SYSTEMS AND METHODS TO REJUVENATE NONVOLATILE MEMORY USING TIMESTAMPS

Apparatus, systems, and methods to implement boot operations in nonvolatile storage devices can include, in one example, a controller comprising logic to receive a power down instruction, record a timestamp associated with the power down instruction, and store the timestamp in a nonvolatile memory table communicatively coupled to the controller. Other examples are also disclosed and claimed. 1. An electronic device , comprising:at least one processor; and a nonvolatile memory; and', receive a power down instruction;', 'record a timestamp associated with the power down instruction; and', 'store the timestamp in a metadata table communicatively coupled to the controller;', 'retrieve a rejuvenation policy from a remote device;', 'read the timestamp from the metadata table communicatively coupled to the controller;', 'determine whether to implement a rejuvenation operation based, at least in part, on the timestamp and the rejuvenation policy;', 'set a status bit in a control register accessible to the remote device to a first value in response to a determination not to implement the rejuvenation operation; and', 'set a status bit in the control register accessible to the remote device to a second value in response to a determination to implement the rejuvenation operation., 'a controller coupled to the at least one storage device and comprising logic, at least partially including hardware logic, to], 'at least one storage device comprising24-. (canceled)5. The electronic device of claim 1 , wherein the controller comprises logic claim 1 , at least partially including hardware logic claim 1 , to:implement an accelerated refresh operation on the nonvolatile memory in response to a determination to implement the rejuvenation operation.6. The electronic device of claim 5 , wherein the controller comprises logic claim 5 , at least partially including hardware logic claim 5 , to:reduce at least one operating parameter of the storage device in response to the determination to ...

Hardware protection of virtual machine monitor runtime integrity watcher

An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.

Layered virtual machine integrity monitoring

Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed.

Processor that detects when system management mode attempts to reach program code outside of protected space

A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting.

SECURE TUNNELING ACCESS TO DEBUG TEST PORTS ON NON-VOLATILE MEMORY STORAGE UNITS

Systems, apparatuses and methods may provide for receiving one or more debug communications and programming, via a bus, a set of debug registers with debug information corresponding to the one or more debug communications. Additionally, tunnel logic hardware may be instructed to transfer the debug information from the set of debug registers to one or more test access ports of an intelligent device such as a non-volatile memory storage unit having a microcontroller. In one example, if it is detected that debug permission has been granted during a boot process, a control status register may be unlocked. If, on the other hand, the debug permission is not detected during the boot process, the control status register may be locked. Accordingly, an enable bit of the control status register may be used to activate the tunnel logic hardware only if the control status register is unlocked. 1. A system comprising:a non-volatile memory storage unit including a microcontroller and one or more test access ports;a bus;tunnel logic hardware coupled to at least one of the one or more test access ports;a set of debug registers coupled to the bus; and an input port to receive one or more debug communications,', 'a register manager to program, via the bus, the set of debug registers with debug information corresponding to the one or more debug communications, and', 'a trigger component to instruct the tunnel logic hardware to transfer the debug information from the set of debug registers to the one or more test access ports., 'a converter including,'}2. The system of claim 1 , further including a control status register claim 1 , wherein the converter includes a permission manager to detect that debug permission has been granted during a boot process claim 1 , unlock the control status register in response to detection of the debug permission being granted during the boot process claim 1 , and lock the control status register if the debug permission is not detected during the boot ...

BLOCK STORAGE APERTURES TO PERSISTENT MEMORY

Apparatus and methods for accessing a non-volatile memory (NVM) device in a computer system that includes at least one host processor and at least one memory bus. The NVM device is communicably coupleable to the memory bus through an NVM device controller, thereby allowing the host processor to access persistent data storable within the NVM device by issuing one or more memory load/store commands to the NVM device controller over the memory bus. Because the NVM device controller includes at least one block window or aperture that defines at least one address range for accessing the persistent data storable within the NVM device, the computer system can exploit the full capacity of the NVM device without being unduly constrained by physical addressing limits imposed by the host processor, or by limits imposed by an operating system executed by the host processor. 125-. (canceled)26. A method of accessing block data storable within a non-volatile memory (NVM) device in a computer system , the computer system including at least one host processor and at least one memory bus , the method comprising:receiving, at a controller over the memory bus, at least one first command from the host processor, the first command including one of a memory load command and a memory store command, the first command further including a logical address, the controller including at least one block window defining at least one address range for accessing the block data storable within the NVM device;translating, by the controller, the logical address included in the first command to a physical address within the NVM device, the logical address conforming to at least a portion of the address range defined by the block window; andaccessing, by the controller, the block data at the physical address within the NVM device.27. The method of wherein the controller further includes at least one command register associated with the at least one block window claim 26 , and wherein the receiving of the ...

Secure tunneling access to debug test ports on non-volatile memory storage units

Systems, apparatuses and methods may provide for receiving one or more debug communications and programming, via a bus, a set of debug registers with debug information corresponding to the one or more debug communications. Additionally, tunnel logic hardware may be instructed to transfer the debug information from the set of debug registers to one or more test access ports of an intelligent device such as a non-volatile memory storage unit having a microcontroller. In one example, if it is detected that debug permission has been granted during a boot process, a control status register may be unlocked. If, on the other hand, the debug permission is not detected during the boot process, the control status register may be locked. Accordingly, an enable bit of the control status register may be used to activate the tunnel logic hardware only if the control status register is unlocked.

HARDWARE PROTECTION OF VIRTUAL MACHINE MONITOR RUNTIME INTEGRITY WATCHER

An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. 1. An apparatus , comprising:a set of one or more hardware range registers to protect a contiguous memory space that is to store a virtual machine monitor (VMM) runtime integrity watcher, wherein the set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space; andthe VMM runtime integrity watcher, when executed, is to perform an integrity check on a VMM during runtime of the VMM.2. The apparatus of claim 1 , further comprising:a hardware timer to generate an event to invoke execution of the VMM runtime integrity watcher during runtime of the VMM.3. The apparatus of claim 2 , wherein execution of the VMM is preempted upon the event being generated.4. The apparatus of claim 1 , wherein the VMM runtime integrity watcher is further to claim 1 , when executed claim 1 , report results of the integrity check.5. The apparatus of claim 4 , wherein the VMM runtime integrity watcher is to report results of the integrity check to one of a system management application and a cloud management application.6. The apparatus of claim 4 , further comprising:a set of one or more hardware reporting registers; andwherein the VMM runtime integrity watcher is to write to the set of hardware reporting registers to indicate whether the VMM has been compromised.7. The apparatus of claim 6 , wherein the set of hardware reporting registers are writable only by the VMM runtime integrity watcher ...

METHODS AND APPARATUSES FOR RECOVERING USAGE OF TRUSTED PLATFORM MODULE

Methods and systems to perform platform security in conjunction with hardware-base root of trust logic are presented. In one embodiment, a method includes determining whether a status from an authenticated code module is indicative of an error or not. The method further includes determining whether the hardware-based root of trust logic is enabled based on content in a non-volatile memory location. If the hardware-based root of trust is enabled and the status is indicative of an error, the method further includes writing to the non-volatile memory location to disable hardware-based root of trust logic during a next boot sequence. In one embodiment, a platform initializes and uses the trusted platform module in conjunction with the hardware-based root of trust logic or with a platform-based root of trust logic. 1. A method comprising:determining whether a status from a first authenticated code module is indicative of an error;determining whether first root of trust logic is enabled based at least in part on content in a non-volatile memory location; andwriting to the non-volatile memory location to disable the first root of trust logic in a next boot sequence if the status is indicative of the error and the first root of trust logic is enabled.2. The method of claim 1 , wherein the first root of trust logic is to perform processor-based root of trust.3. The method of claim 1 , wherein the first authenticated code module is a start-up authenticated code module which is a part of processor-based root of trust logic.4. The method of claim 1 , wherein the non-volatile memory location is modifiable by a firmware module which is a part of a basic input/output system or a unified extensible firmware interface.5. The method of claim 1 , further comprising causing hardware reset if the status is indicative of the error.6. The method of claim 1 , further comprising performing claim 1 , by second root of trust logic a trusted platform process on extended components if there is ...

Controlling Memory Redundancy In A System

In one embodiment, the present invention provides an ability to handle an error occurring during a memory migration operation in a high availability system. In addition, a method can be used to dynamically remap a memory page stored in a non-mirrored memory region of memory to a mirrored memory region. This dynamic remapping may be responsive to a determination that the memory page has been accessed more than a threshold number of times, indicating a criticality of information on the page. Other embodiments are described and claimed. 1. A system comprising:a first processor;a second processor;a first memory controller to couple the first processor to a first portion of a system memory; anda second memory controller to couple the second processor to a second portion of the system memory, wherein the first memory controller is to cause a migration of information stored in the first portion of the system memory to the second portion of the system memory and update a redundant memory aperture storage of the first memory controller to indicate an amount of the information migrated from the first portion of the system memory to the second portion of the system memory, determine whether an error incurred during a memory access request of an operating system (OS)-controlled thread to the first portion of the system memory occurred in a region of the first portion of the system memory that has been migrated to the second portion of the system memory and if so retry the memory access request to the second portion of the system memory, otherwise signal an uncorrectable memory error.2. The system of claim 1 , wherein the first processor is to insert an identifier for a first memory page in a list of pages to be migrated to the first portion.3. The system of claim 2 , wherein the first processor is to first remap a second memory page from the first portion to a non-mirrored memory portion of the system memory before remapping the first memory page to the first portion claim 2 , ...

HARDWARE PROTECTION OF VIRTUAL MACHINE MONITOR RUNTIME INTEGRITY WATCHER

An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. 1. An apparatus , comprising:a set of one or more hardware range registers to protect a contiguous memory space that is to store a virtual machine monitor (VMM) runtime integrity watcher, wherein the set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space; andthe VMM runtime integrity watcher, when executed, is to perform an integrity check on a VMM during runtime of the VMM.2. The apparatus of claim 1 , further comprising:a hardware timer to generate an event to invoke execution of the VMM runtime integrity watcher during runtime of the VMM.3. The apparatus of claim 2 , wherein execution of the VMM is preempted upon the event being generated.4. The apparatus of claim 1 , wherein the VMM runtime integrity watcher is further to claim 1 , when executed claim 1 , report results of the integrity check.5. The apparatus of claim 4 , wherein the VMM runtime integrity watcher is to report results of the integrity check to one of a system management application and a cloud management application.6. The apparatus of claim 4 , further comprising:a set of one or more hardware reporting registers; andwherein the VMM runtime integrity watcher is to write to the set of hardware reporting registers to indicate whether the VMM has been compromised.7. The apparatus of claim 6 , wherein the set of hardware reporting registers are writable only by the VMM runtime integrity watcher ...

PROCESSOR THAT DETECTS WHEN SYSTEM MANAGEMENT MODE ATTEMPTS TO REACH PROGRAM CODE OUTSIDE OF PROTECTED SPACE

A method is described that includes detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of the system management program code again information that defines confines of the protection region. The method also includes raising an error signal in response to the detecting. 1. A method , comprising:detecting that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of said system management program code again information that defines confines of said protection region; and,raising an error signal in response to said detecting.2. The method of wherein said information is stored in control register space.3. The method of wherein said error signal includes setting a value in said control register space.4. The method of wherein said method further comprisesnot raising an error signal even though a second memory access instruction for program code targets memory space outside of said protected region because said second memory access instruction is being fetched as a consequence of speculation.5. The method of further comprising raising an error signal because said speculation is deemed to have been correct.6. The method of further comprising storing second information pertaining to said memory access instruction and storing an address where said second information is stored.7. The method of wherein said address is stored in control register space.8. A semiconductor chip claim 6 , comprising:an instruction execution pipeline having logic circuitry to detect that a memory access of system management mode program code is attempting to reach program code outside of a protected region of memory by comparing a target memory address of a memory access instruction of said system ...

TUNNELING PLATFORM MANAGEMENT MESSAGES THROUGH INTER-PROCESSOR INTERCONNECTS

Methods and apparatus for tunneling platform management messages through inter-processor interconnects. Platform management messages are received from a management entity such as a management engine (ME) at a management component of a first processor targeted for a managed device operatively coupled to a second processor. Management message content is encapsulated in a tunnel message that is tunneled from the first processor to a second management component in the second processor via a socket-to-socket interconnect link between the processors. Once received at the second management component the encapsulated management message content is extracted and the original management message is recreated. The recreated management message is then used to manage the targeted device in a manner similar to if the ME was directly connected to the second processor. The disclosed techniques enable management of platform devices operatively coupled to processors in a multi-processor platform via a single management entity. 1. A method comprising:in a platform including a plurality of processors, facilitating communication of platform management messages between management logic in the plurality of processors to enable management of components embedded in and/or devices operatively coupled to the plurality of processors via a management entity coupled to a first processor of the plurality of processors.2. The method of claim 1 , wherein the management messages comprise Peripheral Component Interconnect Express (PCIe) management messages.3. The method of claim 2 , wherein PCIe comprises a first interconnect protocol claim 2 , the method further comprising tunneling PCIe management messages between processors using a second interconnect protocol.4. The method of claim 3 , wherein the PCIe management messages are tunneled between processors using QuickPath Interconnect (QPI) tunnel messages sent between processors over at least one socket-to-socket QPI link.5. The method of claim 4 , ...

Monitoring resource usage by a virtual machine

Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for tracking per-virtual machine (“VM”) resource usage independent of a virtual machine monitor (“VMM”). In various embodiments, a first logic unit may associate one or more virtual central processing units (“vCPUs”) operated by one or more physical processing units of a computing device with a first VM of a plurality of VMs operated by the computing device, and collect data about resources used by the one or more physical processing units to operate the one or more vCPUs associated with the first VM. In various embodiments, a second logic unit of the computing device may determine resource-usage by the first VM based on the collected data. In various embodiments, the first and second logic units may perform these functions independent of a VMM of the computing device.

Logging errors in error handling devices in a system

An error handling device logs errors in a computing system including a plurality of devices connected to the error handling device. The error handling device provides groups of error registers. Each group of error registers is associated with a value of a plurality of values. Each of the devices that communicate errors to the error handling device are associated with one of the values. The error handling device receives error messages from the devices connected to the error handling device and for each received error message of the received error messages, determines a value of the plurality of values associated with the device transmitting the received error message, determines the group of error registers associated with the determined value, and log the received error message in the determined group of error registers.

TECHNOLOGIES FOR CACHING PERSISTENT TWO-LEVEL MEMORY DATA

Technologies for caching persistent two-level memory (2LM) data include a memory and a processor. The memory includes a volatile memory device and a non-volatile memory device. The processor determines a persistent memory address space for persistent 2LM data and determines one or more non-volatile memory devices that the persistent memory address space is mapped to. The processor further configures the persistent memory address space of the non-volatile memory device to operate in a persistent 2LM mode and further configures an operating system to cache accesses to persistent memory address space in volatile memory. 1. A compute device for caching persistent two-level memory (2LM) data comprising:a memory including one or more volatile memory devices and one or more non-volatile memory devices; and determine a persistent memory address space for persistent 2LM data and one or more non-volatile memory devices that the persistent memory address space is mapped to, wherein each non-volatile memory device contains the persistent 2LM data;', 'configure the persistent memory address space of the non-volatile memory device to operate in a persistent two-level memory (2LM) mode in which application data written to the persistent memory address space is reusable across power cycles; and', 'configure an operating system to cache accesses to the persistent memory address space in the volatile memory, wherein to configure the operating system comprises to configure an address decoder to convert from a first mode of operation for the persistent memory address space to a second mode of operation for the persistent memory address space to cache accesses to the persistent memory address space in the volatile memory., 'a processor to2. (canceled)3. The compute device of claim 2 , wherein the first mode of operation is the persistent 2LM mode for storing the persistent 2LM data in the non-volatile memory claim 2 , and the second mode of operation is a caching mode for caching the ...

Host-managed coherent device memory

A system or a device can include a processor core comprising one or more hardware processors; a processor memory to cache data; a memory link interface to couple the processor core with one or more attached memory units; and a platform firmware to determine that a device is connected to the processor core across the memory link interface; determine that the device comprises an attached memory; determine a range of at least a portion of the attached memory available for the processor core; map the range of the portion of the attached memory to the processor memory; and wherein the processor core is to use the range of the portion of the attached memory and the processor memory to cache data.

Allocating and configuring persistent memory

Methods and apparatus to allocating and/or configuring persistent memory are described. In an embodiment, memory controller logic configures non-volatile memory into a plurality of partitions at least in part based on one or more attributes. One or more volumes (visible to an application or operating system) are formed from one or more of the plurality of partitions. Each of the one or more volumes includes one or more of the plurality of partitions having at least one similar attribute from the one or more attributes. In another embodiment, memory controller logic configures a Non-Volatile Memory (NVM) Dual Inline Memory Module (DIMM) into a persistent region and a volatile region. Other embodiments are also disclosed and claimed.

Secure tunneling access to debug test ports on non-volatile memory storage units

Systems, apparatuses and methods may provide for receiving one or more debug communications and programming, via a bus, a set of debug registers with debug information corresponding to the one or more debug communications. Additionally, tunnel logic hardware may be instructed to transfer the debug information from the set of debug registers to one or more test access ports of an intelligent device such as a non-volatile memory storage unit having a microcontroller. In one example, if it is detected that debug permission has been granted during a boot process, a control status register may be unlocked. If, on the other hand, the debug permission is not detected during the boot process, the control status register may be locked. Accordingly, an enable bit of the control status register may be used to activate the tunnel logic hardware only if the control status register is unlocked.

Selective memory mode authorization enforcement

In one embodiment, a memory interface employs selective memory mode authorization enforcement in accordance with the present description to ensure that memory modes of operation which have not been authorized, are not permitted to proceed. In one embodiment, mode control logic receives from memory control logic of the memory interface, memory mode selection data which is compared to a mode authorization classification structure to determine if the memory mode being selected in association with a memory transaction request is authorized or otherwise permitted. Memory mode enablement logic of the mode control logic enables the requested memory mode associated with a memory transaction request if it is determined that the selected memory mode associated with the memory transaction request is authorized. Other aspects are described herein.

Memory control management of a processor

Systems, apparatuses and methods may provide for technology that conducts a comparison between an identified capability of a memory device and memory usage rules associated with a processor. The memory usage rules are to identify allowed memory accesses by the processor. The technology further limits access by the processor to the memory device based upon the comparison.

SECURE DATA PARTITION IN NONVOLATILE MEMORY SYSTEMS

Apparatus, systems, and methods to implement a secure data partition in memory systems are described. In one example, a controller comprises logic to receive, in a system management mode mailbox, a memory partition creation request from a system management mode interface, wherein the memory partition creation request comprises at least one characteristic of a memory partition, authenticate the partition creation request and create a memory partition in a memory coupled to the controller in accordance with the at least one characteristic. Other examples are also disclosed and claimed. 1. A controller comprising logic to:receive, in a system management mode mailbox, a memory partition creation request from a system management mode interface, wherein the memory partition creation request comprises at least one characteristic of a memory partition;authenticate the partition creation request; andcreate a memory partition in a memory coupled to the controller in accordance with the at least one characteristic.2. The controller of claim 1 , wherein the logic to authenticate the partition creation request comprises logic to:verify a source of the partition creation request; andverify a destination of the partition creation request.3. The controller of claim 1 , wherein the partition creation request specifies a partition size for the memory partition claim 1 , and further comprising logic to:determine whether the partition size is available for allocation to a partition.4. The controller of claim 3 , further comprising logic togenerate an error code in response to an authentication failure or a determination that the partition size is not available for allocation to a partition.5. The controller of claim 4 , further comprising logic to:generate a success code after the memory partition is created.6. The controller of claim 1 , further comprising logic to:receive, in a system management mode mailbox, a write request to the memory partition from a system management mode ...

Boot Process with Parallel Memory Initialization

An embodiment of a memory apparatus may include a system memory, and a memory manager communicatively coupled to the system memory to determine a first amount of system memory needed for a boot process, initialize the first amount of system memory, start the boot process, and initialize additional system memory in parallel with the boot process. Other embodiments are disclosed and claimed.

ALLOCATING AND CONFIGURING PERSISTENT MEMORY

Methods and apparatus to allocating and/or configuring persistent memory are described. In an embodiment, memory controller logic configures non-volatile memory into a plurality of partitions at least in part based on one or more attributes. One or more volumes (visible to an application or operating system) are formed from one or more of the plurality of partitions. Each of the one or more volumes includes one or more of the plurality of partitions having at least one similar attribute from the one or more attributes. In another embodiment, memory controller logic configures a Non-Volatile Memory (NVM) Dual Inline Memory Module (DIMM) into a persistent region and a volatile region. Other embodiments are also disclosed and claimed. 1. An apparatus comprising:memory controller logic, coupled to non-volatile memory, to configure the non-volatile memory into a plurality of partitions at least in part based on one or more attributes,wherein one or more volumes visible to an application or operating system are to be formed from one or more of the plurality of partitions, wherein each of the one or more volumes is to comprise one or more of the plurality of partitions having at least one similar attribute from the one or more attributes.2. The apparatus of claim 1 , wherein the non-volatile memory is to be mapped into a processor's address space to allow the processor to directly address the non-volatile memory.3. The apparatus of claim 1 , wherein the one or more attributes are to comprise one or more of: UMA (Uniform Memory Access) claim 1 , NUMA (Non-Uniform Memory Access) claim 1 , interleave type claim 1 , communication channel width or speed claim 1 , type of fault domain claim 1 , or mirroring state.4. The apparatus of claim 1 , wherein the one or more volumes are to maintain their content across system resets or power loss.5. The apparatus of claim 1 , wherein the non-volatile memory is to comprise one or more non-volatile DIMMs (Dual Inline Memory Modules).6. The ...

Layered virtual machine integrity monitoring

Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed.

Global persistent flush

A cache flush request is received in a first phase of a persistent memory flush flow, where the first phase is initiated by a host processor, and the cache flush request requests that data in cache memory be flushed to persistent memory within a system. A cache flush response is sent in the first phase responsive to the cache flush request, where the cache flush response identifies whether an error is detected in the first phase. A memory buffer flush request is received in a second phase of the persistent memory flush flow, where the second phase is initiated by the host processor upon completion of the first phase, and the memory buffer flush request requests that data in buffers of persistent memory devices in the system be flushed to persistent memory. A memory buffer flush response is sent in the second phase responsive to the memory buffer flush response.

Initialization trace of a computing device

Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.

COMPUTING SYSTEM WITH PROTECTION AGAINST MEMORY WEAR OUT ATTACKS

Technology for a computing system is described. The computing system can include memory, a controller, and a security management module. The controller can receive a block erase command for erasing data stored in a block of memory. The controller can store information associated with the block erase command in a store, wherein the information includes a block address associated with the data to be erased based on the block erase command. The security management module can read block addresses from the store, update a block erase count array over a defined interval to include block addresses read from the store, compare the block erase count array to a defined threshold, identify block addresses for which the block erase count array is above the defined threshold, and deny subsequent block erase commands for the identified block addresses. 1. A computing system comprising:memory; receive a block erase command to erase data stored in a block of memory; and', 'store information associated with the block erase command in a store, wherein the information includes a block address associated with the data to be erased based on the block erase command; and, 'a controller configured to read block addresses from the store;', 'update a block erase count array stored in the security management module over a defined interval to include block addresses read from the store;', 'compare the block erase count array to a defined threshold;', 'identify block addresses for which the block erase count array is above the defined threshold; and', 'deny subsequent block erase commands for the identified block addresses to protect the memory against memory wear out attacks., 'a security management module configured to2. The computing system of claim 1 , wherein the security management module is configured to:allow subsequent block erase commands after a defined period of time in accordance with a timer interval counter; andremove one or more block addresses from the block erase count array.3 ...

SYSTEMS AND DEVICES HAVING A SCALABLE BASIC INPUT/OUTPUT SYSTEM (BIOS) FOOTPRINT AND ASSOCIATED METHODS

Devices, systems, and methods for implementing a scalable extended basic input/output system (BIOS) region that increases the BIOS footprint of a system, are provided and described. In addition to a traditional BIOS region located in the memory mapped input/output (MMIO) low region, an extended BIOS region is initialized in a MMIO area of the system address map, where both regions are accessed by MMIO access requests. 1. An electronic device , comprising:a processor; and a system memory low region;', 'a memory-mapped I/O (MMIO) low region above the system memory low region;', 'a system memory high region above the MMIO low region;', 'a MMIO high region above the system memory high region;', 'a BIOS region in the MMIO low region adjacent the system memory high region; and', 'a scalable extended BIOS (eBIOS) region in either the MMIO low or the MMIO high region., 'a non-volatile memory (NVM) device communicatively coupled to the processor, the NVM device including a basic input/output system (BIOS) image and instructions that, when executed on the processor, establish a system address space comprising2. The device of claim 1 , wherein the eBIOS region is in the MMIO low region.3. The device of claim 2 , wherein the system address space further comprises an Input/Output (I/O) advanced programmable interrupt controller (APIC) region in the MMIO low region below the BIOS region claim 2 , and wherein the eBIOS region is below the I/O APIC region.4. The device of claim 1 , wherein the eBIOS region is at least 32 MB in size.5. The device of claim 4 , wherein the processor is in a processor package claim 4 , a multi-core processor package claim 4 , a system-on-chip package (SoC) claim 4 , a system-in-package (SiP) package claim 4 , system-on-package (SoP) package claim 4 , or a combination thereof.6. The device of claim 1 , wherein the NVM device is flash memory.7. The device of claim 1 , wherein the NVM device is three dimensional (3D) cross point memory.8. A computing ...

ALLOCATING AND CONFIGURING PERSISTENT MEMORY

Methods and apparatus to allocating and/or configuring persistent memory are described. In an embodiment, memory controller logic configures non-volatile memory into a plurality of partitions at least in part based on one or more attributes. One or more volumes (visible to an application or operating system) are formed from one or more of the plurality of partitions. Each of the one or more volumes includes one or more of the plurality of partitions having at least one similar attribute from the one or more attributes. In another embodiment, memory controller logic configures a Non-Volatile Memory (NVM) Dual Inline Memory Module (DIMM) into a persistent region and a volatile region. Other embodiments are also disclosed and claimed. 1. One or more non-transitory computer-readable media comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to:cause configuration of a Non-Volatile Dual Inline Memory Module (NVDIMM) device into a plurality of partitions;cause the NVDIMM device to be byte addressable by an application;wherein the application is capable of direct access to the NVDIMM device via load/store instructions.2. The one or more computer-readable media of claim 1 , further comprising one or more instructions that when executed on the at least one processor configure the at least one processor to perform one or more operations to cause the application to directly access the NVDIMM device and bypass one or more drivers.3. The one or more computer-readable media of claim 1 , further comprising one or more instructions that when executed on the at least one processor configure the at least one processor to perform one or more operations to allow access to data interleaved across a plurality of NVDIMM devices.4. The one or more computer-readable media of claim 1 , further comprising one or more instructions that when executed on the at least one processor configure the at least one processor to ...

RECONFIGURING A PROCESSOR WITHOUT A SYSTEM RESET

Embodiments of processors, methods, and systems for reconfiguring a processor without a system reset are described. In an embodiment, a processor includes configuration storage, shadow configuration storage, trigger storage, and a trigger circuit. The trigger circuit is to cause, based on trigger storage content, shadow configuration storage content to be copied to the configuration storage. 1. A processor comprising:configuration storage;shadow configuration storage;trigger storage; anda trigger circuit to cause, based on trigger storage content, shadow configuration storage content to be copied to the configuration storage.2. A method comprising:loading first configuration settings into first shadow configuration storage in a first processor;setting a first trigger in the first processor to cause the first configuration settings to be copied from the first shadow configuration to first configuration storage in the first processor; andbased on the first trigger, copying the first configuration settings from the first shadow configuration to the first configuration storage.3. The method of claim 2 , wherein loading the first configuration settings into the first shadow configuration storage is performed by a basic input/output system (BIOS).4. The method of claim 3 , further comprising selecting claim 3 , by the BIOS claim 3 , a thread in the first processor to serve as a system bootstrap processor (SBSP).5. The method of claim 4 , further comprising causing claim 4 , by the BIOS claim 4 , one or more other threads to enter a wait state.6. The method of claim 5 , further comprising:sending, by the BIOS, a first message to first firmware on the first processor; andcausing, by the BIOS, the first processor to enter a halt state.7. The method of claim 6 , further comprising causing claim 6 , by the first firmware in response to the first message claim 6 , the first processor to send a second message to a first platform controller hub (PCH) through a sideband link to ...

Technologies for secure offline activation of hardware features

Technologies for secure offline activation of hardware features include a target computing device having a platform controller hub (PCH) including a converged security and manageability engine (CSME) and a number of in-field programmable fuses (IFPs). During assembly of the target computing device by an original equipment manufacturer (OEM), the CSME is provided a list of hardware features to be activated. The CSME configures the IFPs to enable the requested features, generates a digital receipt including the activated features and a unique device ID, and signs the receipt using a unique device key. Signed receipts may be periodically submitted to a vendor computing device, which verifies the signed receipts, extracts the active feature list, and bills the OEM for activated features of the PCHs. The vendor computing device may bill the OEM a maximum price for PCHs for which there is no associated signed receipt. Other embodiments are described and claimed.

LAYERED VIRTUAL MACHINE INTEGRITY MONITORING

Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed. 122-. (canceled)23. An apparatus , comprising:a memory; and identify a first indication from a first health detector, the first indication associated with a first operating condition of a server monitored by the first health detector;', 'identify a second indication from a second health detector, the second indication associated with a second operating condition of the server monitored by the second health detector; and', 'distinguish between malfunction, security breach, and normal operation in the server based on the first indication and the second indication., 'logic for monitoring of virtual machines, at least a portion of the logic implemented in circuitry coupled to the memory, the logic to24. The apparatus of claim 23 , the first health detector comprising one or more of a temperature claim 23 , voltage claim 23 , and current sensor and the second health detector comprising one or more of a bus activity claim 23 , clock signal claim 23 , and processor thread execution monitor.25. The apparatus of claim 23 , the logic to cause the server to reinitialize based on a determination of malfunction in the server.26. The apparatus of claim 23 , the logic to utilize past indications from the first and second health detectors ...

Security management in multi-node, multi-processor platforms

Multi-node and multi-processor security management is described in this application. Data may be secured in a TPM of any one of a plurality of nodes, each node including one or more processors. The secured data may be protected using hardware hooks to prevent unauthorized access to the secured information. Security hierarchy may be put in place to protect certain memory addresses from access by requiring permission by VMM, OS, ACM or processor hardware. The presence of secured data may be communicated to each of the nodes to ensure that data is protected. Other embodiments are described.

Global permanent memory flush

Eine Cache-Leerungsanforderung wird in einer ersten Phase eines Flusses zur dauerhaften Speicherleerung empfangen, wobei die erste Phase von einem Hostprozessor initiiert wird und die Cache-Leerungsanforderung anfordert, dass Daten in dem Cache-Speicher in dauerhaften Speicher innerhalb eines Systems geleert werden. Eine Cache-Leerungsantwort wird in der ersten Phase als Antwort auf die Cache-Leerungsanforderung gesendet, wobei die Cache-Leerungsantwort identifiziert, ob in der ersten Phase ein Fehler detektiert wird. Eine Speicherpufferleerungsanforderung wird in einer zweiten Phase des Flusses zur dauerhaften Speicherleerung empfangen, wobei die zweite Phase nach Abschluss der ersten Phase von dem Hostprozessor initiiert wird und die Speicherpufferleerungsanforderung anfordert, dass Daten in Puffern von dauerhaften Speichervorrichtungen in dem System in dauerhaften Speicher geleert werden. Eine Speicherpufferleerungsantwort wird in der zweiten Phase als Antwort auf die Speicherpufferleerungsanforderung gesendet. A cache flush request is received in a first phase of a persistent memory flush flow, the first phase being initiated by a host processor and the cache flush request requesting that data in the cache be flushed into persistent storage within a system. A flush cache response is sent in the first phase in response to the flush cache request, the flush cache response identifying whether an error is detected in the first phase. A memory buffer flush request is received in a second phase of the persistent memory flush flow, the second phase being initiated by the host processor upon completion of the first phase and the memory buffer flush request requesting that data in buffers from persistent storage devices in the system be flushed to persistent storage. A memory buffer flush response is sent in the second phase in response to the memory buffer flush request.

System and method to enable platform personality migration

An embodiment of the present invention relates generally to computer configuration and, more specifically, to a system and method to seamlessly determine the component configurations of a series of heterogeneous platforms and enable their respective component configurations to be intelligently migrated from one platform to another. In some embodiments, the invention involves generating configuration binaries for a plurality of target platforms. The configuration binaries are used with tools to create configuration directives for the target machines. In at least one embodiment, the configuration directives are sent to the target platforms in a scripting language. In some embodiments, the scripts are automatically generated by a tool using the configuration binaries for various platforms and policy guidance to determine which settings should be set on or off. Other embodiments are described and claimed.

Block storage apertures to persistent memory

Apparatus and methods for accessing a non-volatile memory (NVM) device in a computer system that includes at least one host processor and at least one memory bus. The NVM device is communicably coupleable to the memory bus through an NVM device controller, thereby allowing the host processor to access persistent data storable within the NVM device by issuing one or more memory load/store commands to the NVM device controller over the memory bus. Because the NVM device controller includes at least one block window or aperture that defines at least one address range for accessing the persistent data storable within the NVM device, the computer system can exploit the full capacity of the NVM device without being unduly constrained by physical addressing limits imposed by the host processor, or by limits imposed by an operating system executed by the host processor.

System processing data packets received from remote host to control system operation according to adjustable timer interrupts based on data flow rate

A technique for providing communication between two computers through a network in a way to allow one computer to control the other.

Tunneling platform management messages through inter-processor interconnects

Methods and apparatus for tunneling platform management messages through inter-processor interconnects. Platform management messages are received from a management entity such as a management engine (ME) at a management component of a first processor targeted for a managed device operatively coupled to a second processor. Management message content is encapsulated in a tunnel message that is tunneled from the first processor to a second management component in the second processor via a socket-to-socket interconnect link between the processors. Once received at the second management component the encapsulated management message content is extracted and the original management message is recreated. The recreated management message is then used to manage the targeted device in a manner similar to if the ME was directly connected to the second processor. The disclosed techniques enable management of platform devices operatively coupled to processors in a multi-processor platform via a single management entity.

Block storage apertures to persistent memory

Providing state storage in a processor for system management mode

In one embodiment, the present invention includes a processor that has an on-die storage such as a static random access memory to store an architectural state of one or more threads that are swapped out of architectural state storage of the processor on entry to a system management mode (SMM). In this way communication of this state information to a system management memory can be avoided, reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a status of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) blocked state, in order to provide an indication to agents inside the SMM. Other embodiments are described and claimed.

Provide state memory in a system management mode processor

Bei einer Ausführungsform beinhaltet die vorliegende Erfindung einen Prozessor, der einen On-Die-Speicher aufweist, wie z. B. ein statischer Direktzugriffspeicher, um einen Architektur-Zustand eines oder mehr Threads zu speichern, die bei Eintritt in einen Systemmanagement-Modus (system management mode, SMM) aus dem Architektur-Zustandsspeicher ausgelagert werden. Auf diese Weise kann Kommunikation dieser Zustands-Information an einen Systemmanagement-Speicher vermieden werden, wodurch Latenz verringert wird, die mit Eintritt in SMM verbunden ist. Ausführungsformen können ebenfalls den Prozessor in die Lage versetzen, einen Zustand von ausführenden Agenten zu aktualisieren, die entweder in einem langen Befehlsablauf sind oder in einem Systemmanagement-Unterbrechungs-(system management interrupt, SMI)-Blockiert-Zustand, um eine Anzeige an die Agenten innerhalb des SMM bereitzustellen. Weitere Ausführungsformen sind beschrieben und werden beansprucht. In one embodiment, the present invention includes a processor having an on-die memory, such as an on-die memory. A static random access memory to store an architectural state of one or more threads that are swapped out of the architectural state memory upon entering a system management mode (SMM). In this way, communication of this state information to a system management memory can be avoided, thereby reducing latency associated with entry into SMM. Embodiments may also enable the processor to update a state of executing agents that are either in a long instruction flow or in a system management interrupt (SMI) -locked state to display to the agents within the SMM. Further embodiments are described and claimed.

Host-managed coherent device memory

A system or a device can include a processor core comprising one or more hardware processors; a processor memory to cache data; a memory link interface to couple the processor core with one or more attached memory units; and a platform firmware to determine that a device is connected to the processor core across the memory link interface; determine that the device comprises an attached memory; determine a range of at least a portion of the attached memory available for the processor core; map the range of the portion of the attached memory to the processor memory; and wherein the processor core is to use the range of the portion of the attached memory and the processor memory to cache data.

Monitoring resource usage by a virtual machine

Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for tracking per-virtual machine ("VM") resource usage independent of a virtual machine monitor ("VMM"). In various embodiments, a first logic unit may associate one or more virtual central processing units ("vCPUs") operated by one or more physical processing units of a computing device with a first VM of a plurality of VMs operated by the computing device, and collect data about resources used by the one or more physical processing units to operate the one or more vCPUs associated with the first VM. In various embodiments, a second logic unit of the computing device may determine resource-usage by the first VM based on the collected data. In various embodiments, the first and second logic units may perform these functions independent of a VMM of the computing device.

Monitoring resource usage by a virtual machine

Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for tracking per-virtual machine ("VM") resource usage independent of a virtual machine monitor ("VMM"). In various embodiments, a first logic unit may associate one or more virtual central processing units ("vCPUs") operated by one or more physical processing units of a computing device with a first VM of a plurality of VMs operated by the computing device, and collect data about resources used by the one or more physical processing units to operate the one or more vCPUs associated with the first VM. In various embodiments, a second logic unit of the computing device may determine resource-usage by the first VM based on the collected data. In various embodiments, the first and second logic units may perform these functions independent of a VMM of the computing device.

Monitoring resource usage by a virtual machine

Layered virtual machine integrity monitoring

Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed.

Layered virtual machine integrity monitoring

Various embodiments are generally directed to the provision and use of various hardware and software components of a computing device to monitor the state of layered virtual machine (VM) monitoring software components. An apparatus includes a first processor element; and logic to receive an indication that a first timer has reached an end of a first period of time, monitor execution of a VMM (virtual machine monitor) watcher by a second processor element, determine whether the second processor element completes execution of the VMM watcher to verify integrity of a VMM before a second timer reaches an end of a second period of time, and transmit an indication of the determination to a computing device. Other embodiments are described and claimed.

Mechanism for detecting a no-processor swap condition and modification of high speed bus calibration during boot

Mechanism for detecting a no-processor swap condition and modification of high speed bus calibration during boot

Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

Mechanism for detecting a no-processor swap condition and modification of high speed bus calibration during boot

Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

虛擬機器監視器運行時間完整性觀察器之硬體保護

說明一種虛擬機器監視器(VMM)運行時間完整性觀察器之硬體保護的設備和方法。一組一或更多硬體範圍暫存器保護用來儲存VMM運行時間完整性觀察器的一連續記憶體空間。這組硬體範圍暫存器是用來保護VMM運行時間完整性觀察器免於當載入連續記憶體空間中時被修改。VMM運行時間完整性觀察器當被執行時對一VMM進行在VMM之運行時間期間的一完整性檢查。

Host-managed coherent device memory

A system or a device can include a processor core comprising one or more hardware processors; a processor memory to cache data; a memory link interface to couple the processor core with one or more attached memory units; and a platform firmware to determine that a device is connected to the processor core across the memory link interface; determine that the device comprises an attached memory; determine a range of at least a portion of the attached memory available for the processor core; map the range of the portion of the attached memory to the processor memory; and wherein the processor core is to use the range of the portion of the attached memory and the processor memory to cache data.

Mechanism for detecting a no-processor swap condition and modification of high speed bus calibration during boot

Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

Method and apparatus to perform memory reconfiguration without a system reboot

A Cloud Service Provider reconfigures a memory subsystem during routine operation, while minimizing the amount of time a server is not online. Server downtime is reduced by offloading reconfiguration of system memory to the operating system with platform assistance. The operating system enumerates potential memory configurations of the memory subsystem with associated performance characteristics in an abstracted manner and performs reconfiguration of the memory subsystem without a cold reset. When reconfiguration of the memory subsystem is deemed necessary by the operating system, the operating system examines the enumerated memory subsystem configurations provided by system firmware. After selecting the memory subsystem configuration, the operating system initiates a reconfiguration process. The reconfiguration process saves any existing memory context to an auxiliary device, requests system firmware to perform the memory subsystem reconfiguration, and restores the existing memory context from the auxiliary device after the memory subsystem reconfiguration has been completed.

Adjustment of address space allocated to firmware

Examples described herein relate to an apparatus that includes an interface and circuitry to: prior to boot of a processor, configure a memory address decoder to increase a memory region size associated with firmware access from a first size to a second size, wherein the second size is larger than the first size. In some examples, the memory address decoder is to decode an address space in a Serial Peripheral Interface (SPI) flash device to determine a location of a Firmware Interface Table (FIT) in the second size of the memory region and the second circuitry is to access an entry in the FIT to determine a location of a boot firmware.