专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120167205A1 RUNTIME PLATFORM FIRMWARE VERIFICATION 有权
标题翻译：运行平台固件验证
公开(公告)号：US20120167205A1
公开(公告)日：2012-06-28
申请号：US12976523
申请日：2010-12-22
申请人： Sergiu D. Ghetie , Shahrokh Shahidzadeh , Michael Neve de Mevergnies , Adil Karrar , Vincent J. Zimmer
发明人： Sergiu D. Ghetie , Shahrokh Shahidzadeh , Michael Neve de Mevergnies , Adil Karrar , Vincent J. Zimmer
IPC分类号： G06F21/00
CPC分类号： G06F21/572
摘要： Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image.In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.
摘要翻译：本发明的实施例针对存储在处理器安全存储器中的逻辑和/或模块来确定第一平台固件映像（例如，基本输入/输出系统（BIOS），设备只读存储器（ROM），可管理性引擎固件）加载到处理器缓存中是有效的。如果判定为有效，则处理器执行第一平台固件映像。如果第一平台图像被确定为无效，则定位第二平台固件图像。如果该平台固件图像被确定为有效，则处理器将执行所述第二平台图像。在本发明的一些实施例中，确定第一平台固件图像是否有效是至少部分地基于与第一平台固件图像相关联的数字签名的验证。可以例如从私钥来创建数字签名，其中通过公钥验证数字签名。

2. 发明授权

US07698507B2 Protecting system management mode (SMM) spaces against cache attacks 失效
标题翻译：保护系统管理模式（SMM）空间，防止缓存攻击
公开(公告)号：US07698507B2
公开(公告)日：2010-04-13
申请号：US11712804
申请日：2007-02-28
申请人： Sergiu D. Ghetie
发明人： Sergiu D. Ghetie
IPC分类号： G06F13/00
CPC分类号： G06F21/79
摘要： A computing system may comprise a processor and a memory controller hub coupled by an external bus such as the front side bus. The processor may also comprise a cache. The processor may operate in SMM and the memory coupled to the memory controller hub may comprise SMM spaces such as compatible, HSEG, and TSEG areas. A software-based attack may write malicious instructions into the cache at an address corresponding to the SMM spaces. The illegal processor memory accesses that occur entirely inside the processor caches due to the cache attack may be forced to occur on the external bus. The memory controller hub may be capable of handling the memory accesses occurring on the external bus thus, protecting the SMM spaces against cache attack.
摘要翻译：计算系统可以包括通过外部总线（例如前端总线）耦合的处理器和存储器控制器集线器。处理器还可以包括高速缓存。处理器可以在SMM中操作，并且耦合到存储器控制器集线器的存储器可以包括诸如兼容的HSEG和TSEG区域之类的SMM空间。基于软件的攻击可以将写入恶意指令写入与SMM空间相对应的地址的缓存中。由于高速缓存攻击，处理器高速缓存内完全发生的非法处理器存储器访问可能被迫在外部总线上发生。存储器控制器集线器可能能够处理在外部总线上发生的存储器访问，从而保护SMM空间免受高速缓存攻击。

3. 发明授权

US09331855B2 Apparatus, system, and method for providing attribute identity control associated with a processor 有权
标题翻译：用于提供与处理器相关联的属性标识控制的设备，系统和方法
公开(公告)号：US09331855B2
公开(公告)日：2016-05-03
申请号：US13174940
申请日：2011-07-01
申请人： David A. Brown , Adil Karrar , Michael Neve de Mevergnies , Sergiu D. Ghetie , Shahrokh Shahidzadeh
发明人： David A. Brown , Adil Karrar , Michael Neve de Mevergnies , Sergiu D. Ghetie , Shahrokh Shahidzadeh
IPC分类号： G08C17/02 , H04L9/00 , H04L9/32 , G06F21/73
CPC分类号： H04L9/3234 , G06F21/73 , H04L2209/805
摘要： Described herein are an apparatus, system, and method for attribute identity control in a processor. The apparatus comprises a logic unit including a radio-frequency identification (RFID) tag comprising a non-volatile memory; and a processor operable to access the non-volatile memory, wherein the non-volatile memory for storing an attribute identity associated with a group of processors, the attribute identity being different from an identity of the processor.
摘要翻译：这里描述了用于处理器中的属性标识控制的装置，系统和方法。该装置包括一个逻辑单元，该逻辑单元包括一个包括非易失性存储器的射频识别（RFID）标签; 以及可操作以访问所述非易失性存储器的处理器，其中所述非易失性存储器用于存储与一组处理器相关联的属性标识，所述属性标识不同于所述处理器的标识。

4. 发明授权

US08590040B2 Runtime platform firmware verification 有权
标题翻译：运行时平台固件验证
公开(公告)号：US08590040B2
公开(公告)日：2013-11-19
申请号：US12976523
申请日：2010-12-22
申请人： Sergiu D. Ghetie , Shahrokh Shahidzadeh , Michael Neve de Mevergnies , Adil Karrar , Vincent J. Zimmer
发明人： Sergiu D. Ghetie , Shahrokh Shahidzadeh , Michael Neve de Mevergnies , Adil Karrar , Vincent J. Zimmer
IPC分类号： G06F21/00
CPC分类号： G06F21/572
摘要： Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image.In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.
摘要翻译：本发明的实施例针对存储在处理器安全存储器中的逻辑和/或模块来确定第一平台固件映像（例如，基本输入/输出系统（BIOS），设备只读存储器（ROM），可管理性引擎固件）加载到处理器缓存中是有效的。如果判定为有效，则处理器执行第一平台固件映像。如果第一平台图像被确定为无效，则定位第二平台固件图像。如果该平台固件图像被确定为有效，则处理器将执行所述第二平台图像。在本发明的一些实施例中，确定第一平台固件图像是否有效是至少部分地基于与第一平台固件图像相关联的数字签名的验证。可以例如从私钥来创建数字签名，其中通过公钥验证数字签名。

5. 发明申请

US20180096151A1 SYSTEMS, APPARATUSES, AND METHODS FOR PLATFORM SECURITY 审中-公开
公开(公告)号：US20180096151A1
公开(公告)日：2018-04-05
申请号：US15283381
申请日：2016-10-01
申请人： SERGIU D GHETIE , NEERAJ S. UPASANI , SAGAR V. DALVI , DAVID P. TURLEY , JEANNE GUILLORY , MARK D. CHUBB , ALLEN R. WISHMAN , SHAHROKH SHAHIDZADEH
发明人： SERGIU D GHETIE , NEERAJ S. UPASANI , SAGAR V. DALVI , DAVID P. TURLEY , JEANNE GUILLORY , MARK D. CHUBB , ALLEN R. WISHMAN , SHAHROKH SHAHIDZADEH
IPC分类号： G06F21/57 , G06F21/72 , G06F9/44 , G06K7/10
CPC分类号： G06F21/575 , G06F21/72
摘要： Embodiments detailed herein include, but are not limited to, a hardware processor to execute instructions and security circuitry to perform pre-boot operations including signature verification of a portion of firmware in a firmware storage hardware and initiating recovery upon a signature verification failure. The hardware processor comprises a plurality of cores in some embodiments. The hardware processor a multicore processor in some embodiments.

7. 发明授权

US09235719B2 Apparatus, system, and method for providing memory access control 有权
标题翻译：用于提供存储器访问控制的装置，系统和方法
公开(公告)号：US09235719B2
公开(公告)日：2016-01-12
申请号：US13992222
申请日：2011-09-29
申请人： Michael Neve De Mevergnies , Knut S. Grimsrud , Sergiu D. Ghetie , Prasun Ratn , Shahrokh Shahidzadeh
发明人： Michael Neve De Mevergnies , Knut S. Grimsrud , Sergiu D. Ghetie , Prasun Ratn , Shahrokh Shahidzadeh
IPC分类号： G06F21/00 , G06F21/62 , G06F17/30 , G06F21/60 , G06F21/44 , G06F21/56 , G06F21/57 , G06F21/79 , G06F11/14
CPC分类号： G06F21/62 , G06F11/1415 , G06F17/30289 , G06F21/445 , G06F21/568 , G06F21/572 , G06F21/602 , G06F21/6218 , G06F21/79
摘要： Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.
摘要翻译：这里描述了用于提供存储器访问控制以保护软件（例如，固件备份）和其他数据的装置，系统和方法。该方法包括由处理器提供存储器中的保护存储区域，用于存储软件的备份图像; 检测软件中的腐败; 从受保护的存储区域访问软件的备份映像; 以及使用所述备份图像更新所述损坏的软件，其中所述受保护存储区域是所述存储器的保留存储区域。

8. 发明申请

US20150058510A1 VIRTUALIZING INTERRUPT PRIORITY AND DELIVERY 审中-公开
标题翻译：虚拟中断优先和交付
公开(公告)号：US20150058510A1
公开(公告)日：2015-02-26
申请号：US14538941
申请日：2014-11-12
申请人： Gilbert Neiger , Rajesh M. Sankaran , Gideon Gerzon , Richard A. Uhlig , Sergiu D. Ghetie , Michael Neve de Mevergnies , Adil Karrar
发明人： Gilbert Neiger , Rajesh M. Sankaran , Gideon Gerzon , Richard A. Uhlig , Sergiu D. Ghetie , Michael Neve de Mevergnies , Adil Karrar
IPC分类号： G06F13/26 , G06F9/455
CPC分类号： G06F13/26 , G06F9/30076 , G06F9/45541 , G06F9/45558 , G06F13/24 , G06F2009/45579 , G06F2213/0058
摘要： Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.
摘要翻译：公开了用于虚拟化中断优先级和传送的处理器，方法和系统的实施例。在一个实施例中，处理器包括指令硬件和执行硬件。指令硬件是接收多个指令，包括将处理器从根模式传送到非根模式的第一指令，用于在虚拟机中执行客户软件，其中处理器将根据该模式返回到根模式检测多个虚拟机退出事件中的任何一个。执行硬件是执行第一指令，执行第一指令以包括确定第一虚拟处理器优先级值并将第一虚拟处理器优先级值存储在处理器优先级字段的虚拟副本中，其中虚拟副本处理器优先级字段是对应于与中断控制器相关联的物理资源的虚拟资源。

9. 发明申请

US20180189081A1 SELF-MORPHING SERVER PLATFORMS 审中-公开
公开(公告)号：US20180189081A1
公开(公告)日：2018-07-05
申请号：US15396077
申请日：2016-12-30
申请人： Neeraj S. Upasani , Jeanne Guillory , Wojciech Powiertowski , Sergiu D Ghetie , Mohan J. Kumar , Murugasamy K. Nachimuthu
发明人： Neeraj S. Upasani , Jeanne Guillory , Wojciech Powiertowski , Sergiu D Ghetie , Mohan J. Kumar , Murugasamy K. Nachimuthu
IPC分类号： G06F9/445 , H04L12/933 , H04L12/24 , G06F9/44 , G06F15/78
CPC分类号： G06F9/44521 , G06F8/654 , G06F9/4401 , G06F15/7807 , G06F15/7867 , H04L41/0813 , H04L41/5054 , H04L41/5096 , H04L49/109
摘要： Dynamically configurable server platforms and associated apparatus and methods. A server platform including a plurality of CPUs installed in respective sockets may be dynamically configured as multiple single-socket servers and as a multi-socket server. The CPUs are connected to a platform manager component comprising an SoC including one or more processors and an embedded FPGA. Following a platform reset, an FPGA image is loaded, dynamically configuring functional blocks and interfaces on the platform manager. The platform manager also includes pre-defined functional blocks and interfaces. During platform initialization the dynamically-configured functional blocks and interfaces are used to initialize the server platform, while both the pre-defined and dynamically-configured functional blocks and interfaces are used to support run-time operations. The server platform may be used in conventional rack architectures or implemented in a disaggregated rack architecture under which the single-socket and/or multi-socket servers are dynamically composed to employ disaggregated resources, such as memory, storage, and accelerators.

10. 发明申请

US20180097839A1 SYSTEMS, APPARATUSES, AND METHODS FOR PLATFORM SECURITY 审中-公开
公开(公告)号：US20180097839A1
公开(公告)日：2018-04-05
申请号：US15283388
申请日：2016-10-01
申请人： NEERAJ S. UPASANI , SAGAR V. DALVI , WOJCIECH POWIERTOWSKI , SERGIU D GHETIE , WON LEE , JEANNE GUILLORY , CHUKWUNENYE S. NNEBE
发明人： NEERAJ S. UPASANI , SAGAR V. DALVI , WOJCIECH POWIERTOWSKI , SERGIU D GHETIE , WON LEE , JEANNE GUILLORY , CHUKWUNENYE S. NNEBE
IPC分类号： H04L29/06 , H04L9/06
CPC分类号： H04L63/1458 , G06F21/57 , H04L9/0631 , H04L9/0637 , H04L2209/805 , H04L2463/142
摘要： Embodiments detailed herein describe a system comprising a manageability server to generate an encrypted sideband message having at least one command; a server including: a radio frequency identification (RFID) device, the RFID device to include storage to store at least one encrypted sideband message having at least one command, and a security circuit coupled to the RFID device, the security circuit to: retrieve at least one encrypted sideband message from the RFID device storage, decrypt the one encrypted sideband message, determine validity of the decrypted sideband message using information from the decrypted sideband message, and perform an action in response to the at least one command.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式