Abstract: A system including a serialized secondary bus architecture. The system may include an LPC bus, an I/O controller, a serialized secondary bus, and at least one slave device. The LPC bus may be connected to the I/O controller, and the at least one slave device may be connected to the I/O controller via the serialized secondary bus. The serialized secondary bus has a reduced pin count relative to the LPC bus. The I/O controller may receive bus transactions from the LPC bus. The I/O controller may translate and forward LPC bus transactions to the at least one device over the secondary bus. The I/O controller may include a processing unit. The processing unit may initiate bus transactions intended for the at least one slave device. The I/O controller may also include a bus arbitration unit. The bus arbitration unit may arbitrate ownership of the secondary bus between the processing unit and the LPC bus.

Abstract: Techniques for using structured virtual registers in embedded systems are described. A virtual register structure definition provides a map of virtual registers within an embedded controller. The virtual registers are externally accessible and correspond to memory locations within the embedded controller. In various embodiments, an embedded controller and/or an external entity may store data in or read data from the virtual registers using the virtual register structure definition. The problems of manual tracking of virtual register addresses and manual transcription of virtual register addresses to program code are ameliorated. When the virtual register map changes, logical references in program code to particular virtual registers need not necessarily be changed.

Abstract: System and method for authenticating data or program code via a configurable signature. Configuration information is retrieved from a protected first memory, e.g., an on-chip register, where the configuration information specifies a plurality of non-contiguous memory locations that store the signature, e.g., in an on-chip memory trailer. The signature is retrieved from the plurality of non-contiguous memory locations based on the configuration information, where the signature is useable to verify security for a system. The signature corresponds to specified data and/or program code stored in a second memory, e.g., in off-chip ROM. The specified data and/or program code may be copied from the second memory to a third memory, and a signature for the specified data and/or program code calculated based on the configuration information. The calculated signature may be compared with the retrieved signature to verify the specified data and/or program code.

Abstract: System and method for implementing one time programmable (OTP) memory using embedded flash memory. A system-on-chip (SoC) includes a cleared flash memory array that includes an OTP block, including an OTP write inhibit field that is initially deasserted, a flash memory controller, and a controller. Data are written to the OTP block, including setting the OTP write inhibit field to signify prohibition of subsequent writes to the OTP block. The SoC is power cycled, and, in response, at least a portion of the OTP block is latched in a volatile memory, including asserting an OTP write inhibit bit based on the OTP write inhibit field, after which the OTP block is not writeable. In response to each subsequent power cycling, the controller is held in reset, the latching is performed, the controller is released from reset, and the flash array, now write protected, is configured to be controlled by the controller.

Abstract: Temperature readings obtained within a computer system from the location of monitored circuit elements may be oversampled at least three times, and a median average of the three parameter readings rather than the arithmetic mean may be used for controlling a device, e.g. a fan, configured to regulate the environmental parameter, e.g. temperature, a the location of the monitored circuit elements. For example, when a CPU temperature reading is requested by the system comprising the CPU, a thermal monitoring system may acquire at least three consecutive temperature readings of the CPU, discard the highest temperature reading and the lowest temperature reading, and return the median reading to be used in controlling a fan configured to regulate temperature at the location of the CPU, resulting in more accurate temperature readings and more accurate fan control.

Abstract: An embedded controller capable of providing direct memory access (DMA) to memory for a host. The controller may include a processor, a memory medium, and an interface coupled to the memory medium. The interface may be configured to couple to a host and receive a DMA request. The DMA request may include a request to read data from a memory location in the memory medium or a request to write data to a memory location in the memory medium. The DMA request may include a relative memory address. The interface may be configured to translate the relative memory address into a first address of the memory medium. Accordingly, the interface may perform operations according to the DMA request using the first address of the memory medium. The processor may be configured to operate according to data stored in the memory medium.

Abstract: In-band event polling mechanism. A master device may initiate a polling transaction to poll at least a subset of a plurality of slave devices for event information. In response to the polling transaction, at least one of the subset of slave devices may transmit event information to the master device. The event information may correspond to at least one of a plurality of asynchronous event types. If the event type associated with the received event information is an event notification for an embedded processor of the master device, the master device may forward the event information to the embedded processor. Otherwise, if the event type associated with the received event information is an event notification for a device external to the master device (e.g., a host processor), the master device may translate the event information to a protocol associated with the event type and forward the event information to the external device.

Abstract: System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

Abstract: System and method for protecting data in a system including a main processor, an embedded controller, and a memory. In response to a power-on-reset (POR), access to the memory is enabled, e.g., access by the embedded controller. First data is read from the memory (e.g., by the embedded controller) in response to the enabling, where the first data are usable to perform security operations for the system prior to boot-up of the main processor. The first data are used, e.g., by the embedded controller, to perform one or more security operations for the system, then access to the memory, e.g., by the embedded controller, is disabled, where after the disabling the memory is not accessible, e.g., until the next POR initiates enablement.

Abstract: Return path clocking mechanism for a system including a master device connected to a plurality of slave devices via a bus. The master device may first generate a global clock. The master device may transmit data to one or more of the slave devices at a rate of one bit per clock cycle. One or more of the slave devices may transmit data to the master device at a rate of one bit per two consecutive clock cycles. The master device may sample the transmitted data on the second cycle of each two consecutive clock cycle period. Alternatively, the slave devices may transmit data to the master device at a rate of one bit per N consecutive clock cycles, where N?2, and the master device may sample the transmitted data on the Nth cycle of each N consecutive clock cycle period.

Abstract: Techniques for using structured virtual registers in embedded systems are described. A virtual register structure definition provides a map of virtual registers within an embedded controller. The virtual registers are externally accessible and correspond to memory locations within the embedded controller. In various embodiments, an embedded controller and/or an external entity may store data in or read data from the virtual registers using the virtual register structure definition. The problems of manual tracking of virtual register addresses and manual transcription of virtual register addresses to program code are ameliorated. When the virtual register map changes, logical references in program code to particular virtual registers need not necessarily be changed.

Abstract: A power state broadcast mechanism. A master device may broadcast a message through the use of a protocol to each of one or more slave devices to inform the slave devices of the power state of a computer system. The broadcast message may include a protocol header indicating the start of the broadcast transaction, a function type parameter indicating the type of broadcast transaction, and power state data indicating the power state of the computer system. Each of the slave devices may read the protocol header to detect the start of a broadcast transaction, and the function type parameter to determine the type of broadcast transaction. If the function type parameter indicates a power state broadcast transaction, each of the slave devices may read the power state data included in the broadcast message and determine whether to adjust the current power state of the slave device.

Abstract: An embedded controller capable of providing direct memory access (DMA) to memory for a host. The controller may include a processor, a memory medium, and an interface coupled to the memory medium. The interface may be configured to couple to a host and receive a DMA request. The DMA request may include a request to read data from a memory location in the memory medium or a request to write data to a memory location in the memory medium. The DMA request may include a relative memory address. The interface may be configured to translate the relative memory address into a first address of the memory medium. Accordingly, the interface may perform operations according to the DMA request using the first address of the memory medium. The processor may be configured to operate according to data stored in the memory medium.

Abstract: System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

Abstract: An address assignment mechanism. A computer system may include one or more types of slave devices. Each slave device includes an internal device ID. Slave devices of the same type include the same internal device ID. The master device may broadcast a message through the use of a protocol to each of the slave devices to initiate an address assignment operation. Each of the slave devices determines whether the broadcast device ID included in the broadcast message matches the internal device ID associated with the slave device. If the broadcast device ID matches the internal device ID, the linear bus address included in the broadcast message is assigned to the slave device. The bit size of the linear bus address may be smaller than that of the broadcast device ID. After the address assignment operation, the master device may communicate with the slave device using the assigned linear bus address rather than the device ID.

Abstract: System and method for implementing one time programmable (OTP) memory using embedded flash memory. A system-on-chip (SoC) includes a cleared flash memory array that includes an OTP block, including an OTP write inhibit field that is initially deasserted, a flash memory controller, and a controller. Data are written to the OTP block, including setting the OTP write inhibit field to signify prohibition of subsequent writes to the OTP block. The SoC is power cycled, and, in response, at least a portion of the OTP block is latched in a volatile memory, including asserting an OTP write inhibit bit based on the OTP write inhibit field, after which the OTP block is not writeable. In response to each subsequent power cycling, the controller is held in reset, the latching is performed, the controller is released from reset, and the flash array, now write protected, is configured to be controlled by the controller.

Abstract: System and method for protecting data in a system including a main processor, an embedded controller, and a memory. In response to a power-on-reset (POR), access to the memory is enabled, e.g., access by the embedded controller. First data is read from the memory (e.g., by the embedded controller) in response to the enabling, where the first data are usable to perform security operations for the system prior to boot-up of the main processor. The first data are used, e.g., by the embedded controller, to perform one or more security operations for the system, then access to the memory, e.g., by the embedded controller, is disabled, where after the disabling the memory is not accessible, e.g., until the next POR initiates enablement.

Abstract: System and method for authenticating data or program code via a configurable signature. Configuration information is retrieved from a protected first memory, e.g., an on-chip register, where the configuration information specifies a plurality of non-contiguous memory locations that store the signature, e.g., in an on-chip memory trailer. The signature is retrieved from the plurality of non-contiguous memory locations based on the configuration information, where the signature is useable to verify security for a system. The signature corresponds to specified data and/or program code stored in a second memory, e.g., in off-chip ROM. The specified data and/or program code may be copied from the second memory to a third memory, and a signature for the specified data and/or program code calculated based on the configuration information. The calculated signature may be compared with the retrieved signature to verify the specified data and/or program code.

Abstract: Temperature readings obtained within a computer system from the location of monitored circuit elements may be oversampled at least three times, and a median average of the three parameter readings rather than the arithmetic mean may be used for controlling a device, e.g. a fan, configured to regulate the environmental parameter, e.g. temperature, a the location of the monitored circuit elements. For example, when a CPU temperature reading is requested by the system comprising the CPU, a thermal monitoring system may acquire at least three consecutive temperature readings of the CPU, discard the highest temperature reading and the lowest temperature reading, and return the median reading to be used in controlling a fan configured to regulate temperature at the location of the CPU, resulting in more accurate temperature readings and more accurate fan control.

Abstract: A method for implementing a counter in memory, e.g., non-volatile memory such as flash memory. A first number of first binary values indicating a first portion of a current number of the counter in a binary field may be stored in a portion of memory. Storing the first number may also include increasing the number of first binary values in the binary field. Additionally, a second number indicating a second portion of the current number of the counter may be stored in another portion of memory. The second number may specify the number of times the first binary values has comprised the entirety of the binary field. Thus, the first number and second number may specify the current number of the counter. Storing the first and second number may be performed a plurality of times to implement a counting function of the counter.