Abstract: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.

Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: Service processors within a system are self-clustered. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.

Abstract: In one embodiment a method is disclosed for accepting and enforcing user selectable privacy settings for context awareness including location awareness data on a computing platform. The method may identify a requestor, assign a privacy setting to the requester then detect a request for location information from the requestor. The method may transmit location information to the requester based on the user selected privacy setting. The user selected privacy setting may have a granularity assigned to each requestor based on a privacy preference and the method may entirely block the location information from being disclosed or the method may modify the granularity/accuracy of the location information based on the privacy setting to report context of an appropriate level of granularity according to the privacy setting configured by the user. Other embodiments are also disclosed.

Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.

Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.

Abstract: Service processors within a system are self-clustered. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.

Abstract: The self-clustering of service processors within a system is disclosed. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: The self-clustering of entities within a system is disclosed. The system can also include a host. Each entity self-discovers all the other entities, such that the entities are aggregated as a cluster. The host communicates with the cluster of entities, where the entities are self-clustered or otherwise, such as through a memory shared by all the entities. The host therefore need not be aware which of the entities performs a given function.