公开(公告)号：US11409877B2

公开(公告)日：2022-08-09

申请号：US16832152

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Chao Zhang ,  Nivedita Aggarwal ,  Aditya Katragada ,  Mohamed Haniffa ,  Kenji Chen

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/64 ,  G06F21/44

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

公开(公告)号：US20210303692A1

公开(公告)日：2021-09-30

申请号：US16832489

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Vinupama Godavarthi ,  Andrzej Mialkowski ,  Kar Leong Wong ,  Aditya Katragada ,  Maciej Kusio ,  Prashant Dewan ,  Karunakara Kotary

IPC: G06F21/57 ,  G06F21/78 ,  G06F12/0804

Abstract: An apparatus to implement an IP independent secure firmware load into an IP agent without a ROM to establish hardware root of trust is disclosed. The apparatus includes a plurality of agents, at least one agent including an isolated memory region accessible only to a trusted entity of the at least one agent and a main memory, and a processor to allocate a section of the isolated memory region of the at least one agent, verify a first stage firmware module, the first stage firmware module comprising instructions to enable the at least one agent to load and verify a second stage firmware module, place the first stage firmware module into memory of the at least one agent without a ROM to establish the hardware root of trust

公开(公告)号：US20210303691A1

公开(公告)日：2021-09-30

申请号：US16832416

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Karunakara Kotary ,  Nivedita Aggarwal ,  Vinupama Godavarthi ,  Aditya Katragada ,  Mohamed Haniffa ,  Tung Lun Loo

IPC: G06F21/57

Abstract: An apparatus to implement an IP independent firmware load is disclosed. The apparatus includes a plurality of agents, a plurality of agents, at least one agent including a memory to store firmware to be executed by the agent to perform a function associated with the agent and a register to store enumeration data for the firmware load mechanism of the IP, and a processor to initiate an enumeration process to read the enumeration data from the register of the at least one agent, make a decision based on that data to retrieve a firmware module from a storage device, verify the firmware module, and load the firmware module into the memory of the at least one agent.

公开(公告)号：US20190042482A1

公开(公告)日：2019-02-07

申请号：US15990720

申请日：2018-05-28

Applicant: Intel Corporation

Inventor： Aditya Katragada ,  Peter Munguia ,  Gregg Lahti

IPC: G06F12/14 ,  G06F13/40

Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.

公开(公告)号：US11886316B2

公开(公告)日：2024-01-30

申请号：US17733347

申请日：2022-04-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Aditya Katragada

IPC: G06F11/34 ,  H04L9/32 ,  H04L67/125

CPC classification number: G06F11/3414 ,  G06F11/3495 ,  H04L9/3263 ,  H04L67/125

Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.

公开(公告)号：US11734457B2

公开(公告)日：2023-08-22

申请号：US16724555

申请日：2019-12-23

Applicant: Intel Corporation

Inventor： Neel Piyush Shah ,  Enrico David Carrieri ,  Aditya Katragada ,  Jonathan Mark Lutz ,  Michael Carl Neve de Mevergnies ,  Bhavana Prabhakar

IPC: G06F21/71 ,  G06F11/36 ,  G06F21/31 ,  G06F21/79

CPC classification number: G06F21/71 ,  G06F11/3656 ,  G06F21/31 ,  G06F21/79

Abstract: A processor that was manufactured by a manufacturer comprises privileged debug operational circuitry, a debug restriction fuse, a credential store, a credential of the manufacturer in the credential store, and debug control circuitry. The debug restriction fuse is a one-time programmable fuse. The debug control circuitry is to automatically restrict access to the privileged debug operational circuitry, based on the debug restriction fuse. The processor may also include public debug operational circuitry, a prevent-unauthorized-debug (PUD) fuse, and an undo-PUD fuse. When the PUD fuse is set and the undo-PUD fuse is clear, the debug control circuitry may respond to an attempt by a debugger to use the public debug operational circuitry by determining whether the debugger is authorized, disallowing access if the debugger is not authorized, and allowing access if the debugger is authorized. Other embodiments are described and claimed.

公开(公告)号：US11550917B2

公开(公告)日：2023-01-10

申请号：US16457184

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Aditya Katragada ,  Prashant Dewan ,  Karunakara Kotary ,  Vinupama Godavarthi ,  Kumar Dwarakanath ,  Alex Izbinsky ,  Purushottam Goel

IPC: G06F21/57 ,  G06F21/72 ,  G06F9/445

Abstract: There is disclosed in one example, a system-on-a-chip (SoC), including: a processor core; a fabric; an intellectual property (IP) block communicatively coupled to the processor core via the fabric, the IP block having a microcontroller configured to provide a microcontroller architecture; a firmware load interface configured to provide a standardized hardware interface to the microcontroller architecture, wherein the standardized hardware interface provides an architecture-agnostic mechanism to securely load a firmware to the intellectual property block; and logic to provide a loader to load a firmware to the IP block via the firmware load interface.

公开(公告)号：US20220327214A1

公开(公告)日：2022-10-13

申请号：US17852814

申请日：2022-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Chao Zhang ,  Nivedita Aggarwal ,  Aditya Katragada ,  Mohamed Haniffa ,  Kenji Chen

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/64

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

公开(公告)号：US20220283959A1

公开(公告)日：2022-09-08

申请号：US17699320

申请日：2022-03-21

Applicant: Intel Corporation

Inventor： Aditya Katragada ,  Peter Munguia ,  Gregg Lahti

IPC: G06F12/14 ,  G06F13/40

Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.

公开(公告)号：US11281595B2

公开(公告)日：2022-03-22

申请号：US15990720

申请日：2018-05-28

Applicant: Intel Corporation

Inventor： Aditya Katragada ,  Peter Munguia ,  Gregg Lahti

IPC: G06F12/00 ,  G06F12/14 ,  G06F13/40

Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.