Abstract: Aspects of the invention include loading an image of a virtual server onto a boot partition of a trusted execution environment (TEE), wherein a first key is embedded in the image. A second key is received from an end customer of an application. Data is received from an independent software vendor (ISV) of the application, wherein the data includes a third key. The second key and the third key are combined inside the TEE to create a fourth key. An available memory space in an independent memory device is encrypted using the fourth key to create a secure data volume. Encrypted data is stored in the secure data volume.

Abstract: The present disclosure relates to a computer implemented method for executing an application. The method comprises: executing a bootloader in a trusted execution environment, wherein the executing comprises: decrypting received encrypted secrets using decryption keys of the boot loader, storing the decrypted secrets in a storage accessible by the application, creating a proof record indicating the application, the secrets and the trusted execution environment, storing the proof record in the storage, and deleting the decryption keys. The application may be executed in the trusted execution environment using the decrypted secrets. The proof record may be provided by the application for proving authenticity.

Abstract: A computer-implemented method for managing a life-cycle of at least in parts interdependent cryptographic keys is disclosed. Each of the cryptographic keys is signed and relates to a different one of artifacts. The method comprises creating a key manifest, wherein the key manifest comprises data about determined dependencies of the cryptographic keys at a point in time when one of the artifacts is built encrypting the key manifest with a manifest key, and upon a life-cycle change happening to one out of the group comprising one of the artifacts and one of the interdependent cryptographic keys in the key manifest of the one of the artifacts, the method comprises decrypting the key manifest and invoking an action to a related one out of the group comprising the one of the artifacts and at least one of the interdependent cryptographic keys in accordance with the key manifest.

Abstract: Aspects of the invention include loading an image of a virtual server onto a boot partition of a trusted execution environment (TEE), wherein a first key is embedded in the image. A second key is received from an end customer of an application. Data is received from an independent software vendor (ISV) of the application, wherein the data includes a third key. The second key and the third key are combined inside the TEE to create a fourth key. An available memory space in an independent memory device is encrypted using the fourth key to create a secure data volume. Encrypted data is stored in the secure data volume.

Abstract: The present disclosure relates to a method for deploying an application in an execution environment using a first and second sets of key pairs. The method comprises: creating a sequence of tasks comprising build tasks followed by a deploy task. The tasks are configured to receive a task input for performing the tasks. The task input comprises a contribution input and an output of a task preceding at least one of the build tasks. The contribution input comprises secrets. The output of the build tasks is encrypted with a respective encryption key of the first set of key pairs, wherein the contribution input of a task subsequent to the first task is encrypted with a respective encryption key of the second set of keys. The tasks may be executed in the execution environment using unencrypted content of the task inputs.

Abstract: The present disclosure relates to a computer implemented method for executing an application. The method comprises: executing a bootloader in a trusted execution environment, wherein the executing comprises: decrypting received encrypted secrets using decryption keys of the boot loader, storing the decrypted secrets in a storage accessible by the application, creating a proof record indicating the application, the secrets and the trusted execution environment, storing the proof record in the storage, and deleting the decryption keys. The application may be executed in the trusted execution environment using the decrypted secrets. The proof record may be provided by the application for proving authenticity.

Abstract: The present disclosure relates to a method for deploying an application in an execution environment using a first and second sets of key pairs. The method comprises: creating a sequence of tasks comprising build tasks followed by a deploy task. The tasks are configured to receive a task input for performing the tasks. The task input comprises a contribution input and an output of a task preceding at least one of the build tasks. The contribution input comprises secrets. The output of the build tasks is encrypted with a respective encryption key of the first set of key pairs, wherein the contribution input of a task subsequent to the first task is encrypted with a respective encryption key of the second set of keys. The tasks may be executed in the execution environment using unencrypted content of the task inputs.

Abstract: A computer-implemented method for providing a system-specific secret to a computing system having a plurality of computing components is disclosed. The method includes storing permanently a component-specific import key as part of a computing component and storing the component-specific import key in a manufacturing-side storage system. Upon a request for the system-specific secret for a computing system, the method includes identifying the computing component comprised in the computing system, retrieving a record relating to the identified computing component, determining the system-specific secret protected by a hardware security module and determining a system-specific auxiliary key. Furthermore, the method includes encrypting the system-specific auxiliary key with the retrieved component-specific import key, thereby creating a auxiliary key bundle, encrypting the system-specific secret and storing the auxiliary key bundle and a system record in a storage medium of the computing system.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: An integrated circuit chip includes at least two integrated circuits, at least three scan chains, and a multiplexor circuitry. Each integrated circuit includes an integrated circuit input port and an integrated circuit output port. The scan chains and the integrated circuits are coupled by default with a series chain having integrated circuits and scan chains alternating each other. The series chain starts with an initial scan chain and ends with the end scan chain. Each scan chain except the initial one includes a first scan chain input port coupled by default with the integrated circuit output port of the respective adjacent integrated circuit. Each scan chain except the end one includes a first scan chain output port coupled by default with the integrated circuit input port of the respective adjacent integrated circuit.

Abstract: A method for operand width reduction is described, wherein two N-bit input operands (A, B) of a bit width of N are processed and two M-bit output operands (A?, B?) of a reduced bit width of M are generated in a way, that a post-processing comprising an M-bit adder function followed by saturation to M bits performed on said two M-bit output operands (A?, B?) provides an M-bit result equal to an M-bit result of an N-bit modulo adder function of the two N-bit input operands (A, B), followed by a saturation to M bits. Further an electronic computing circuit (1, 5) is described performing said method. Additionally a computer system comprising such an electronic computing circuit is described.

Abstract: Instead of having a processor with an instruction set architecture (ISA) that includes fixed architected operands, an improved processor supports additional characteristic bits for computing instructions (e.g., a multiply-add, load/store instructions). Such additional bits for the certain instructions influence the processing of these instructions by the processor. Also, a new instruction is introduced for further usage of the proposed method. Typically these additional characteristic bits as well as the instruction can be automatically generated by compilers to provide relatively well-suited instruction sequences for the processor.

Abstract: A bi-endian multiprocessor system having multiple processing elements, each of which includes a processor core, a local memory and a memory flow controller. The memory flow controller transfers data between the local memory and data sources external to the processing element. If the processing element and the data source implement data representations having the same endian-ness, each multi-word line of data is stored in the local memory in the same word order as in the data source. If the processing element and the data source implement data representations having different endian-ness, the words of each multi-word line of data are transposed when data is transferred between local memory and the data source. The processing element may incorporate circuitry to add doublewords, wherein the circuitry can alternately carry bits from a first word to a second word or vice versa, depending upon whether the words in lines of data are transposed.

Abstract: A method for reducing the power consumption of a register file of a microprocessor supporting simultaneous multithreading (SMT) is disclosed. Mapping logic and associated table entries monitor a total number of processing threads currently executing in the processor and signal control logic to disable specific register file entries not required for currently executing or pending instruction threads or register file entries not meeting a minimum access threshold using a least recently used algorithm (LRU). The register file utilization is controlled such that a register file address range selected for deactivation is not assigned for pending or future instruction threads. One or more power saving techniques are then applied to disabled register files to reduce overall power dissipation in the system.

Abstract: An electronic computing circuit for implementing a method for reducing the bit width of two operands from a bit length N to a reduced bit length M, thus, M<N. To enable a wider re-usage of existing designs or building blocks being all specialized to the usual bit length of a power of 2 (8, 16, 32, 64 etc.), the chip structure of which is already highly optimized in regard of speed and space savings, a circuit is implemented as an addend width reduction circuit to perform the steps of: receiving said two N-bit operands as an input, adding the (N?M+1) most significant bits of said two N-bit operands separately in an auxiliary adder logic, calculating at least the two most significant bits of reduced-bit-length output operands in a decision logic processing the add result of said auxiliary adder logic, such that a predetermined post-processing can be correctly performed with said output operands.

Abstract: A bi-endian multiprocessor system having multiple processing elements, each of which includes a processor core, a local memory and a memory flow controller. The memory flow controller transfers data between the local memory and data sources external to the processing element. If the processing element and the data source implement data representations having the same endian-ness, each multi-word line of data is stored in the local memory in the same word order as in the data source. If the processing element and the data source implement data representations having different endian-ness, the words of each multi-word line of data are transposed when data is transferred between local memory and the data source. The processing element may incorporate circuitry to add doublewords, wherein the circuitry can alternately carry bits from a first word to a second word or vice versa, depending upon whether the words in lines of data are transposed.