Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.

Abstract: While connected to cloud storage, a computing device writes data and metadata to the cloud storage, indicates success of the write to an application of the computing device, and, after indicating success to the application, writes the data and metadata to local storage of the computing device. The data and metadata may be written to different areas of the local storage. The computing device may also determine that it has recovered from a crash or has connected to the cloud storage after operating disconnected and reconcile the local storage with the cloud storage. The reconciliation may be based at least on a comparison of the metadata stored in the area of the local storage with metadata received from the cloud storage. The cloud storage may store each item of data contiguously with its metadata as an expanded block.

Abstract: A technology is directed to embedded device updates. In one example of the technology, a partition of a memory is atomically updated. The partition includes partition tables including a primary partition table and a back-up partition table. The partition tables include entries for the images included in the partition, and information associated with the images included in the partition. Atomically updating the partition of the memory includes writing an updated version to the partition. The written updated version is verified. An updated partition table is written to the back-up partition table. The updated partition table is written to the primary partition table. If it is determined that a power, or other, fault occurred while the primary partition table was being written, the primary partition table is overwritten with the back-up partition table.

Abstract: The disclosed technology is generally directed to IoT device update failure recovery. In one example of the technology, after writing an updated release to memory, a determination is made whether the updated release is valid. The updated release includes a plurality of image binaries. If the updated release is determined to be valid, the updated release is made the current release. A determination is made as to whether the current release is stable. Upon determining that the current release is unstable, an auto-rollback is performed. Performing the auto-rollback includes, via at least one processor, automatically: obtaining an uncompressed backup of a previous release; making the uncompressed backup of the previous release the current release; and executing the uncompressed backup.

Abstract: The disclosed technology is generally directed to protection against unauthorized code. In one example of the technology, a read request to a restricted region of memory is detected. The read request is associated with a first processor. In response to detecting the read request to the restricted region of memory, a data value that causes an exception in response to execution by the first processor is provided.

Abstract: In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent execution environment and a second independent execution environment. The first independent execution environment is a most trusted execution environment on the integrated circuit. Via the second independent execution environment: a second watchdog timer is periodically caused to reset on a periodic basis. In response to the second watchdog timer timing out, an interrupt is communicated from the second watchdog timer to the first independent execution environment. In response to the first watchdog timer timing out, at least a portion of the integrated circuit is reset.

Abstract: The disclosed technology is generally directed to updating of applications, firmware and/or other software on IoT devices. In one example of the technology, a request that is associated with a requested update is communicated from a normal world of a first application processor to a secure world of the first application processor. The secure world validates the requested update. Instructions associated with the validated update are communicated from the secure world to the normal world. Image requests are sent from the normal world to a cloud service for image binaries associated with the validated update. The secure world receives the requested image binaries from the cloud service. The secure world writes the received image binaries to memory, and validates the written image binaries.

Abstract: Erasure code for data is generated by: calculating the size and bytes of an erasure code block, calculating a number of stripes for the erasure code, and generating each stripe of each block for the erasure code, such that the stripes alternate in a pattern for each block, and saving hashes. A portion of the data is repaired by: for each block of the portion of the data, calculating the stripe of the block, identifying each hash for which the hash of the block of the portion of data does not match the saved hash of the block as a bad block, and for each identified bad block, generating a repair block for the bad block based on the stripe of the block and corresponding block of the data in the erasure coding for the data.

Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.

Abstract: The disclosed technology is generally directed to data security. In one example of the technology, data is stored in a memory. The memory includes a plurality of memory banks including a first memory bank and a second memory bank. At least a portion of the data is interleaved amongst at least two of the plurality of memory banks. Access is caused to be prevented to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring. Also, access is caused to be prevented to the at least one of the plurality of memory banks starting with initial boot until a verification by a security complex is successful. The verification by the security complex includes the security complex verifying a signature.

Abstract: The disclosed technology is generally directed to integrated circuit technology with defense-in-depth. In one example of the technology, an integrated circuit includes a set of independent execution environments including at least two independent execution environments. At least two of the independent execution environments are general purpose cores with differing capabilities. The independent execution environments in the set of independent execution environments are configured to have a defense-in-depth hierarchy.

Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.

Abstract: The disclosed technology is generally directed to firewalls. In one example of the technology, a first firewall is used such that communication is blocked from a first subsystem of a device upon boot of the device. The first firewall is enabled to be configured by secure code subsequent to boot such that code that is not secure code is prevented from configuring the first firewall. After configuration of the first firewall, based on the configuration, the first firewall is used to selectively allow the first subsystem access to the first memory based on ranges of addresses of the first memory configured as accessible to the first subsystem.

Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.

Abstract: The disclosed technology is generally directed to updating of applications, firmware and/or other software on IoT devices. In one example of the technology, a request that is associated with a requested update is communicated from a normal world of a first application processor to a secure world of the first application processor. The secure world validates the requested update. Instructions associated with the validated update are communicated from the secure world to the normal world. Image requests are sent from the normal world to a cloud service for image binaries associated with the validated update. The secure world receives the requested image binaries from the cloud service. The secure world writes the received image binaries to memory, and validates the written image binaries.

Abstract: The disclosed technology is generally directed to peripheral access. In one example of the technology, stored configuration information is read. The stored configuration information is associated with mapping a plurality of independent execution environments to a plurality of peripherals such that the peripherals of the plurality of peripherals have corresponding independent execution environments of the plurality of independent execution environments. A configurable interrupt routing table is programmed based on the configuration information. An interrupt is received from a peripheral. The interrupt is routed to the corresponding independent execution environment based on the configurable interrupt routing table.

Abstract: In one example of the technology, via a first independent execution environment of a set of independent execution environments in an integrated circuit, a first watchdog timer is caused to reset on a periodic basis. The set of independent execution environments is configured to have a defense-in-depth hierarchy. The set of independent execution environments includes a first independent execution environment and a second independent execution environment. The first independent execution environment is a most trusted execution environment on the integrated circuit. Via the second independent execution environment: a second watchdog timer is periodically caused to reset on a periodic basis. In response to the second watchdog timer timing out, an interrupt is communicated from the second watchdog timer to the first independent execution environment. In response to the first watchdog timer timing out, at least a portion of the integrated circuit is reset.

Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, a partition of a memory is atomically updated. The partition includes partition tables including a primary partition table and a back-up partition table. The partition tables include entries for the images included in the partition, and information associated with the images included in the partition. Atomically updating the partition of the memory includes writing an updated version to the partition. The written updated version is verified. An updated partition table is written to the back-up partition table. The updated partition table is written to the primary partition table. If it is determined that a power, or other, fault occurred while the primary partition table was being written, the primary partition table is overwritten with the back-up partition table.

Abstract: The disclosed technology is generally directed to embedded device updates. In one example of the technology, staging is performed for at least two priority groups, completing staging of each higher priority group before staging a lower priority group, including, for each priority group, the following actions. A list of install targets is generated for the priority group based on a list of software for installation in a memory and software present in the memory. A list of purge targets is generated for the priority group based on the list of software for installation in the memory and the software present in the memory. The install targets are downloaded to a backup partition of the memory. Updating of the software in the memory is caused based on the install targets. The purge targets are deleted from the memory. The install targets are deleted from the back-up partition.

Abstract: Erasure code for data is generated by: calculating the size and bytes of an erasure code block, calculating a number of stripes for the erasure code, and generating each stripe of each block for the erasure code, such that the stripes alternate in a pattern for each block, and saving hashes. A portion of the data is repaired by: for each block of the portion of the data, calculating the stripe of the block, identifying each hash for which the hash of the block of the portion of data does not match the saved hash of the block as a bad block, and for each identified bad block, generating a repair block for the bad block based on the stripe of the block and corresponding block of the data in the erasure coding for the data.