Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express—PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: Described are techniques for write protecting a non-volatile memory (NVM) after the contents of the NVM have been set. In some examples, a computing device or system having an NVM also includes a Root of Trust (RoT) configured to generate a write protect command as an input to the NVM. The RoT generates the write protect command in response to detecting a write protect signal from an electronic controller. The write protect command sets one or more areas in the NVM to be read-only. Further, the write protect command can make the one or more areas read-only on a power-on basis so that write protection is maintained until the next power cycle. The electronic controller can be configured to assert the write protect signal each time the computing device or system is powered on, for instance during a reboot, thereby causing the RoT to renew the write protection.

Abstract: Multi-mode protected memory in accordance with the present description includes a permanent mode and a transient mode of operation. In one embodiment of the permanent mode, an authentication key is programmable once and a write counter is not decrementable or resettable. In one embodiment of the transient mode, an authentication key may be programmed many times and a write counter may be reset many times. Other features and advantages may be realized, depending upon the particular application.

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express - PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express—PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: Multi-mode protected memory in accordance with the present description includes a permanent mode and a transient mode of operation. In one embodiment of the permanent mode, an authentication key is programmable once and a write counter is not decrementable or resettable. In one embodiment of the transient mode, an authentication key may be programmed many times and a write counter may be reset many times. Other features and advantages may be realized, depending upon the particular application.

Abstract: Systems, apparatuses and methods may provide for technology to conduct, by a storage device, a state analysis of the storage device based on an assert log associated with a failure condition in the storage device. The technology may also return, by the storage device, the storage device to service if the state analysis indicates that the storage device is operable. Additionally, the technology may remove, by the storage device, the storage device from service if the state analysis indicates that the storage device is inoperable.

Abstract: In one embodiment, a system comprises a processor to, in response to a determination that a write command is suspect, identify a logical address associated with the write command; and send a checkpoint command identifying the logical address to a storage device to preserve data stored in the storage device at a physical address associated with the logical address.

Abstract: Systems, apparatuses and methods may provide for technology to conduct, by a storage device, a state analysis of the storage device based on an assert log associated with a failure condition in the storage device. The technology may also return, by the storage device, the storage device to service if the state analysis indicates that the storage device is operable. Additionally, the technology may remove, by the storage device, the storage device from service if the state analysis indicates that the storage device is inoperable.

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express—PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: A system for verifying the secure erase of a storage device is provided. A storage device controller for the storage device logs the execution of a secure erase command. A storage device controller for the storage device receives an erase verify command from a host. The storage device controller retrieves one or more secure erase log entries from access-limited memory locations in non-volatile memory of the storage device. The storage device controller copies the one or more secure erase log entries to storage device buffer circuitry. The storage device controller secures the one or more secure erase log entries with one or more cryptographic keys to generate an encrypted and/or signed erase verification message. The storage device controller transmits the encrypted and/or signed erase verification message to the host, in response to receipt of the erase verify command.

Abstract: In one embodiment, a system comprises a processor to, in response to a determination that a write command is suspect, identify a logical address associated with the write command; and send a checkpoint command identifying the logical address to a storage device to preserve data stored in the storage device at a physical address associated with the logical address.

Abstract: Efficient architecture for a secure access enforcement proxy is described. The proxy interfaces with multiple subsystems and multiple shared resources. The proxy identifies an original transaction command being sent from one of the subsystems to one of the shared resources, identifies a policy corresponding to the subsystem, performs an action pertaining to the original transaction command based on the policy, and sends a response to the subsystem based on the action.

Abstract: Efficient architecture for a secure access enforcement proxy is described. The proxy interfaces with multiple subsystems and multiple shared resources. The proxy identifies an original transaction command being sent from one of the subsystems to one of the shared resources, identifies a policy corresponding to the subsystem, performs an action pertaining to the original transaction command based on the policy, and sends a response to the subsystem based on the action.

Abstract: A system, apparatus, method and article to filter media signals are described. The apparatus may include a media processor. The media processor may include an image signal processor having multiple processing elements to concurrently process a pixel matrix by executing single instruction stream, multiple data streams instructions to determine a matrix median pixel value, and replace a pixel value from said pixel matrix with said matrix median pixel value. Other embodiments are described and claimed.

Abstract: A method includes receiving a first interrupt from a digital media processor and blocking execution of an application program while the first interrupt is being handled. The method further includes receiving a second interrupt from the digital media processor and allowing execution of the application program to continue while the second interrupt is being handled.