Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated order identifier and a deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed.

Abstract: In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed.

Abstract: In one embodiment, a processor has at least one core to execute instructions, a security engine coupled to the at least one core, a first storage to store a first immutable key associated with a vendor of the processor, and a second storage to store a second immutable key associated with an original equipment manufacturer (OEM) of the system. A first portion of firmware is to be verified based at least in part on the first immutable key and a second portion of firmware is to be verified based at least in part on the second immutable key, the first portion of firmware associated with the vendor and the second portion of firmware associated with the OEM. Other embodiments are described and claimed.

Abstract: In one embodiment, a system includes: a first root space associated with a first root space identifier and including at least one first host processor and a first agent, the at least one first host processor and the first agent associated with the first root space identifier; a second root space associated with a second root space identifier and including at least one second host processor and a second agent, the at least one second host processor and the second agent associated with the second root space identifier; and a shared fabric to couple the first root space and the second root space, the shared fabric to route a transaction to the first root space or the second root space based at least in part on a root space field of the transaction. Other embodiments are described and claimed.

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: A separable Transport Layer is described in the context of cache coherent multiple component micro-electronic systems. In one example, a packet is received from a source component, the packet containing a Protocol Layer. A Transport Layer is attached to the packet and the packet is sent across a component communications interface to a second component, the packet containing the Transport Layer and the Protocol Layer.

Abstract: In one embodiment, a processor has at least one core to execute instructions, a security engine coupled to the at least one core, a first storage to store a first immutable key associated with a vendor of the processor, and a second storage to store a second immutable key associated with an original equipment manufacturer (OEM) of the system. A first portion of firmware is to be verified based at least in part on the first immutable key and a second portion of firmware is to be verified based at least in part on the second immutable key, the first portion of firmware associated with the vendor and the second portion of firmware associated with the OEM. Other embodiments are described and claimed.

Abstract: A separable Transport Layer is described in the context of cache coherent multiple component micro-electronic systems. In one example, a packet is received from a source component, the packet containing a Protocol Layer. A Transport Layer is attached to the packet and the packet is sent across a component communications interface to a second component, the packet containing the Transport Layer and the Protocol Layer.

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: A series of touch panel key entries may be secured by shuffling touch entry coordinates. In one embodiment, the entries may be secured by applying a shuffling algorithm that replaces the true coordinates with other incorrect coordinates. Then the correct data may be reassembled in a secure environment.

Abstract: In one embodiment, the present invention includes a cache memory including cache lines that each have a tag field including a state portion to store a cache coherency state of data stored in the line and a weight portion to store a weight corresponding to a relative importance of the data. In various implementations, the weight can be based on the cache coherency state and a recency of usage of the data. Other embodiments are described and claimed.

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.