Execution-aware memory protection

Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.

Remote attestation and enforcement of hardware security policy

Systems, apparatuses and methods may provide for changing the execution mode of a device based on policy enforcement request that is received when the device is located proximately to a specific area. The policy enforcement request is verified with respect to a System on Chip (SoC) platform. An enforcement manager of the SoC platform may enforce the received policy enforcement request if verification is successful, and an attestation controller may report the enforced policy request and a status of the platform to an external device from which the policy request originates. 1. A system comprising:a communication interface;a plurality of platform components including one or more of a cryptographic accelerator, a camera, a microphone, a near-field communication (NFC) device, or a display;a policy verification manager to conduct a verification of a policy request with respect to a platform;an enforcement manager to enforce the policy request if the verification is successful; andan attestation controller to report, via the communication interface, the enforced policy request and a status of one or more of the plurality of platform components to a remote device, wherein the policy request is to originate from the remote device.2. The system of claim 1 , further comprising a processor to control one or more SoC components on the platform.3. The system of claim 2 , wherein the processor is to disable at least one of the one or more SoC components based on a result of the verification.4. The system of claim 1 , wherein conducting the verification includes determining whether the policy request complies with a local base policy.5. The system of claim 1 , further comprising a processor to apply a root of trust to a communication containing the enforced policy request.6. The system of claim 1 , wherein the policy request is to identify one or more of an execution mode change or a requested security policy change.7. The system of claim 1 , wherein the remote device is ...

Dynamic Configuration and Peripheral Access in a Processor

In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

SECURED CREDENTIAL AGGREGATOR

An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction. 1. An apparatus for aggregating secured credentials , the apparatus comprising:a processor; provision a plurality of secured credentials on the apparatus;', 'isolate the secured credentials from each other in the memory; and', 'emulate a selected secured credential from the secured credentials for a transaction., 'a memory comprising code causing the processor to2. The apparatus of claim 1 , comprising:a display; anda user interface that enables selection of the selected secured credential.3. The apparatus of claim 2 , wherein the user interface comprises a button claim 2 , wherein pressing the button when the apparatus is asleep wakes the apparatus.4. The apparatus of claim 3 , wherein subsequent button presses display a representation of each of the secured credentials.5. The apparatus of claim 1 , comprising a biometric sensor that prevents an unauthorized user from using the apparatus.6. The apparatus of claim 1 , comprising a credential interface claim 1 , wherein the credential interface is used for provisioning the secured credentials claim 1 , and emulating the selected secured credential.7. The apparatus of claim 6 , wherein the credential interface comprises smartcard contacts.8. The apparatus of claim 6 , wherein the credential interface comprises an embedded antenna.9. The apparatus of claim 1 , comprising a power source.10. The apparatus of claim 9 , the power source comprising a rechargeable battery.11. The apparatus of claim 10 , comprising a DC switchover mechanism that enables the apparatus to be powered ...

EXECUTION-AWARE MEMORY PROTECTION

Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.

Offline Device Authentication and Anti-Counterfeiting Using Physically Unclonable Functions

The output of a physically unclonable function (PUF) may be processed to reduce its size. The post-processing result is served as a device intrinsic unclonable identifier and is signed by the device manufacturer to create a certificate stored on board the same device that includes the physically unclonable function. This scheme may not require online verification and complex error correction on PUFs in some cases. 1. A method of device authentication using a physically unclonable function comprising:generating a device certificate based on a result of the physically unclonable function; andstoring the certificate on said device.2. The method of including storing the certificate on a device having the physically unclonable function.3. The method of including reducing the signed certificate by randomly grouping the physically unclonable function into a plurality of groups.4. The method of including using majority voting to reduce each group.5. A method comprising:processing the output of a physically unclonable function to reduce a signed certificate derived from the output; andverifying the device by validating the certificate.6. The method of including signing the output with a private key to produce the certificate.7. The method of including reducing the signed certificate by randomly grouping the physically unclonable function into a plurality of groups8. The method of including using majority voting to reduce each group.9. At least one non-transitory computer readable medium storing instructions that enable a computer to:generate a device certificate based on a result of a physically unclonable function;store the certificate; andauthenticate a device using said certificate.10. The medium of further storing instructions to store the certificate on a device having the physically unclonable function.11. The medium of further storing instructions to reduce the signed certificate.12. The medium of further storing instructions to reduce the signed certificate by ...

EXECUTION-AWARE MEMORY PROTECTION

Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space. 1. A processor comprising:an instruction fetch unit to fetch a plurality of instructions for a plurality of applications executing in a multitasking environment;an execution unit to execute the plurality of instruction; and define an instruction region (I-space) in an I-space register and a data region (D-space) in a D-space register;', 'link the I-space to the D-space;', 'receive an instruction address for a first instruction of the plurality of instructions from the instruction fetch unit and a data address of a data access operation for the first instruction from the execution unit;', 'determine whether the instruction address and data address are within the I-space defined by the I-space register and within the D-space defined the D-space register; and', 'issue a memory protection fault for the data access operation when the instruction address and data address are not within the I-space and D-space., 'a memory protection unit (MPU) to enforce memory access control for the plurality of applications, wherein the MPU is operable to2. The processor of claim 1 , wherein the MPU comprises fault logic operable to receive the I-space claim 1 , D-space claim 1 , instruction address claim 1 , and data address.3. The ...

POST-PROCESSING MECHANISM FOR PHYSICALLY UNCLONABLE FUNCTIONS

In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value. 1. An integrated circuit comprising: receive a PUF response having a plurality of bits;', 'determine whether a record exists for bit among the plurality of bits in the PUF response, wherein the record comprises a stored bit location and a stored bit value corresponding to the stored bit location; and', 'override a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exist for the bit in the PUF response, wherein the bit value of the bit in the PUF response is different from the stored bit value., 'a physically unclonable function (PUF) unit comprising an adaptive PUF logic to2. The integrated circuit of wherein the determine comprises compare a bit location of the bit in the PUF response with the stored bit location.3. The integrated circuit of wherein the adaptive PUF logic to perform an error correction to the PUF response to generate a corrected PUF response when it is determined that the record does not exist for the bit in the PUF response claim 1 , wherein the corrected PUF response comprise a plurality of modified bits.4. The integrated circuit of wherein the adaptive PUF logic ...

DARK BITS TO REDUCE PHYSICALLY UNCLONABLE FUNCTION ERROR RATES

Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array. 1. An integrated circuit comprising:a physically unclonable function (PUF) cell array to provide a raw PUF value; anddark bit logic to select PUT cells to mark as dark bits, wherein the dark bit logic is to generate a dark bit mask based on repeated testing of each PUF cell.2. The integrated circuit of claim 1 , further comprising a non-volatile memory in which to store a dark bit map based on an output of the dark bit logic.3. The integrated circuit of claim 1 , wherein the dark bit logic includes:a first storage location to store a first raw PUF value;a second storage location to store a second raw PUF value; anda comparator to compare the first raw PUF value to the second raw PUF value.4. The integrated circuit of claim 3 , wherein:the first raw PUF value is to be measured under a first condition; andthe second raw PUF value is to be measured under a second condition.5. The integrated circuit of claim 4 , wherein the comparator is to select a PUF cell to mark as a dark bit if the comparator determines that the first raw PUF value for the PUF cell is different from the second raw PUF value for the PUF cell.6. The integrated circuit of claim 3 , further comprising a dark bit mask storage location to store the dark bit mask claim 3 , wherein the comparator has a comparator output claim 3 , the dark bit mask storage location has a dark bit mask input and a dark bit mask output claim 3 , and the dark bit masked input is based on a logical OR operation of the comparator output and the dark bit mask output.7. The integrated circuit of claim 1 , further comprising PUF bit ...

Photon emission attack resistance driver circuits

Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.

DEVICE AUTHENTICATION USING A PHYSICALLY UNCLONABLE FUNCTIONS BASED KEY GENERATION SYSTEM

At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails. 1. At least one machine accessible storage medium having instructions stored thereon for certifying a hardware device , the instructions when executed by a processor cause the processor to:receive two or more device keys from a physically unclonable function (PUF) on the hardware device;generate a device identifier from the two or more device keys;generate a digital signature based on the device identifier and a private key;create a device certificate based on the device identifier and the digital signature; andstore the device certificate in a memory element.2. The at least one machine accessible storage medium of claim 1 , wherein the physically unclonable function is configured on the hardware device to generate the two or more device keys claim 1 , and wherein the keys uniquely identify the hardware device.3. The at least one machine accessible storage medium of claim 1 , wherein the memory element is a non-volatile memory element included in the hardware device with the physically unclonable function.4. The at least one machine accessible storage medium of claim 1 , wherein the two or more device keys include ...

GROUPING OF PHYSICALLY UNCLONABLE FUNCTIONS

A physically unclonable function (PUF) includes a plurality of PUF elements to generate an N-bit PUF signature. For each bit in the N-bit PUF signature, a PUF group of K number of individual PUF elements indicating a single-bit PUF value is used to generate a group bit. The group bits are more repeatable than the individual PUF elements. The value K may be selected such that (K+)/ is an odd number. 1. An electronic device , comprising:a plurality of physically unclonable function (PUF) elements to indicate a corresponding plurality of single-bit PUF values;signature logic to generate an N-bit PUF signature, wherein the PUF signature includes a group bit from each of N groups of the plurality of PUF elements, and wherein a value of the group bit for a PUF group indicates a value associated with a majority of the PUF elements in the PUF group; andan output to read the N-bit PUF signature.2. The electronic device of claim 1 , wherein the value of the group bit for a PUF group is determined based on values of a subset of the PUF elements in the PUF group.3. The electronic device of claim 2 , wherein the subset of PUF elements includes PUF elements that indicated a first majority value during an initial reading of the signature logic.4. The electronic device of claim 3 , wherein the value of the group bit for a PUF group is determined by a second majority value comprising a value indicated by a majority of PUF elements in the subset.5. The electronic device of claim 4 , further comprising an output to:store a mask indicating which PUF group elements comprise the subset of PUF elements; andstore the first majority value.6. The electronic device of claim 1 , wherein each of the PUF groups includes K bits claim 1 , where K is an integer greater than 0.7. The electronic device of claim 6 , wherein (K+1)/2 is an odd integer.8. The electronic device of claim 1 , wherein the N-bit PUF signature is repeatable at a higher reliability than at least some of the plurality of PUF ...

Dynamic configuration and peripheral access in a processor

In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Using dark bits to reduce physical unclonable function (puf) error rate without storing dark bits location

Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.

Lightweight trusted tasks

Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.

PHYSICALLY UNCLONABLE FUNCTION REDUNDANT BITS

Embodiments of an invention for using physically unclonable function redundant bits are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and redundancy logic. The PUF cell array includes a plurality of redundant cells and is to provide a raw PUF value. The redundancy logic is to generate a redirection list to be used to replace each of one or more bits of the raw PUF value with a redundant bit value from one of the redundant cells. 1. An integrated circuit comprising:a physically unclonable function (PUF) cell array to provide a raw PUF value, the PUF cell array including a plurality of redundant cells; andredundancy logic to generate a redirection list to be used to replace each of one or more bits of the raw PUF value with a redundant bit value from one of the redundant cells.2. The integrated circuit of claim 1 , further comprising a non-volatile memory in which to store the redirection list.3. The integrated circuit of claim 1 , wherein the redundancy logic includes:a first storage location to store a first raw PUF value;a second storage location to store a second raw PUF value; anda comparator to compare the first raw PUF value to the second raw PUF value.4. The integrated circuit of claim 3 , wherein the comparator is to identify a PUF cell as a bad bit if the comparator determines that the first raw PUF value for the PUF cell is different from the second raw PUF value for the PUF cell.5. The integrated circuit of claim 4 , wherein the redundancy logic also includes a bad bit mask storage location to store a had bit mask claim 4 , wherein the comparator has a comparator output claim 4 , the had bit mask storage location has a bad bit mask input and a bad bit mask output claim 4 , and the had bit mask input is based on a bitwise logical OR operation on the comparator output and the bad bit mask output.6. The integrated circuit of claim 4 , wherein the redundancy logic also includes a new bad bits storage location to store a new bad ...

APPARATUS, SYSTEM AND METHOD OF PROTECTING DOMAINS OF A MULTIMODE WIRELESS RADIO TRANSCEIVER

Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver. 1. An apparatus comprising:a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of said configuration software, wherein said protection domain includes one or more radio configuration parameters of said multimode wireless radio transceiver.2. The apparatus of claim 1 , wherein said PDC is to enable said configuration software to access said radio configuration parameters to configure said multimode wireless radio transceiver based on said security level.3. The apparatus of claim 1 , wherein said configuration software includes a launch policy claim 1 , and wherein said PDC is to determine said protection domain based on said launch policy.4. The apparatus of claim 3 , wherein said configuration software includes a code to configure said multimode radio transceiver claim 3 , data to configure said radio configuration parameters claim 3 , a public verification key claim 3 , and a digital signature verifying said code and said data.5. The apparatus of claim 4 , wherein said PDC is to validate said digital signature with one or more stored verification keys.6. The apparatus of claim 1 , wherein said plurality of protection domains includes at least three different protection domains.7. The apparatus of claim 6 , wherein said three protection domains include an unprivileged ...

Circuits And Methods For Voltage Detection In Integrated Circuits

A voltage detection circuit includes a tunable delay circuit that receives a supply voltage and that generates a delayed signal in response to an input signal. A control circuit causes a first adjustment in a delay provided by the tunable delay circuit to the delayed signal. An error detection circuit generates an error indication in an error signal in response to a change in a timing of the delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the delayed signal. The control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the delayed signal in response to the error indication. The error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay. 1. A voltage detection circuit comprising:a tunable delay circuit that generates a first delayed signal in response to an input signal, wherein the tunable delay circuit receives a supply voltage;a control circuit that causes a first adjustment in a delay provided by the tunable delay circuit to the first delayed signal; andan error detection circuit that generates an error indication in an error signal in response to a change in a timing of the first delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the first delayed signal,wherein the control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the first delayed signal in response to the error indication, and wherein the error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay.2. The voltage detection circuit of claim 1 , wherein the error detection circuit is an error detection sequential circuit comprising:a latch circuit that stores values of a second delayed signal as the input signal in response to the clock ...

Programmable integrated circuit configured as a remote trust anchor to support multitenancy

A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

CONTEXT-SENSITIVE INTERRUPTS

Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment. 1. An apparatus for computing , comprising:a computer processor, a memory, and a hardware exception unit; anda context-sensitive interrupt instantiation module to instantiate an interrupt of a process executed by the computer processor in a compartment, wherein to instantiate the interrupt, the context-sensitive interrupt instantiation module is to create an interrupt gate entry in an interrupt dispatch table (“IDT”), wherein the interrupt gate entry is to be resolved at runtime according to a then-active compartment, independent of other compartments, to trigger the interrupt and interrupt the process upon detection of an interrupt signal by the hardware exception unit.2. The apparatus according to claim 1 , wherein the context-sensitive interrupt instantiation module is to create the interrupt gate entry in the IDT to invoke a context-sensitive local descriptor table record (“context-sensitive LDT record”) claim 1 , wherein the context-sensitive interrupt instantiation module is to program the context-sensitive LDT record with a memory segment descriptor claim 1 , wherein the memory segment descriptor identifies an interrupt service routine (“ISR”) code and data of the interrupt.3. The apparatus according to claim 2 , wherein the context-sensitive interrupt instantiation module is to instantiate a plurality of interrupts claim 2 , wherein at least two of the plurality of interrupts comprise memory segment descriptors claim 2 , wherein the memory segment descriptors point to a common memory location claim 2 , wherein the common memory location comprises the ISR code and data of the interrupt claim 2 , and wherein an integrity ...

Circuits And Methods For Supply Voltage Detection And Timing Monitoring

A detection circuit includes a tunable delay circuit that generates a delayed signal and that receives a supply voltage. The detection circuit includes a control circuit that adjusts a delay provided by the tunable delay circuit to the delayed signal. The detection circuit includes a time-to-digital converter circuit that converts the delay provided by the tunable delay circuit to the delayed signal to a digital code and adjusts the digital code based on changes in the supply voltage. The control circuit causes the tunable delay circuit to maintain the delay provided to the delayed signal constant in response to the digital code reaching an alignment value. The detection circuit may continuously monitor timing margin of a data signal relative to a clock signal and update the digital code in every clock cycle. The detection circuit may be a security sensor that detects changes in the supply voltage.

Dark bits to reduce physically unclonable function error rates

Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array.

Enabling secure state-clean during configuration of partial reconfiguration bitstreams on FPGA

An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.

Transparent network access control for spatial accelerator device multi-tenancy

An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

Computational storage in a function-as-a-service architecture

Various systems and methods for implementing computational storage are described herein. An orchestrator system is configured to: receive, at the orchestrator system, a registration package, the registration package including function code, a logical location of input data for the function code, and an event trigger for the function code, the event trigger set to trigger in response to when the input data is modified; interface with a storage service, the storage service to monitor the logical location of the input data and notify a location service when the input data is modified; interface with the location service to obtain a physical location of the input data, the location service to resolve the physical location from the logical location of the input data; and configure the function code to execute near the input data

Enabling secure state-clean during configuration of partial reconfiguration bitstreams on fpga

An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.

Runtime fault detection, fault location, and circuit recovery in an accelerator device

An apparatus to facilitate runtime fault detection, fault location, and circuit recovery in an accelerator device is disclosed. In one implementation, the accelerator device comprises a sensor network comprising a plurality of sensors; a secure device manager (SDM); and a sensor aggregator communicably coupled to the sensor network and the SDM. In one implementation, the sensor aggregator can receive sensor data from the sensor network; analyze the sensor data to detect a fault condition; determine a spatial location of the fault condition based on the sensor data; and generate an event for the SDM to cause the SDM to mitigate the fault condition.

Circuits and methods for voltage detection in integrated circuits

A voltage detection circuit includes a tunable delay circuit that receives a supply voltage and that generates a delayed signal in response to an input signal. A control circuit causes a first adjustment in a delay provided by the tunable delay circuit to the delayed signal. An error detection circuit generates an error indication in an error signal in response to a change in a timing of the delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the delayed signal. The control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the delayed signal in response to the error indication. The error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay.

Dynamic configuration and peripheral access in a processor

In various implementations, a system includes a memory, a processor, and an execution- aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Dynamic configuration and peripheral access in a processor

In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Programmable integrated circuit configured as a remote trust anchor to support multitenancy

A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

Transparent network access control for spatial accelerator device multi-tenancy

An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

Enabling secure communication via attestation of multi-tenant configuration on accelerator devices

An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); verify partial reconfiguration (PR) boundary setups and PR isolation of an accelerator device, the PR boundary setups and PR isolation published by the CSP; generate PR bitstream to fit within at least one PR region of the PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

Intent-based orchestration in heterogenous compute platforms

Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload 5 request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry. 10

Device authentication using a physically unclonable functions based key generation system

At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.

Secured credential aggregator

An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction.

Photon emission attack resistance driver circuits

Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.

Broadcast remote sealing for scalable trusted execution environment provisioning

An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.

Enabling secure state-clean during configuration of partial reconfiguration bitstreams on fpga

An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to perform, as part of a PR configuration sequence for a new partial reconfiguration (PR) persona corresponding to a PR bitstream, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation.

Reputation management and intent-based security mechanisms

Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein. A system for implementing intent-driven security mechanisms, configured to: determine, based on a risk tolerance intent related to execution of an application on a compute node, whether execution of a software-implemented operator requires a trust evaluation; and in response to determining that the software-implemented operator requires the trust evaluation: obtain a reputation score of the software-implemented operator; determine a minimum reputation score from the risk tolerance intent; compare the reputation score of the software-implemented operator to the minimum reputation score; and reject or permit execution of the software-implemented operator based on the comparison

Fast memory for programmable devices

An integrated circuit device may include a programmable fabric die having programmable logic fabric and configuration memory that may configure the programmable logic fabric. The integrated circuit device may also include a base die that may provide fabric support circuitry, including memory and/or communication interfaces as well as compute elements that may also be application-specific. The memory in the base die may be directly accessed by the programmable fabric die using a low-latency, high capacity, and high bandwidth interface.

Fast memory for programmable devices

An integrated circuit device may include a programmable fabric die having programmable logic fabric and configuration memory that may configure the programmable logic fabric. The integrated circuit device may also include a base die that may provide fabric support circuitry, including memory and/or communication interfaces as well as compute elements that may also be application-specific. The memory in the base die may be directly accessed by the programmable fabric die using a low-latency, high capacity, and high bandwidth interface.

Broadcast remote sealing for scalable trusted execution environment provisioning

An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.

Enabling late-binding of security features via configuration security controller for accelerator devices

An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to manage security and configuration of the apparatus, wherein the security controller comprises a programmable portion and a non-programmable portion, and wherein the security controller is further to: initialize the programmable portion of the security controller as part of a secure boot and attestation chain of trust; receive configuration data for the programmable portion of the security controller, the programmable portion comprising components of the security controller capable of re-programming; verify and validate the configuration data as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program, during runtime of the apparatus, the programmable portion of the security controller using configurations that are based on a security threat model for a given deployment.

Enabling secure communication via attestation of multi-tenant configuration on accelerator devices

An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); generate a partial reconfiguration (PR) bitstream based on the base bitstream, the PR bitstream to fit within at least one PR region of PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

Intent-based orchestration in heterogenous compute platforms

Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry.

Secured credential aggregator

Secured credential aggregator

An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction.

Execution-aware memory protection

Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space.

Enabling late-binding of security features via configuration security controller for accelerator devices

An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to initialize as part of a secure boot and attestation chain of trust; receive configuration data for portions of the security controller, the portions comprising components of the security controller capable of re-programming; verify and validate the configuration data to as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program the portions of the security controller based on the configuration data.

Apparatus, system and method of protecting domains of a multimode wireless radio transceiver

Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver.

Broadcast remote sealing for scalable trusted execution environment provisioning

An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.

Dynamic configuration and peripheral access in a processor

Programmable integrated circuit configured as a remote trust anchor to support multitenancy

A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

Programmable integrated circuit configured as a remote trust anchor to support multitenancy

A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

Dynamic configuration and peripheral access in a processor

In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Execution-aware memory protection

Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space.