Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. The processing chip includes immutable hardware enabled to securely boot one or more CPUs of the processing chip to execute code stored in a non-volatile one of the external memory chips, and to update the code. An update to the code is written to a portion of one of the external memory chips that is not accessible to the CPUs, and the immutable hardware copies the update to the non-volatile memory chip. The update is encrypted with a public portion of a key possessed by an entity sending the update, and a private portion of the key, used to decrypt code stored in the non-volatile memory chip, is unique to and solely possessed by the processing chip.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. In some embodiments, the processing chip includes immutable hardware that is enabled, without a use of any CPUs, to determine and/or confirm an expected configuration of one or more external memory chips (such as with a Serial Presence Detect operation), and/or to enable communication with the one or more external memory chips. The immutable hardware is further enabled to copy executable code from a non-volatile one of the one or more external memory chips to another of the one or more external memory chips so that a CPU of the processing chip is able to securely boot by fetching initial instructions from the copy of the executable code.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security (such as intrusion and/or virus/malware prevention), performance, cost, and efficiency. For example, the processing chip includes at least one CPU and circuitry enabling the at least one CPU to securely boot from an external, non-volatile memory chip containing encrypted, executable code, and does not expose un-encrypted data, including the executable code, on an external memory interface, including a DRAM interface. Further, only the specific processing chip that was used to initially write the encrypted executable code to the external non-volatile memory chip is able to decrypt the encrypted executable code. The decryption uses a key unique to the processing chip and created at manufacturing time that is never CPU-accessible, forming a secure hardware association between the two chips.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. For example, the processing chip includes one or more CPUs and circuitry enabling the CPUs to securely boot from an external, non-volatile memory chip containing encrypted, executable code. The circuitry comprises immutable hardware to hold the CPUs in a reset state while performing a serial presence detect on external interfaces of the processing chip and generating an address map according to results of the serial presence detect. In response to an initial instruction fetch of an initial one of the CPUs, the circuitry is able to return one or more instructions via the address map associating an address of the initial instruction fetch with one of the external memory chips.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. In some embodiments, the processing chip includes immutable hardware enabled to securely boot one or more CPUs of the processing chip to execute code stored encrypted in a non-volatile one of the memory chips. An encrypted update to the code is written to a portion of one of the memory chips and the immutable hardware copies the update to the non-volatile memory chip. The immutable hardware is then able to securely boot the one or more CPUs to execute the encrypted update stored in the non-volatile memory chip. In further embodiments, the non-volatile memory chip and/or the portion of one of the memory chips are not accessible by the one or more CPUs.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security (such as intrusion and/or virus/malware prevention), performance, cost, and efficiency. For example, the processing chip includes at least one CPU and circuitry enabling the at least one CPU to securely boot from an external, non-volatile memory chip containing encrypted, executable code. The circuitry comprises immutable hardware to copy the executable code from the non-volatile memory to another external memory from which the at least one CPU is able to access it. The encryption uses a key created at a manufacturing time of and unique to the processing chip that is never CPU-accessible, forming a secure hardware association between the processing chip and the non-volatile memory chip.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. The processing chip includes autonomous hardware that enables the processing chip, without a use of any CPUs, to form an association between itself and a particular flash chip. Prior to an initial operational use of the processing chip, the autonomous hardware is able to generate a key unique to the processing chip using a physically unclonable function, and then to form the association by encrypting a stream of data using the key and writing the encrypted result to the flash chip. For example, the stream of data comprises a bootloader and an operating system, and the processing chip is able to begin the initial operational use by securely booting using data copied from the flash chip.

Abstract: Techniques in electronic systems, such as in systems including a processor complex having one or more system processors and one or more memories, provide improvements in one or more of system security, performance, cost, and efficiency. In some embodiments, the system includes secure boot logic (SBL) having immutable hardware enabled, in response to a reset of the system, to securely boot one or more boot processors of the SBL to execute known-good executable code. The SBL is then enabled to securely boot the one or more system processors to execute system code stored in a non-volatile one of the memories by copying the system code to another one of the memories from which at least one of the system processors is able to access the system code for a respective initial instruction fetch. The non-volatile memory is not accessible to the system processors.