Abstract: An apparatus for preventing physical intrusion on a data bus includes a data bus state sensor coupled to the data bus for monitoring a state of the data bus, a power circuit for generating multiple voltages supplied to functional circuitry in the apparatus, and a variable override circuit. The variable override circuit receives one or more voltages from the power circuit and selectively gates the voltages onto the data bus as a function of one or more control signals. A controller coupled to the variable override circuit, the power circuit and the state sensor receives state information from the state sensor and generates the control signals in response to detection of physical intrusion on the data bus. The controller controls a voltage level of at least one of the voltages generated by the power circuit for overriding the data bus when physical intrusion is detected on the data bus.

Abstract: An apparatus for preventing unauthorized software or firmware upgrades between two or more computing devices connected on a data bus includes a cryptographic engine, memory, and at least one processor coupled with the cryptographic engine and memory. The cryptographic engine stores cryptographic metadata for authorized upgrade images for updating at least one target computing device coupled to the data bus. The cryptographic metadata includes a manifest list of upgrade images. The processor is configured to monitor the data bus for transmissions of striped update hashes from a maintenance device, to receive signed striped hashes corresponding to an upgrade image file transmitted by the maintenance device, to validate the striped update hashes using information in the manifest list, to log that an unauthorized upload has been attempted when at least one of the striped update hashes fails validation, and to perform a mitigation action(s) in response to the attempted unauthorized upload.

Abstract: An apparatus for preventing physical intrusion on a data bus includes a data bus state sensor coupled to the data bus for monitoring a state of the data bus, a power circuit for generating multiple voltages supplied to functional circuitry in the apparatus, and a variable override circuit. The variable override circuit receives one or more voltages from the power circuit and selectively gates the voltages onto the data bus as a function of one or more control signals. A controller coupled to the variable override circuit, the power circuit and the state sensor receives state information from the state sensor and generates the control signals in response to detection of physical intrusion on the data bus. The controller controls a voltage level of at least one of the voltages generated by the power circuit for overriding the data bus when physical intrusion is detected on the data bus.

Abstract: An apparatus for preventing unauthorized software or firmware upgrades between two or more computing devices connected on a data bus includes a cryptographic engine, memory, and at least one processor coupled with the cryptographic engine and memory. The cryptographic engine stores cryptographic metadata for authorized upgrade images for updating at least one target computing device coupled to the data bus. The cryptographic metadata includes a manifest list of upgrade images. The processor is configured to monitor the data bus for transmissions of striped update hashes from a maintenance device, to receive signed striped hashes corresponding to an upgrade image file transmitted by the maintenance device, to validate the striped update hashes using information in the manifest list, to log that an unauthorized upload has been attempted when at least one of the striped update hashes fails validation, and to perform a mitigation action(s) in response to the attempted unauthorized upload.