Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

Abstract: A processor can be configured to access boot firmware from a remote location independent from use of a chipset. After a processor powers-on or reboots, the processor can execute microcode. The microcode will cause the processor to train a link with a remote device. The remote device can provide the processor with access to boot firmware. The processor can copy the boot firmware to the processor's cache or memory. The processor will attempt to authenticate the boot firmware. If the boot firmware is authenticated, the processor executes the copy of the boot firmware.

Abstract: Dynamically configurable server platforms and associated apparatus and methods. A server platform including a plurality of CPUs installed in respective sockets may be dynamically configured as multiple single-socket servers and as a multi-socket server. The CPUs are connected to a platform manager component comprising an SoC including one or more processors and an embedded FPGA. Following a platform reset, an FPGA image is loaded, dynamically configuring functional blocks and interfaces on the platform manager. The platform manager also includes pre-defined functional blocks and interfaces. During platform initialization the dynamically-configured functional blocks and interfaces are used to initialize the server platform, while both the pre-defined and dynamically-configured functional blocks and interfaces are used to support run-time operations.

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

Abstract: A processor can be configured to access boot firmware from a remote location independent from use of a chipset. After a processor powers-on or reboots, the processor can execute microcode. The microcode will cause the processor to train a link with a remote device. The remote device can provide the processor with access to boot firmware. The processor can copy the boot firmware to the processor's cache or memory. The processor will attempt to authenticate the boot firmware. If the boot firmware is authenticated, the processor executes the copy of the boot firmware.

Abstract: Dynamically configurable server platforms and associated apparatus and methods. A server platform including a plurality of CPUs installed in respective sockets may be dynamically configured as multiple single-socket servers and as a multi-socket server. The CPUs are connected to a platform manager component comprising an SoC including one or more processors and an embedded FPGA. Following a platform reset, an FPGA image is loaded, dynamically configuring functional blocks and interfaces on the platform manager. The platform manager also includes pre-defined functional blocks and interfaces. During platform initialization the dynamically-configured functional blocks and interfaces are used to initialize the server platform, while both the pre-defined and dynamically-configured functional blocks and interfaces are used to support run-time operations.

Abstract: Embodiments detailed herein describe a system comprising a manageability server to generate an encrypted sideband message having at least one command; a server including: a radio frequency identification (RFID) device, the RFID device to include storage to store at least one encrypted sideband message having at least one command, and a security circuit coupled to the RFID device, the security circuit to: retrieve at least one encrypted sideband message from the RFID device storage, decrypt the one encrypted sideband message, determine validity of the decrypted sideband message using information from the decrypted sideband message, and perform an action in response to the at least one command.

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.