安全元件和耦合到系统的输入输出（IO）设备之间建立可信信道。 在一个示例中，仅当在引导过程的预定阶段之前接收到第一配对认证值时才接受第一配对认证值。

公开(公告)号：GB2521946A

公开(公告)日：2015-07-08

申请号：GB201501587

申请日：2013-06-28

Applicant: INTEL CORP

Inventor： FISCHER STEPHEN A ,  GOTZE KEVIN C ,  BULYGIN YURIY ,  BRANNOCK KIRK D

IPC: G06F21/56 ,  G06F11/30 ,  G06F21/50

Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.

公开(公告)号：GB2497224A

公开(公告)日：2013-06-05

申请号：GB201302491

申请日：2011-09-12

Applicant: INTEL CORP

Inventor： WISHMAN ALLEN R ,  GHETIE SERGLU D ,  MEVERGNIE MICHAEL NEVE DE ,  WARRIER ULHAS S ,  KARRAR ADIL ,  MORAN DOUGLAS ,  BRANNOCK KIRK D

IPC: G06F21/57 ,  G06F9/445

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

公开(公告)号：DE10297281B4

公开(公告)日：2012-02-02

申请号：DE10297281

申请日：2002-09-27

Applicant: INTEL CORP

Inventor： BRANNOCK KIRK D ,  STEVENS WILLIAM A

IPC: G06F9/445 ,  G06F17/30

Abstract: Verfahren zum elementaren Aktualisieren einer Vielzahl von vorhandenen Plattform-Firmware-Dateien in einem dauerhaften Firmware-Speicher, wobei wenigstens ein Teil von vorhandenen Plattform Firmwaredaten Kopfdaten beinhalten, die angeben, ob die vorhandenen Plattform-Firmware-Daten gültig und aktualisiert sind, gekennzeichnet durch die Schritte: Erstellen einer Fülldatei; Modifizieren von Kopfdaten der vorhandenen Plattform-Firmware-Datendaten um anzugeben, dass die vorhandenen Plattform-Firmware-Daten gültig sind und zu aktualisieren sind; Schreiben von aktualisierten Plattform-Firmware-Daten-Dateien in die Fülldatei in dem dauerhaften Firmware-Speicher, so dass der dauerhafte Firmware-Speicher sowohl die vorhandenen Plattform Firmware-Daten als auch die aktualisierten Firmware-Daten aufweist, wobei die aktualisierten Firmware-Daten-Dateien Kopfdaten beinhalten, die angeben, dass die aktualisierten Plattform-Firmware-Daten nicht gültig und nicht zu aktualisieren sind; und Ausführen einer elementaren Operation zum Modifizieren der Kopfdaten der Plattform-Firmware-Dateien, um anzugeben, daß die aktualisierten Plattform-Firmware-Dateien anstelle der vorhandenen Plattform-Firmware-Dateien verwendet werden sollen.

公开(公告)号：GB2445249A

公开(公告)日：2008-07-02

申请号：GB0724756

申请日：2007-12-19

Applicant: INTEL CORP

Inventor： SIDDIQI FARAZ A ,  BRANNOCK KIRK D

IPC: G06F13/16

Abstract: A computer system 400 comprises a memory controller 202, e.g. a memory controller hub (MCH), including a configuration register 204, a communication channel, e.g. memory bus 206, 208, coupled to the memory controller, and first 210, 214 and second 212, 216 memory partitions coupled to the communication channel. Configuration parameters in the configuration register are set so that the memory controller recognizes one partition at a time, e.g. so that memory controller 202 address decodes for one partition at a time. Configuration register 204 may be locked and unlocked by a privileged code module 503 such as an authenticated code module (ACM) or a system management mode (SMM) module. The configuration parameters may be re-set so that the memory controller recognizes the second memory partition instead of the first memory partition. Manipulating configuration registers 204 in this way allows memory partitions, e.g. loaded with different operating systems, to be turned on or off to allow quicker switching between operating system contexts in the memory (figs. 5A, 5B).

公开(公告)号：GB2445249B

公开(公告)日：2010-08-04

申请号：GB0724756

申请日：2007-12-19

Applicant: INTEL CORP

Inventor： SIDDIQI FARAZ A ,  BRANNOCK KIRK D

IPC: G06F13/16

Abstract: An apparatus comprising a memory controller including therein a configuration register, a communication channel coupled to the memory controller, and first and second memory partitions coupled to the communication channel, wherein configuration parameters in the configuration register are set so that the memory controller recognizes one partition at a time. A process comprising setting configuration parameters in a configuration register of a memory controller so that the memory controller recognizes a first memory partition coupled to the memory controller by a communication channel instead of a second memory partition coupled to the memory controller by the communication channel and re-setting the configuration parameters so that the memory controller recognizes the second memory partition instead of the first memory partition.