Abstract: Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.

Abstract: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.

Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.

Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.

Abstract: Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image. In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.

Abstract: Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.

Abstract: Described herein are an apparatus, system, and method for attribute identity control in a processor. The apparatus comprises a logic unit including a radio-frequency identification (RFID) tag comprising a non-volatile memory; and a processor operable to access the non-volatile memory, wherein the non-volatile memory for storing an attribute identity associated with a group of processors, the attribute identity being different from an identity of the processor.

Abstract: Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image. In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.

Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.

Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.

Abstract: Apparatus and methods for reducing information leakage between processes sharing a cache are disclosed. In one embodiment, an apparatus includes execution logic, a cache memory, and cache security logic. The execution unit is to execute a plurality of processes. The cache memory is to be shared between the plurality of processes. The cache security logic is to cause a stored cache state to be loaded into the cache memory.

Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.

Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.

Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.

Abstract: Apparatus and methods for reducing information leakage between processes sharing a cache are disclosed. In one embodiment, an apparatus includes execution logic, a cache memory, and cache security logic. The execution unit is to execute a plurality of processes. The cache memory is to be shared between the plurality of processes. The cache security logic is to cause a stored cache state to be loaded into the cache memory.