Abstract: The subject disclosure is directed towards certifying cryptographic data for a crypto-processor outside of a controlled environment. The crypto-processor and a certifying entity maintain shared secret data for the purpose of verifying security of cryptographic key generation by the crypto-processor's firmware. In order to certify new cryptographic keys, the crypto-processor uses the shared secret data to verify the crypto-processor's firmware/hardware to the certifying entity. By protecting the shared secret data from exposure to compromised firmware, the shared secret data may be used to compute another secret conveying to the certifying entity whether the firmware can be trusted or not.

Abstract: The subject disclosure is directed towards certifying cryptographic data for a crypto-processor outside of a controlled environment. The crypto-processor and a certifying entity maintain shared secret data for the purpose of verifying security of cryptographic key generation by the crypto-processor's firmware. In order to certify new cryptographic keys, the crypto-processor uses the shared secret data to verify the crypto-processor's firmware/hardware to the certifying entity. By protecting the shared secret data from exposure to compromised firmware, the shared secret data may be used to compute another secret conveying to the certifying entity whether the firmware can be trusted or not.

Abstract: Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.

Abstract: Dynamic Root of Trust for Measurement (DRTM) mechanisms can be initiated, not by CPU-manufacturer-specific instructions, but by the execution of code in System Management Mode (SMM) that can modify the values stored in specific Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM). The SMM code can be verified prior to execution and it can be trusted based on the secure mechanisms used to update such code. The SMM code can restore a known, trusted state of the computing device and can initiate the measuring of subsequently executed code. In such a manner the Trusted Computing Base (TCB) can be limited.

Abstract: Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.

Abstract: A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret.

Abstract: Dynamic Root of Trust for Measurement (DRTM) mechanisms can be initiated, not by CPU-manufacturer-specific instructions, but by the execution of code in System Management Mode (SMM) that can modify the values stored in specific Platform Configuration Registers (PCRs) of a Trusted Platform Module (TPM). The SMM code can be verified prior to execution and it can be trusted based on the secure mechanisms used to update such code. The SMM code can restore a known, trusted state of the computing device and can initiate the measuring of subsequently executed code. In such a manner the Trusted Computing Base (TCB) can be limited.

Abstract: A computing system has a resource for providing resource services, where each resource service is accessed by way of a system address (SA). A device requests the resource services of the resource by way of requests, where each request includes a remote address (RA) corresponding to an SA of the resource. A centralized address translator (CAT) has a database of RA/SA translations for the resource and the device, where each RA/SA translation in the database corresponds to a respective RA and SA. The device has a remote address translator (RAT) with a cache for storing priority RA/SA translations as obtained from the CAT. Each priority RA/SA translation in the cache of the RAT includes a validity flag set to indicate whether the priority translation is valid based on whether the SA has changed at the CAT.

Abstract: A system for addressing bus components comprises a bus controller component that controls access between a CPU and a memory address space. A plurality of bus components connected to said bus controller over a bus are addressable via a memory mapped address within the address space. An address translation table is stored on at least one of the plurality of bus components. The bus translation table stores a translation between a virtual address and a real address.