Abstract: Aspects of the present disclosure involve systems, methods, apparatus, and computer-readable media for mitigating laser-based fault injection attacks against one or more processing devices. Techniques may include generating a corresponding representation of at least one of data or a component of a processing device, locating the corresponding representation on a die of the processing device adjacent to a location on the die of at least one of the data or the component, and executing, based on a determination that the corresponding representation is different than at least one of the data or the component of the processing device, a mitigation procedure. One example may include hashing, using a secure hashing function, security data to generate integrity data corresponding to the security data and storing the security data and the integrity data in adjacent memory locations in a memory device.

Abstract: Systems, apparatuses, methods, and computer-readable media for implementing confidential computing of one or more computing systems and/or devices using component authentication and data encryption with integrity and anti-replay mechanisms are disclosed. In some examples, the systems, apparatuses, methods, and computer-readable media described herein can perform various techniques, including one or more secure boot processes, component and data authentication, and data encryption with integrity and anti-replay, among other secure techniques. One implementation may include executing secure boot process based on authentication of a device identifier stored in a secure physical object of a processing device. Another implementation may include encrypting and storing a counter value corresponding to a cache line and generating an integrity tag value replacing error correction code bits associated with the cache line with the generated cache line tag value.

Abstract: Techniques are described herein for security hardened processing devices. For example, a method can include performing a secure boot of a processing device of a computer system. The processing device is configured as a root of trust for a secure boot process. The computer system can include the processing device and a non-volatile memory storing a basic input/output system (BIOS) for the secure boot process. The method can include identifying a set of programmable fuses of the processing device, deriving an encryption key using a value encoded by the set of programmable fuses in the processing device, and authenticating the BIOS to perform the secure boot process using a key derivation algorithm based on the encryption key.

Abstract: Techniques are described herein for security hardened processing devices. For example, a method can include performing a secure boot of a processing device of a computer system. The processing device is configured as a root of trust for a secure boot process. The computer system can include the processing device and a non-volatile memory storing a basic input/output system (BIOS) for the secure boot process. The method can include identifying a set of programmable fuses of the processing device, deriving an encryption key using a value encoded by the set of programmable fuses in the processing device, and authenticating the BIOS to perform the secure boot process using a key derivation algorithm based on the encryption key.

Abstract: Aspects of the present disclosure involve systems, methods, apparatus, and computer-readable media for mitigating laser-based fault injection attacks against one or more processing devices. Techniques may include generating a corresponding representation of at least one of data or a component of a processing device, locating the corresponding representation on a die of the processing device adjacent to a location on the die of at least one of the data or the component, and executing, based on a determination that the corresponding representation is different than at least one of the data or the component of the processing device, a mitigation procedure. One example may include hashing, using a secure hashing function, security data to generate integrity data corresponding to the security data and storing the security data and the integrity data in adjacent memory locations in a memory device.

Abstract: A system is disclosed for Input/Output (I/O) device emulation that allows a service provider to configure and enforce a policy for software access to some or all I/O resources in a platform. I/O device emulation enables service providers to protect their platforms from malicious guest software that may be executed on associated platforms that has direct access to I/O resources in case of bare-metal servers, escalates the privilege level from guest to host in case of hosted-Virtual Machine servers, or escalates the privilege level from guest to System Management Mode in case of either bare-metal servers or hosted-Virtual Machine servers. The technology enables service providers to protect their platforms from malicious guest software running on their platforms that either has direct access to legacy I/O and memory mapped I/O resources. In one illustrative example, the platform may include a microprocessor.

Abstract: Systems, apparatuses, methods, and computer-readable media for implementing confidential computing of one or more computing systems and/or devices using component authentication and data encryption with integrity and anti-replay mechanisms are disclosed. In some examples, the systems, apparatuses, methods, and computer-readable media described herein can perform various techniques, including one or more secure boot processes, component and data authentication, and data encryption with integrity and anti-replay, among other secure techniques. One implementation may include executing secure boot process based on authentication of a device identifier stored in a secure physical object of a processing device. Another implementation may include encrypting and storing a counter value corresponding to a cache line and generating an integrity tag value replacing error correction code bits associated with the cache line with the generated cache line tag value.

Abstract: Techniques are described herein for security hardened processing devices. For example, a method can include performing a secure boot of a processing device of a computer system. The processing device is configured as a root of trust for a secure boot process. The computer system can include the processing device and a non-volatile memory storing a basic input/output system (BIOS) for the secure boot process. The method can include identifying a set of programmable fuses of the processing device, deriving an encryption key using a value encoded by the set of programmable fuses in the processing device, and authenticating the BIOS to perform the secure boot process using a key derivation algorithm based on the encryption key.