Abstract: A platform security processor is booted and reads a set of write-once memory bits to obtain a minimum security patch level (SPL). The security processor then verifies that a table SPL for a firmware security table is greater than or equal to the minimum SPL. The firmware security table includes a plurality of firmware identifiers for firmware code modules, and a plurality of check SPL values each associated with respective one of the firmware identifiers. The security processor verifies SPL values in a plurality of firmware code modules by, for each firmware code module, accessing the module to obtain its firmware SPL value and check if the respective firmware SPL value is equal to or greater than a respective check SPL value in the firmware security table.

Abstract: A platform security processor is booted and reads a set of write-once memory bits to obtain a minimum security patch level (SPL). The security processor then verifies that a table SPL for a firmware security table is greater than or equal to the minimum SPL. The firmware security table includes a plurality of firmware identifiers for firmware code modules, and a plurality of check SPL values each associated with respective one of the firmware identifiers. The security processor verifies SPL values in a plurality of firmware code modules by, for each firmware code module, accessing the module to obtain its firmware SPL value and check if the respective firmware SPL value is equal to or greater than a respective check SPL value in the firmware security table.

Abstract: Systems, apparatuses, and methods for implementing digital rights management using a GPU are disclosed. In one embodiment, a system includes at least a GPU, a security processor, and a memory. The GPU is configured to execute a first portion of a binary and detect that a second portion of the binary is encrypted. The second portion of the binary includes enhanced content that is available for purchase. If the user purchases the enhanced content, a license server generates a token specific to the security processor of the system and conveys the token to the system. Next, the security processor decrypts the second portion of the binary using the token and stores the decrypted second portion of the binary at a memory location accessible by the first processor. Then, the first processor executes the second portion of the binary.

Abstract: A first processor that has a trusted relationship with a trusted memory region (TMR) that includes a first region for storing microcode used to execute a microcontroller on a second processor and a second region for storing data associated with the microcontroller. The microcontroller supports a virtual function that is executed on the second processor. An access controller is configured by the first processor to selectively provide the microcontroller with access to the TMR based on whether the request is to write in the first region. The access controller grants read requests from the microcontroller to read from the first region and denies write requests from the microcontroller to write to the first region. The access controller grants requests from the microcontroller to read from the second region or write to the second region.

Abstract: Systems, apparatuses, and methods for performing secure system memory training are disclosed. In one embodiment, a system includes a boot media, a security processor with a first memory, a system memory, and one or more main processors coupled to the system memory. The security processor is configured to retrieve first data from the boot media and store and authenticate the first data in the first memory. The first data includes a first set of instructions which are executable to retrieve, from the boot media, a configuration block with system memory training parameters. The security processor also executes a second set of instructions to initialize and train the system memory using the training parameters. After training the system memory, the security processor retrieves, authenticates, and stores boot code in the system memory and releases the one or more main processors from reset to execute the boot code.

Abstract: Systems, apparatuses, and methods for implementing digital rights management using a GPU are disclosed. In one embodiment, a system includes at least a GPU, a security processor, and a memory. The GPU is configured to execute a first portion of a binary and detect that a second portion of the binary is encrypted. The second portion of the binary includes enhanced content that is available for purchase. If the user purchases the enhanced content, a license server generates a token specific to the security processor of the system and conveys the token to the system. Next, the security processor decrypts the second portion of the binary using the token and stores the decrypted second portion of the binary at a memory location accessible by the first processor. Then, the first processor executes the second portion of the binary.

Abstract: Systems, apparatuses, and methods for performing secure system memory training are disclosed. In one embodiment, a system includes a boot media, a security processor with a first memory, a system memory, and one or more main processors coupled to the system memory. The security processor is configured to retrieve first data from the boot media and store and authenticate the first data in the first memory. The first data includes a first set of instructions which are executable to retrieve, from the boot media, a configuration block with system memory training parameters. The security processor also executes a second set of instructions to initialize and train the system memory using the training parameters. After training the system memory, the security processor retrieves, authenticates, and stores boot code in the system memory and releases the one or more main processors from reset to execute the boot code.

Abstract: A device receives a request to use a software program, determines a comparison indicator based on receiving the request, and determines whether a license for the software program is valid based on a license validity indicator, stored in a secure environment, and the comparison indicator. The device permits execution of secure code stored in the secure environment when the license is determined to be valid, and prevents execution of the secure code stored in the secure environment when the license is determined to be invalid.

Abstract: A method for secure electronic information exchange between a sender and a recipient. The method includes generating a message at a first entity, generating a message encryption key, encrypting the message using the message encryption key, wrapping the message encryption key using a key agreement algorithm, generating a Java archive file including the encrypted message, the wrapped message encryption key and cryptographic algorithm code including decryption algorithm and key agreement algorithm code, encoding the Java archive file, embedding the encoded Java archive file in an HTML file, and sending the HTML file as an e-mail attachment to said recipient.