Abstract: The following description is directed to a logic repository service supporting adaptable host logic. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic. The method can include selecting a particular host logic shell from a group of host logic shells. The particular host logic shell can be used to encapsulate the application logic when the configurable hardware is configured. Configuration data for the configurable hardware can be generated. The configuration data can include data for implementing the application logic and at least a portion of the particular host logic shell. The method can include receiving a second request to download the configuration data to a host server computer comprising the configurable hardware. The configuration data can be transmitted to the host server computer in response to the second request.

Abstract: A network device stores information associated with a packet in a queue. The network device sends an interrupt to a host to notify the host of completion of processing the packet. A Memory-Mapped Input/Output (MMIO) write transaction is received that includes a pointer update associated with the queue and an interrupt unmasking value. The pointer is updated and the interrupt is unmasked based on receiving the single MMIO write transaction.

Abstract: A computing system can include a server computer and a configurable hardware platform. The server computer can include instances or domains such as a management partition and a user partition. The management partition can be used to perform management services for the user partitions and the configurable hardware platform. The configurable hardware platform is coupled to the server computer, and can include a host logic and a configurable application logic. In an embodiment, the computing system is configured to provide the user partition with physical or virtual access to a first part of the configurable hardware platform through the host logic in the configurable hardware platform. The computing system is also configured to provide the user partition with virtual access to certain portions/resources associated with the configurable hardware platform.

Abstract: An error-handling processing circuit and system are provided. The system can receive an error signal, such as an interrupt, and decouple (e.g., by a gate signal) a functional clock from a processing block, in some instances effectively halting the processing block's operation. This can prevent a cascade of interdependent errors, thereby avoiding producing redundant or confusing error information. The system can include the processing block, a debug clock not coupled to the processing block, and a data block (e.g., a register file) coupled to the debug clock and to an external input/output interface. The data block can be configured to continue receiving a clock signal via a multiplexer from the debug clock without disruption after the functional clock is decoupled, enabling the data block to remain operational for debugging.

Abstract: Methods and apparatus are disclosed for securely erasing partitions of reconfigurable logic devices such as FPGAs in a multi-tenant server environment. In one example, a method of securely erasing an FPGA includes identifying one partition of previously-programmed resources in the FPGA, erasing the identified partition by storing new values in memory or storage elements of the identified partition, and storing new values in memory or storage elements of additional external resources electrically connected to the integrated circuit and associated with the identified partition. Thus, other partitions and subsequent users of the identified partition are prevented from accessing the securely erased data. A configuration circuit, accessible by a host computer via DMA, can be programmed into the FPGA reconfigurable logic for performing the disclosed erasing operations.

Abstract: Provided are systems and methods for reliable, out-of-order transmission of packets. In some implementations, provided is an apparatus configured to communicate with a network and a host device. The apparatus may receive messages from the host device at a send queue, where each message includes destination information. The apparatus may further determine, using the destination information and an identify of the send queue, a transport context associated with a destination on the network. The apparatus may further, for each message and using the transport context, generate a packet including the message and transmit the packet over the network. The apparatus may further monitor status for each transmitted packet.

Abstract: A method and corresponding apparatus for detecting network congestion. The method includes capturing, using a local clock of a sender device, a send time of an outgoing packet sent from the sender device to a receiver device through a forward route, and capturing, using the local clock of the sender device, a receive time of an acknowledgment packet sent from the receiver device to the sender device through a backward route. The acknowledgment packet contains timing information, generated using a local clock of the receiver device, for determining an internal latency of the receiver device. A round trip time is computed as a difference between the send time and the receive time. The internal latency is subtracted from the round trip time to compute a total propagation time. If the total propagation time is above a threshold, the forward route and the backward route are changed.

Abstract: Interfaces of a compute node on a printed circuit board can be secured by obfuscating the information communicated over the interfaces. Data to be communicated between the compute node and a device on the printed circuit board using an interface can be encrypted, and an address corresponding to the data to be communicated can be scrambled. In addition, the compute node can be the root of trust which can provide secure boot of different components using an on-chip mechanism, and without relying on external devices.

Abstract: A plurality of system on chips (SoCs) in a server computer can be coupled to a plurality of memory agents (MAs) via respective Serializer/Deserializer (SerDes) interfaces. Each of the plurality of MAs can include one or more memory controllers to communicate with a memory coupled to the respective MA, and globally addressable by each of the SoCs. Each of the plurality of SoCs can access the memory coupled to any of the MAs in uniform number of hops using the respective SerDes interfaces. Different types of memories, e.g., volatile memory, persistent memory, can be supported.

Abstract: In various implementations, provided are techniques for distributing network time across a network using multiple grand masters (e.g., master time keepers). These techniques include having multiple grand masters simultaneously providing time to the network. Simultaneous means that all the grand masters are active at the same time, and none are designated as backups. In various implementations, the nodes in the network can simultaneously synchronize to network times provided by more than grand masters so that the nodes can obtain more than one network time. Using these multiple network times, nodes configured as clients can determine one network time. The client devices can then use the single network time in applications that require a time.

Abstract: Disclosed herein are techniques for migrating data from a source memory range to a destination memory while data is being written into the source memory range. An apparatus includes a control logic configured to receive a request for data migration and initiate the data migration using a direct memory access (DMA) controller, while the source memory range continues to accept write operations. The apparatus also includes a tracking logic coupled to the control logic and configured to track write operations performed to the source memory range while data is being copied from the source memory range to the destination memory. The control logic is further configured to initiate copying data associated with the tracked write operations to the destination memory.

Abstract: A hardware security accelerator includes a configurable parser that is configured to receive a packet and to extract from the packet headers associated with a set of protocols. The security accelerator also includes a packet type detection unit to determine a type of the packet in response to the set of protocols and to generate a packet type identifier indicative of the type of the packet. A configurable security unit includes a configuration unit and a configurable security engine. The configuration unit configures the configurable security engine according to the type of the packet and to content of at least one of the headers extracted from the packet. The configurable security engine performs security processing of the packet to provide at least one security result.

Abstract: The following description is directed to a configurable logic platform. In one example, a configurable logic platform includes host logic and a plurality of reconfigurable logic regions. Each reconfigurable region can include hardware that is configurable to implement an application logic design. The host logic can be used for separately encapsulating each of the reconfigurable logic regions. The host logic can include a plurality of data path functions where each data path function can include a layer for formatting data transfers between a host interface and the application logic of a corresponding reconfigurable logic region. The host interface can be configured to apportion bandwidth of the data transfers generated by the application logic of the respective reconfigurable logic regions.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.

Abstract: An integrated circuit includes a processing engine configured to execute instructions that are synchronized using a set of events. The integrated circuit also includes a set of event registers and an age bit register. Each event in the set of events corresponds to a respective event register in the set of event registers. The age bit register includes a set of age bits, where each age bit in the age bit register corresponds to a respective event register in the set of event registers. Each age bit in the age bit register is configured to be set by an external circuit and to be cleared in response to a value change in a corresponding event register in the set of event registers. Executing the instructions by the processing engine changes a value of an event register in the set of event registers.

Abstract: Technologies are provided for bypassing control logic of an electronic device and writing a trusted firmware to a storage location of the device. The device can comprise a bypass communication channel that, when enabled, allows a connected host computer to access a storage medium and/or onboard memory of the device without using the device's control logic. A device controller can be configured to receive a firmware update mode command from a connected host computer and to enable the bypass communication channel. In at least some embodiments, the controller is configured to reject the update mode command unless it is received as part of an initial communication from the host computer during a boot sequence of the electronic device. In a different or further embodiment, the controller is configured to determine that the command is authorized before enabling the bypass communication channel.

Abstract: Provided are systems and methods for reliable, out-of-order receipt of packets. In some implementations, provided is an apparatus configured to communicate with a network and a host device. The apparatus may receive packets over the network at a receive queue. The packets may originate from a source on the network, and may be received out of order. The apparatus may further, for each received packet, identify a transport context associated with the source and a destination of the packet, and determine whether the packet can be accepted. Upon determining that the packet can be accepted, the apparatus may further identify the one receive queue at which the packet was received; determine a user application to receive the packet, transfer the packet from the one receive queue to a buffer in host memory, and identify an order in which the packet was received with respect to other packets.

Abstract: Technologies are provided for dynamically changing a size of a cache region of a storage device. A storage device controller writes data to the cache region of the storage device using a particular storage format. The storage device controller then migrates the cached data to a storage region of the device, where the data is written using a different storage format. A dynamic cache manager monitors input and output activity for the storage device and dynamically adjusts a size of the cache region to adapt to changes in the input and/or output activity. The dynamic cache manager can also adjust a size of the storage region. The storage device controller can automatically detect that the storage device has dynamic cache support and configure the storage device by creating the cache region and the storage region on the device.

Abstract: Apparatus and methods are disclosed herein for remote, direct memory access (RDMA) technology that enables direct memory access from one host computer memory to another host computer memory over a physical or virtual computer network according to a number of different RDMA protocols. In one example, a method includes receiving remote direct memory access (RDMA) packets via a network adapter, deriving a protocol index identifying an RDMA protocol used to encode data for an RDMA transaction associated with the RDMA packets, applying the protocol index to a generate RDMA commands from header information in at least one of the received RDMA packets, and performing an RDMA operation using the RDMA commands.

Abstract: Provided are systems and methods for reliable, out-of-order transmission of packets. In some implementations, provided is an apparatus configured to communicate with a network and a host device. The apparatus may receive messages from the host device at a send queue, where each message includes destination information. The apparatus may further determine, using the destination information and an identify of the send queue, a transport context associated with a destination on the network. The apparatus may further, for each message and using the transport context, generate a packet including the message and transmit the packet over the network. The apparatus may further monitor status for each transmitted packet.