Patents by Inventor Michael Neve de Mevergnies
Michael Neve de Mevergnies has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9235719Abstract: Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.Type: GrantFiled: September 29, 2011Date of Patent: January 12, 2016Assignee: Intel CorporationInventors: Michael Neve De Mevergnies, Knut S. Grimsrud, Sergiu D. Ghetie, Prasun Ratn, Shahrokh Shahidzadeh
-
Publication number: 20150331043Abstract: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.Type: ApplicationFiled: May 15, 2014Publication date: November 19, 2015Inventors: Manoj R. Sastry, Enrico D. Carrieri, Michael Neve de Mevergnies, Ioannis T. Schoinas, Michael J. Wiznerowicz
-
Patent number: 9092632Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: GrantFiled: March 15, 2013Date of Patent: July 28, 2015Assignee: Intel CorporationInventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20150058510Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.Type: ApplicationFiled: November 12, 2014Publication date: February 26, 2015Inventors: Gilbert Neiger, Rajesh M. Sankaran, Gideon Gerzon, Richard A. Uhlig, Sergiu D. Ghetie, Michael Neve de Mevergnies, Adil Karrar
-
Publication number: 20150033338Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.Type: ApplicationFiled: July 26, 2013Publication date: January 29, 2015Inventors: Michael Neve De Mevergnies, Manoj Sastry, Ioannis Schoinas
-
Patent number: 8910158Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.Type: GrantFiled: December 14, 2011Date of Patent: December 9, 2014Assignee: Intel CorporationInventors: Gilbert Neiger, Rajesh M. Sankaran, Gideon Gerzon, Richard A. Uhlig, Sergiu D. Ghetie, Michael Neve de Mevergnies, Adil Karrar
-
Patent number: 8590040Abstract: Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image. In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.Type: GrantFiled: December 22, 2010Date of Patent: November 19, 2013Assignee: Intel CorporationInventors: Sergiu D. Ghetie, Shahrokh Shahidzadeh, Michael Neve de Mevergnies, Adil Karrar, Vincent J. Zimmer
-
Publication number: 20130262877Abstract: Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.Type: ApplicationFiled: September 29, 2011Publication date: October 3, 2013Inventors: Michael Neve De Mevergnies, Knut S. Grimsrud, Sergiu D. Ghetie, Prasun Ratn, Shahrokh Shahidzadeh
-
Patent number: 8522322Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: GrantFiled: September 22, 2010Date of Patent: August 27, 2013Assignee: Intel CorporationInventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20130219191Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: ApplicationFiled: March 15, 2013Publication date: August 22, 2013Inventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20130159579Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.Type: ApplicationFiled: December 14, 2011Publication date: June 20, 2013Inventors: Gilbert Neiger, Rajesh M. Sankaran, Gideon Gerzon, Richard A. Uhlig, Sergiu D. Ghetie, Michael Neve de Mevergnies, Adil Karrar
-
Publication number: 20130002398Abstract: Described herein are an apparatus, system, and method for attribute identity control in a processor. The apparatus comprises a logic unit including a radio-frequency identification (RFID) tag comprising a non-volatile memory; and a processor operable to access the non-volatile memory, wherein the non-volatile memory for storing an attribute identity associated with a group of processors, the attribute identity being different from an identity of the processor.Type: ApplicationFiled: July 1, 2011Publication date: January 3, 2013Inventors: David A. Brown, Adil Karrar, Michael Neve de Mevergnies, Sergiu D. Ghetie, Shahrokh Shahidzadeh
-
Publication number: 20120167205Abstract: Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image. In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.Type: ApplicationFiled: December 22, 2010Publication date: June 28, 2012Inventors: Sergiu D. Ghetie, Shahrokh Shahidzadeh, Michael Neve de Mevergnies, Adil Karrar, Vincent J. Zimmer
-
Publication number: 20120072734Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: ApplicationFiled: September 22, 2010Publication date: March 22, 2012Inventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Patent number: 7855102Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.Type: GrantFiled: October 23, 2009Date of Patent: December 21, 2010Assignee: Intel CorporationInventors: Michael Neve de Mevergnies, Jean-Pierre Seifert
-
Patent number: 7831777Abstract: Apparatus and methods for reducing information leakage between processes sharing a cache are disclosed. In one embodiment, an apparatus includes execution logic, a cache memory, and cache security logic. The execution unit is to execute a plurality of processes. The cache memory is to be shared between the plurality of processes. The cache security logic is to cause a stored cache state to be loaded into the cache memory.Type: GrantFiled: May 26, 2006Date of Patent: November 9, 2010Inventors: Michael Neve de Mevergnies, Jean-Pierre Seifert
-
Publication number: 20100041182Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.Type: ApplicationFiled: October 23, 2009Publication date: February 18, 2010Inventors: Michael Neve de Mevergnies, Jean-Pierre Seifert
-
Patent number: 7633168Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.Type: GrantFiled: June 28, 2006Date of Patent: December 15, 2009Assignee: Intel CorporationInventors: Michael Neve de Mevergnies, Jean-Pierre Seifert
-
Publication number: 20080001307Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.Type: ApplicationFiled: June 28, 2006Publication date: January 3, 2008Inventors: Michael Neve de Mevergnies, Jean-Pierre Seifert
-
Publication number: 20070277001Abstract: Apparatus and methods for reducing information leakage between processes sharing a cache are disclosed. In one embodiment, an apparatus includes execution logic, a cache memory, and cache security logic. The execution unit is to execute a plurality of processes. The cache memory is to be shared between the plurality of processes. The cache security logic is to cause a stored cache state to be loaded into the cache memory.Type: ApplicationFiled: May 26, 2006Publication date: November 29, 2007Inventors: Michael Neve de Mevergnies, Jean-Pierre Seifert