Abstract: Approaches in accordance with various embodiments provide for the management of system event data in a computing device. In particular, various embodiments provide an intelligent persistent buffer for system event log (SEL) messages. A SEL message can be generated by system BIOS on a computing device, which can send this message over an appropriate interface to a target recipient, such as the BMC. Instead of being received directly to the BMC, however, the SEL message can be received to a logic device, such as a CPLD, that is able to analyze the message, determine that the message relates to an important system event, and can cause this message to be stored to a persistent buffer. The BMC can then subsequently request the buffered SEL message from the logic device to take an appropriate action.

Abstract: When a computer boots up, a Basic Input/Output System (BIOS) configures system memory to have a crash memory area within the system address map, which can be used by a processor to dump crash memory data. When an error event occurs, the processor can initiate a dump to the crash memory area. Any desired data can be placed into the crash memory area, but typical data can include a state of registers in the processor. The processor then sets a flag, such as an external pin, indicating that the crash memory data is ready to be read. The flag can be read by a secure processor, which then reads the crash memory area at normal memory access speeds using the system bus. For example, the secure processor can access the crash memory area using Direct Memory Access (DMA) reads over a PCIe system bus.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.