Abstract: Embodiments of the invention describe apparatuses, systems and method for particularly to providing alternative boot paths for computing devices. In embodiments of the invention, a non-volatile controller subsystem is powered up by default in order to allow memory operations to one or more non-volatile devices prior to PCIe/USB enumeration. Logic such as a system SPI controller receives a request to access an SPI flash device for executing a firmware image instruction; however, embodiments of the invention either do not include or do not utilize an SPI flash device. Instead of notifying an SPI flash device, the host SPI controller redirects this request to the non-volatile controller subsystem. The non-volatile controller accesses one or more non-volatile device(s) for executing the firmware image instruction. Furthermore, embodiments of the invention may also support the protection of storage operations initiated from the host controller to the non-volatile device from hardware attacks.

Abstract: Embodiments of the invention describe apparatuses, systems and method for particularly to providing alternative boot paths for computing devices. In embodiments of the invention, a non-volatile controller subsystem is powered up by default in order to allow memory operations to one or more non-volatile devices prior to PCIe/USB enumeration. Logic such as a system SPI controller receives a request to access an SPI flash device for executing a firmware image instruction; however, embodiments of the invention either do not include or do not utilize an SPI flash device. Instead of notifying an SPI flash device, the host SPI controller redirects this request to the non-volatile controller subsystem. The non-volatile controller accesses one or more non-volatile device(s) for executing the firmware image instruction. Furthermore, embodiments of the invention may also support the protection of storage operations initiated from the host controller to the non-volatile device from hardware attacks.

Abstract: As opposed to utilizing a manufacturer provisioned EK Certificate for AIK processes, embodiments of the invention utilize EPID based data. EPID mitigates the privacy issues of common RSA PKI security implementations where every individual is uniquely identified by their private keys. Instead, EPID provides the capability of remote attestation but only identifies the client computing system as having a component (such as a chipset) from a particular technology generation. EPID is a group signature scheme, where one group's public key corresponds to multiple private keys, and private keys generate a group signature which is verified by the group public key. EPID provides the security property of being anonymous and unlinkable—given two signatures, one cannot determine whether the signatures are generated from one or two private keys. EPID also provides the security property of being unforgeable—without a private key, one cannot create a valid signature.