Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Techniques are disclosed relating to securing computing devices during boot. In various embodiments, a secure circuit of a computing device generates for a public key pair and signs, using a private key of the public key pair, configuration settings for an operating system of the computing device. A bootloader of the computing device receives a certificate for the public key pair from a certificate authority and initiates a boot sequence to load the operating system. The boot sequence includes the bootloader verifying the signed configuration settings using a public key included in the certificate and the public key pair. In some embodiments, the secure circuit cryptographically protects the private key based on a passcode of a user, the passcode being usable by the user to authenticate to the computing device.

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: A repeater system for relaying wireless communications between a base station and one or more devices having: a repeater to relay network information from a base station to one or more devices; a donor antenna configured to receive and/or transmit network information between the repeater and the base station; a power supply external to the repeater; and, a server antenna integrated with the power supply, the server antenna configured to receive and/or transmit network information between the repeater and the one or more devices.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: A repeater system for relaying wireless communications between a base station and one or more devices having: a repeater to relay network information from a base station to one or more devices; a donor antenna configured to receive and/or transmit network information between the repeater and the base station; a power supply external to the repeater; and, a server antenna integrated with the power supply, the server antenna configured to receive and/or transmit network information between the repeater and the one or more devices.

Abstract: Systems and methods of mitigating precursor ISIs for communication channels having time-variant precursor channel responses using digital circuit designs. A phase adaptation circuit is utilized in a receiver and configured to generate a phase control signal responsive to an input signal and based on the current precursor channel response. The phase control signal controls the phase shift of a recovered clock to a position where the precursor ISI at h(?1) is minimized. The phase control signal corresponds to a “feed-forward equalization (FFE) first tap weight” obtained via a digital least-mean-square (LMS) process.

Abstract: Systems and methods of mitigating precursor ISIs for communication channels having time-variant precursor channel responses using digital circuit designs. A phase adaptation circuit is utilized in a receiver and configured to generate a phase control signal responsive to an input signal and based on the current precursor channel response. The phase control signal controls the phase shift of a recovered clock to a position where the precursor ISI at h(?1) is minimized. The phase control signal corresponds to a “feed-forward equalization (FFE) first tap weight” obtained via a digital least-mean-square (LMS) process.

Abstract: A system and method for two way short message service (SMS)-enabled BGM and related communications is presented. The method includes receiving, by a processing device integrated with a blood glucose meter (BGM), a first short message service (SMS) message comprising a question, presenting the question at the BGM, receiving a response to the question, translating the response to the question into a second SMS message, translating blood glucose measurement information into a third SMS message, the blood glucose measurement information received from a test of a user by the BGM, and transmitting the second and third SMS messages to a receiver.

Abstract: An electronic signal level detection system and method are provided. The method receives an analog input signal having a variable voltage and compares the input signal voltage to a threshold. A detection signal is generated for input signal voltages exceeding the threshold in a periodic first time frame. In a second periodic time frame (following the first time frame), a count is updated in response to the generated detection signals. The count is used to create a metric representative of the difference between the input signal voltage and the threshold. The count is incremented in response to the generating a detection signal (“1”) in the first time frame, and decremented in response to not generating a detection signal (“0”) in the first time frame.