Abstract: Technologies disclosed herein provide an apparatus comprising a fuse controller coupled to an aggregator. The fuse controller includes a plurality of fuses for storing a unique identifier of a device and a first secured value of a first password associated with the unique identifier. The aggregator is to receive the unique identifier and the first secured value from the fuse controller, send the unique identifier to an unlock host, receive a second password from the unlock host, compute a second secured value of the second password using a security function, and unlock one or more privileged features on the device based on the first secured value corresponding to the second secured value. In a specific embodiment, the first secured value corresponds to the second secured value if the first password is equivalent to the second password.

Abstract: An integrated circuit includes a region of configurable logic circuits and a configuration controller circuit that generates a first health condition report indicating a first health condition of the region before configuring the configurable logic circuits according to a circuit design. The configuration controller circuit generates a second health condition report indicating a second health condition of the region after configuring the configurable logic circuits according to the circuit design.

Abstract: An integrated circuit includes a cryptographic engine that generates a cryptographic version of a password, a secure storage area, and a security controller circuit that stores an enable bit and at least a portion of the cryptographic version of the password in the secure storage area to enable a security feature. The security controller circuit enables provisioning of the integrated circuit in response to receiving the password from a user if the enable bit stored in the secure storage area indicates that the security feature is enabled.

Abstract: Technologies disclosed herein provide an apparatus comprising a fuse controller coupled to an aggregator. The fuse controller includes a plurality of fuses for storing a unique identifier of a device and a first secured value of a first password associated with the unique identifier. The aggregator is to receive the unique identifier and the first secured value from the fuse controller, send the unique identifier to an unlock host, receive a second password from the unlock host, compute a second secured value of the second password using a security function, and unlock one or more privileged features on the device based on the first secured value corresponding to the second secured value. In a specific embodiment, the first secured value corresponds to the second secured value if the first password is equivalent to the second password.

Abstract: A processor, including: a core; system test circuitry, the system test circuitry to be locked during operational processor operation; reset circuitry including a kick-off test (KOT) input, the reset circuitry to detect a reset with the KOT input asserted, and to initiate an in-field system test (IFST) mode; a test interface controller to receive in IFST mode an encrypted test packet having a signature, verify the signature of the test packet, and decrypt the test packet; and IFST control circuitry to cause the system test circuitry to perform an IFST test according to the decrypted test packet and to log or report results.

Abstract: Technologies disclosed herein provide an apparatus comprising a fuse controller coupled to an aggregator. The fuse controller includes a plurality of fuses for storing a unique identifier of a device and a first secured value of a first password associated with the unique identifier. The aggregator is to receive the unique identifier and the first secured value from the fuse controller, send the unique identifier to an unlock host, receive a second password from the unlock host, compute a second secured value of the second password using a security function, and unlock one or more privileged features on the device based on the first secured value corresponding to the second secured value. In a specific embodiment, the first secured value corresponds to the second secured value if the first password is equivalent to the second password.

Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.

Abstract: A processor, including: a core; system test circuitry, the system test circuitry configured to be locked except during an in-field system test (IFST) mode; IFST control circuitry; and a test interface controller, including: a data interface to receive a test packet; a parser to parse the test packet into a key, a signature, and a stored hash-of-hashes; a decryption circuit to decrypt the signature according to the key and to generate a computed hash-of-hashes; a hash circuit to verify the stored hash-of-hashes against the computed hash-of-hashes; and an IFST interface, wherein the test interface controller is to signal the IFST control circuitry to place the system test circuitry in IFST mode.

Abstract: A processor, including: a core; system test circuitry, the system test circuitry to be locked during operational processor operation; reset circuitry including a kick-off test (KOT) input, the reset circuitry to detect a reset with the KOT input asserted, and to initiate an in-field system test (IFST) mode; a test interface controller to receive in IFST mode an encrypted test packet having a signature, verify the signature of the test packet, and decrypt the test packet; and IFST control circuitry to cause the system test circuitry to perform an IFST test according to the decrypted test packet and to log or report results.

Abstract: A processor, including: a core; system test circuitry, the system test circuitry configured to be locked except during an in-field system test (IFST) mode; IFST control circuitry; and a test interface controller, including: a data interface to receive a test packet; a parser to parse the test packet into a key, a signature, and a stored hash-of-hashes; a decryption circuit to decrypt the signature according to the key and to generate a computed hash-of-hashes; a hash circuit to verify the stored hash-of-hashes against the computed hash-of-hashes; and an IFST interface, wherein the test interface controller is to signal the IFST control circuitry to place the system test circuitry in IFST mode.

Abstract: Technologies disclosed herein provide an apparatus comprising a fuse controller coupled to an aggregator. The fuse controller includes a plurality of fuses for storing a unique identifier of a device and a first secured value of a first password associated with the unique identifier. The aggregator is to receive the unique identifier and the first secured value from the fuse controller, send the unique identifier to an unlock host, receive a second password from the unlock host, compute a second secured value of the second password using a security function, and unlock one or more privileged features on the device based on the first secured value corresponding to the second secured value. In a specific embodiment, the first secured value corresponds to the second secured value if the first password is equivalent to the second password.

Abstract: Embodiments herein relate to a die to form a system-on-chip (SOC) with one or more other dies, with a policy arbitrator disposed on the die to manage security policies of the plurality of dies of the SOC, where the PA is to receive information about a security policy and a die type from a first of the one or more other dies, compare at least the received information about the security policy and the die type of the first other die with a security policy and a die type of the die, determine, based on the comparison, a common security policy for the plurality of dies of the SOC, and transmit the determined common security policy and the die type of the die to at least a second of the one or more other dies.

Abstract: Embodiments herein relate to a die to form a system-on-chip (SOC) with one or more other dies, with a policy arbitrator disposed on the die to manage security policies of the plurality of dies of the SOC, where the PA is to receive information about a security policy and a die type from a first of the one or more other dies, compare at least the received information about the security policy and the die type of the first other die with a security policy and a die type of the die, determine, based on the comparison, a common security policy for the plurality of dies of the SOC, and transmit the determined common security policy and the die type of the die to at least a second of the one or more other dies.

Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.

Abstract: A chassis platform, such as processor or a system-on-chip (SoC), includes logic to implement a debug chassis security system including a policy generator to control access from a test access port. The policy generator may distribute a debug policy to at least one logic block that locally enforces the debug policy. The debug policy may include a delayed authentication policy in which debug assets are distributed and the chassis platform is initially locked to prevent debug access via the test access port. An authenticated debug user may unlock the chassis platform at a later time to enable debugging operations. The debug policy may also include a live execution policy and an immediate debug policy.

Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

Abstract: A chassis platform, such as processor or a system-on-chip (SoC), includes logic to implement a debug chassis security system including a policy generator to control access from a test access port. The policy generator may distribute a debug policy to at least one logic block that locally enforces the debug policy. The debug policy may include a delayed authentication policy in which debug assets are distributed and the chassis platform is initially locked to prevent debug access via the test access port. An authenticated debug user may unlock the chassis platform at a later time to enable debugging operations. The debug policy may also include a live execution policy and an immediate debug policy.

Abstract: A chassis platform, such as processor or a system-on-chip (SoC), includes logic to implement a debug chassis security system including a policy generator to control access from a test access port. The policy generator may distribute a debug policy to at least one logic block that locally enforces the debug policy. The debug policy may include a delayed authentication policy in which debug assets are distributed and the chassis platform is initially locked to prevent debug access via the test access port. An authenticated debug user may unlock the chassis platform at a later time to enable debugging operations. The debug policy may also include a live execution policy and an immediate debug policy.

Abstract: A chassis platform, such as processor or a system-on-chip (SoC), includes logic to implement a debug chassis security system including a policy generator to control access from a test access port. The policy generator may distribute a debug policy to at least one logic block that locally enforces the debug policy. The debug policy may include a delayed authentication policy in which debug assets are distributed and the chassis platform is initially locked to prevent debug access via the test access port. An authenticated debug user may unlock the chassis platform at a later time to enable debugging operations. The debug policy may also include a live execution policy and an immediate debug policy.

Abstract: Described herein are an apparatus, system, and method for attribute identity control in a processor. The apparatus comprises a logic unit including a radio-frequency identification (RFID) tag comprising a non-volatile memory; and a processor operable to access the non-volatile memory, wherein the non-volatile memory for storing an attribute identity associated with a group of processors, the attribute identity being different from an identity of the processor.