Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting. The method is provided to including: loading and executing a firmware in a Management Engine (ME) of a system; establishing, by the ME, a communication channel to a security device; receiving, by the ME, an encrypted boot image from the security device; decrypting, by the ME, the encrypted boot image; storing, by the ME, the decrypted boot image in a secured storage medium; and resetting the system using the decrypted boot image in the secured storage medium.

Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting running on a security device. The method is provided to include: receiving a public key from a security device; validating the security device by comparing the received public key with a hash code; in response that the security device is validated, receiving custom codes from the security device and storing the custom codes in a microprocessor, wherein the microprocessor is located in a programmable memory of a primary processor; programming the programmable memory by executing the custom codes; and executing a boot sequence of the primary processor by the programmable memory.

Abstract: The concepts, systems and methods described herein are directed towards a security system. The system is provided to include a Hardware Root of Trust (HRoT) device comprising a processor and memory that is configured for connection and authentication to first and second host devices which are configured to communicate via a first communication channel having a first security level and a second communication channel having a second security level which is more secure than the first security level. The HRoT device is configured to: connect the first and second host devices via the second communication channel; and monitor the security of the first and second host devices over the second communication channel.

Abstract: The concepts, systems and methods described herein are directed towards a method running on a security device. The method is provided to including: executing a first secure boot code from a first memory by one of a plurality of cores of a processor, wherein the plurality of cores runs in a secure world; executing a first-stage boot loader (FSBL) from a second memory; executing a security monitoring application to validate the security device; in response to the security device being validated, switching some of the plurality of cores from the secure world to a normal world, wherein at least one of the plurality of cores remains in the secure world to communicate with the security monitoring application; executing a second-stage boot loader (SSBL); and monitoring, via the security monitoring application, status of the security device and communications between the security device and at least one external system.

Abstract: The concepts, systems and methods described herein are directed towards a security system. The system is provided to include a Hardware Root of Trust (HRoT) device comprising a processor and memory that is configured for connection and authentication to first and second host devices which are configured to communicate via a first communication channel having a first security level and a second communication channel having a second security level which is more secure than the first security level. The HRoT device is configured to: connect the first and second host devices via the second communication channel; and monitor the security of the first and second host devices over the second communication channel.

Abstract: The concepts, systems and methods described herein are directed towards a method running on a security device. The method is provided to including: executing a first secure boot code from a first memory by one of a plurality of cores of a processor, wherein the plurality of cores runs in a secure world; executing a first-stage boot loader (FSBL) from a second memory; executing a security monitoring application to validate the security device; in response to the security device being validated, switching some of the plurality of cores from the secure world to a normal world, wherein at least one of the plurality of cores remains in the secure world to communicate with the security monitoring application; executing a second-stage boot loader (SSBL); and monitoring, via the security monitoring application, status of the security device and communications between the security device and at least one external system.

Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting. The method is provided to including: loading and executing a firmware in a Management Engine (ME) of a system; establishing, by the ME, a communication channel to a security device; receiving, by the ME, an encrypted boot image from the security device; decrypting, by the ME, the encrypted boot image; storing, by the ME, the decrypted boot image in a secured storage medium; and resetting the system using the decrypted boot image in the secured storage medium.

Abstract: The concepts, systems and methods described herein are directed towards a method for secure booting running on a security device. The method is provided to include: receiving a public key from a security device; validating the security device by comparing the received public key with a hash code; in response that the security device is validated, receiving custom codes from the security device and storing the custom codes in a microprocessor, wherein the microprocessor is located in a programmable memory of a primary processor; programming the programmable memory by executing the custom codes; and executing a boot sequence of the primary processor by the programmable memory.

Abstract: This disclosure provides for implementing a firmware security interface within a field-programmable gate array (FPGA) for communicating between secure and non-secure environments executable within the FPGA. A security monitor is implemented within the programmable logic of the FPGA as a soft core processor and the firmware security interface modifies one or more functions of the security monitor. The modifications to the security monitor include establishing a timer “heartbeat” within the FPGA to ensure that the FPGA invokes a secure environment and raising an alarm should the FPGA fail to invoke such environment.

Abstract: This disclosure provides for implementing a firmware security interface within a field-programmable gate array (FPGA) for communicating between secure and non-secure environments executable within the FPGA. A security monitor is implemented within the programmable logic of the FPGA as a soft core processor and the firmware security interface modifies one or more functions of the security monitor. The modifications to the security monitor include establishing a timer “heartbeat” within the FPGA to ensure that the FPGA invokes a secure environment and raising an alarm should the FPGA fail to invoke such environment.