Patent application number | Description | Published |
20090083532 | Verifying a trusted SMI handler - A trusted system management interrupt handler may be verified by first locating a signed system management interrupt handler image in system memory. The digital signature of the signed system management interrupt handler image is verified. An existing basic input/output system management interrupt handler is erased and replaced with a new system management interrupt handler image. Then an analysis is done of the system management interrupt handler message is to determine whether to continue to launch. | 03-26-2009 |
20100058075 | METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state. | 03-04-2010 |
20100058076 | METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state. | 03-04-2010 |
20100192150 | EXCLUSIVE ACCESS FOR SECURE AUDIO PROGRAM - Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition. | 07-29-2010 |
20140181794 | SYSTEM AND METHOD FOR CORRECT EXECUTION OF SOFTWARE - In an embodiment a software application may include a “baseline trace” indicating proper application execution. The baseline trace may include counts for various types of instructions (e.g., how many times each of a LR instruction and a MV instruction occurs during an execution of code). The finished application includes the baseline trace. Upon execution the application randomly selects which of the various types of instructions to count during execution (e.g., LR or MV instruction) to produce a “real time trace”. The application executes and produces the real-time trace. The baseline trace is then compared to the real-time trace, which is specific to the randomly chosen type of instruction. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are described herein. | 06-26-2014 |
Patent application number | Description | Published |
20080244261 | SEPARATION OF LOGICAL TRUSTED PLATFORM MODULES WITHIN A SINGLE PHYSICAL TRUSTED PLATFORM MODULE - A device, method, and system are disclosed. In one embodiment, the device includes storage to contain more than one trust root, and logic to associate each command ordinal sent to the device with one of the trust roots. | 10-02-2008 |
20080244292 | Method and Apparatus to Re-create trust model after sleep state - A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed. | 10-02-2008 |
20090259845 | System and method for execution of a secured environment initialization instruction - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 10-15-2009 |
20100150351 | Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service - Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system. | 06-17-2010 |
20100262823 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 10-14-2010 |
20100281255 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 11-04-2010 |
20120030730 | PROVIDING A MULTI-PHASE LOCKSTEP INTEGRITY REPORTING MECHANISM - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 02-02-2012 |
20120216025 | SYSTEM AND METHOD FOR EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 08-23-2012 |
20120239906 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 09-20-2012 |
20130205127 | SYSTEM AND METHOD FOR EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 08-08-2013 |
20130254905 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 09-26-2013 |
20130283369 | Providing A Multi-Phase Lockstep Integrity Reporting Mechanism - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 10-24-2013 |
20140095936 | System and Method for Correct Execution of Software - In an embodiment of the invention an application provider may include “tracing elements” in a target software application. While working with the application the trace elements are detected and provide a “baseline trace” indicating proper application execution. The provider then supplies the application, which still includes the trace elements, and the baseline trace to a user. The user operates the application to produce a “real-time trace” based on the application still having trace elements that produce trace events. A comparator then compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. If the level of assurance is low, an embodiment may trigger a hardware interrupt or similar event to prevent further execution of software. Other embodiments are described herein. | 04-03-2014 |
20140143608 | SYSTEM AND METHOD FOR DETERMINING EXECUTION OF SOFTWARE - An embodiment provides a level of assurance regarding correct operation of software. An embodiment creates baseline and real-time measurements of software and compares the measurements to determine whether the software is operating correctly. An application provider may include “tracing elements” in target software application. While producing the application the trace elements are detected and provide trace events, which collectively provide a “baseline trace” indicating proper application execution. The provider supplies the application and the baseline trace to a user. The user operates the application in real-time to produce a “real-time trace” based on the application still having trace elements that produce trace events (which collectively form the “real-time” trace). A comparator compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are included herein. | 05-22-2014 |
20140281467 | SYSTEM AND METHOD FOR EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 09-18-2014 |
20140359754 | Providing A Multi-Phase Lockstep Integrity Reporting Mechanism - In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. | 12-04-2014 |
20150059007 | Launching A Secure Kernel In A Multiprocessor System - In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example. | 02-26-2015 |