Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to de determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

Abstract: Systems, apparatuses and methods may provide for technology that digitally signs a hash table and a data payload, wherein the data payload is partitioned into a plurality of storage blocks and the hash table specifies how to index into and individually authenticate the plurality of storage blocks. Additionally, a write of the digitally signed hash table and data payload may be initiated to an aggregate storage array. In one example, the aggregate storage array authenticates the digital signature of the hash table and the data payload and conducts a write of the data payload to a plurality of drives in the aggregate storage array in accordance with the hash table.

Abstract: A system for securing electronic devices includes a storage device including a storage device controller processor, at least one non-transitory machine readable storage medium in firmware of the storage device communicatively coupled to the storage device controller processor, and a monitor application comprising computer-executable instructions on the medium. The instructions are readable by the storage device controller processor. The monitor application is configured to provision one or more read-only areas of the storage device, provision a candidate copy area of the storage device, reduce a maximum capacity available for user data on the storage device by a size of the read-only areas and the candidate copy area, and secure access to the read-only areas of the storage device.

Abstract: Provided are an apparatus, system, and method authenticating a system to access diagnostic interface in a storage device. The storage device includes a computer readable storage medium implemented to store data and a controller. The controller receives a request from the computer system to initiate a cryptographic nonce to access diagnostic interface in the storage device. The controller generates a nonce and returns to the computer system. Upon receiving an unlock request from the computer system to access the diagnostic interface including a signed nonce comprising at least the nonce encrypted with a private key by the authorized unlock system, the controller uses a public key that is a cryptographic pair with the private key to decrypt the signed nonce to determine whether to grant the computer system access to the diagnostic interface in the storage device.

Abstract: A system for securing electronic devices includes a storage device including a storage device controller processor, at least one non-transitory machine readable storage medium in firmware of the storage device communicatively coupled to the storage device controller processor, and aa monitor application comprising computer-executable instructions on the medium. The instructions are readable by the storage device controller processor. The monitor application is configured to provision one or more read-only areas of the storage device, provision a candidate copy area of the storage device, reduce a maximum capacity available for user data on the storage device by a size of the read-only areas and the candidate copy area, and secure access to the read-only areas of the storage device.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to de determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

Abstract: A system for securing electronic devices includes a storage device including a storage device controller processor, at least one non-transitory machine readable storage medium in firmware of the storage device communicatively coupled to the storage device controller processor, and a monitor application comprising computer-executable instructions on the medium. The instructions are readable by the storage device controller processor. The monitor application is configured to provision one or more read-only areas of the storage device, provision a candidate copy area of the storage device, reduce a maximum capacity available for user data on the storage device by a size of the read-only areas and the candidate copy area, and secure access to the read-only areas of the storage device.

Abstract: Systems, apparatuses and methods may provide for technology that digitally signs a hash table and a data payload, wherein the data payload is partitioned into a plurality of storage blocks and the hash table specifies how to index into and individually authenticate the plurality of storage blocks. Additionally, a write of the digitally signed hash table and data payload may be initiated to an aggregate storage array. In one example, the aggregate storage array authenticates the digital signature of the hash table and the data payload and conducts a write of the data payload to a plurality of drives in the aggregate storage array in accordance with the hash table.

Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

Abstract: Provided are an apparatus, system, and method authenticating a system to access diagnostic interface in a storage device. The storage device includes a computer readable storage medium implemented to store data and a controller. The controller receives a request from the computer system to initiate a cryptographic nonce to access diagnostic interface in the storage device. The controller generates a nonce and returns to the computer system. Upon receiving an unlock request from the computer system to access the diagnostic interface including a signed nonce comprising at least the nonce encrypted with a private key by the authorized unlock system, the controller uses a public key that is a cryptographic pair with the private key to decrypt the signed nonce to determine whether to grant the computer system access to the diagnostic interface in the storage device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a secured storage communicatively coupled to the client. The system further includes a client application including computer-executable instructions on the medium. The instructions are readable by the processor. The application is configured to manage a trusted image of software of a client in a secured storage and, upon a signal indicating malware on the client, restore the trusted image to the client independent of an operating system and user processes of the client.

Abstract: A system for securing electronic devices includes a storage device including a storage device controller processor, at least one non-transitory machine readable storage medium in firmware of the storage device communicatively coupled to the storage device controller processor, and a monitor application comprising computer-executable instructions on the medium. The instructions are readable by the storage device controller processor. The monitor application is configured to provision one or more read-only areas of the storage device, provision a candidate copy area of the storage device, reduce a maximum capacity available for user data on the storage device by a size of the read-only areas and the candidate copy area, and secure access to the read-only areas of the storage device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

Abstract: A disclosed example involves managing power states, signing a suspend-to-RAM (STR) data structure by: generating a header key, a scatter/gather table key and a dynamic random access memory (DRAM) key using a root key generated by the secure processor. Generating a header signature using the header key, the header signature based on a table header and a random or pseudo-random value. Generating a scatter/gather table signature using the scatter/gather table key, the scatter/gather table signature based on a scatter/gather table header and a random or pseudo-random value. Generating a DRAM signature using the DRAM key and a value from a region of DRAM. Storing the header signature, the scatter/gather table signature and the DRAM signature in the STR data structure. Resume the processor system from the low-power mode when the data structure is valid based on a comparison of a first signature and a second signature.

Abstract: In accordance with some embodiments, fuse information may be written into a fuse array in a way that provides sufficient redundancy, making it harder for malicious parties to attack the fuse array.