Abstract: A method comprises establishing, in a trusted security manager of a trusted execution environment, a device update pre-authentication policy for a device communicatively coupled to the trusted execution manager, providing the device update pre-authentication policy to the device, receiving, from the device, a pre-authentication event signal, and providing, to the device, a pre-authentication event response comprising an update indicator to indicate to the device whether a runtime update may be performed.

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Apparatuses, methods, and computer-readable media are provided for operating a port manager to detect a first link condition or a second link condition of a circuitry. Under the first link condition, a first link between a downstream port of the circuitry and an upstream port of a switch is compatible to a first protocol, and a second link between a downstream port of the switch and an upstream port of a device is compatible to the second protocol. Under the second link condition, the first link exists and is compatible to the first protocol, while there is no second link being compatible to the second protocol. The port manager is to operate the downstream port of the circuitry according to the second protocol on detection of the first link condition, or according to the first protocol on detection of the second link condition. Other embodiments may be described and/or claimed.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express - PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.

Abstract: Examples disclosed herein include are computing device hardware components, computing devices, systems, machine-readable mediums, and interconnect protocols that provide for code object measurement of a peripheral device and a method for accessing the measurements to verify integrity across a computing interconnect (e.g., Peripheral Component Interconnect Express—PCIe). For example, a cryptographic processor of a PCIe endpoint (such as a peripheral) may take a measurement (e.g., computing a hash value) of a code object on the device prior to executing the code object. This measurement may be placed in a register that is accessible to another component, such as a host operating system across a PCIe bus for interrogation. The host operating system may utilize an interconnect protocol, such as a PCIe protocol to access the measurement. These measurements may be consumed by a Trusted Platform Manager or other components of a host system that may verify the measurements.

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.

Abstract: Apparatuses, methods, and computer-readable media are provided for operating a port manager to detect a first link condition or a second link condition of a circuitry. Under the first link condition, a first link between a downstream port of the circuitry and an upstream port of a switch is compatible to a first protocol, and a second link between a downstream port of the switch and an upstream port of a device is compatible to the second protocol. Under the second link condition, the first link exists and is compatible to the first protocol, while there is no second link being compatible to the second protocol. The port manager is to operate the downstream port of the circuitry according to the second protocol on detection of the first link condition, or according to the first protocol on detection of the second link condition. Other embodiments may be described and/or claimed.

Abstract: Various embodiments provide apparatuses, systems, and methods for establishing, by a data object exchange (DOE entity) of a peripheral component interconnect express (PCIe) device, a first session for communication between a first host entity of a host device and a first PCIe entity of the PCIe device, and a second session for communication between a second host entity of the host device and a second PCIe entity of the PCIe device. The first session may have a first security policy and be a session of a first connection between the PCIe device and the host device. The second session may have a second security policy and be a session of a second connection between the PCIe device and the host device. Other embodiments may be described and claimed.

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

Abstract: Technologies for secure native code invocation include a computing device having an operating system and a firmware environment. The operating system executes a firmware method in an operating system context using a virtual machine. In response to invoking the firmware method, the operating system invokes a callback to a bridge driver in the operating system context. In response to the callback, the bridge driver invokes a firmware runtime service in the operating system context. The firmware environment executes a native code handler in the operating system context in response to invoking the firmware runtime service. The native code handler may be executed in a de-privileged container. The firmware method may process results data stored in a firmware mailbox by the native code handler, which may include accessing a hardware resource using a firmware operation region.

Abstract: Apparatuses, methods, and computer-readable media are provided for operating a port manager to detect a first link condition or a second link condition of a circuitry. Under the first link condition, a first link between a downstream port of the circuitry and an upstream port of a switch is compatible to a first protocol, and a second link between a downstream port of the switch and an upstream port of a device is compatible to the second protocol. Under the second link condition, the first link exists and is compatible to the first protocol, while there is no second link being compatible to the second protocol. The port manager is to operate the downstream port of the circuitry according to the second protocol on detection of the first link condition, or according to the first protocol on detection of the second link condition. Other embodiments may be described and/or claimed.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.

Abstract: Systems, apparatuses and methods may provide for technology that detects a misalignment condition, wherein the misalignment condition includes a memory map being misaligned with a granularity of a register, automatically appends a protected range to the memory map, wherein the protected range eliminates the misalignment condition, and defines an operational characteristic of the memory map via the register. In one example, the protected range is a non-existent memory (NXM) range appended via a source address decoder (SAD) rule, the register is a memory type range register (MTRR), and the operational characteristic is a cache characteristic.

Abstract: In one embodiment, an apparatus includes: a transaction layer circuit to output transaction layer information; and a link layer circuit coupled to the transaction layer circuit, the link layer circuit to receive and process the transaction layer information and to output link layer information to a physical circuit. The link layer circuit may include a first selection circuit to receive and direct cache memory protocol traffic to a selected one of a first logical port and a second logical port. Other embodiments are described and claimed.

Abstract: Apparatus and method for scalable error reporting. For example, one embodiment of an apparatus comprises error detection circuitry to detect an error in a component of a first tile within a tile-based hierarchy of a processing device; error classification circuitry to classify the error and record first error data based on the classification; a first tile interface to combine the first error data with second error data received from one or more other components associated with the first tile to generate first accumulated error data; and a master tile interface to combine the first accumulated error data with second accumulated error data received from at least one other tile interface to generate second accumulated error data and to provide the second accumulated error data to a host executing an application to process the second accumulated error data.