Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.

Abstract: A mailbox register is provided in local memory of a processor device, the processor device connected to a host processor device by an interconnect. The processor device accesses the mailbox register to determine that a ready value in the mailbox register identifies that an executable has been written to the mailbox register by the host processor device. The processor device reads the executable from the mailbox register and executes the executable to generate a result. The processor device writes an execution finished value to the mailbox register based on execution of the executable by the processor circuitry, which the host processor device can read to identify that execution of the executable is complete.

Abstract: Apparatus and methods for managing power consumption of a data-path in a computer system are provided, the data-path comprising a first port and a second port, the first port comprising a high-speed and the second port comprising a low-speed port. The disclosed method including connecting a device to the data-path, determining that the connected device is to communicate using the second port and turning off an active circuit associated with the first port of the data-path.

Abstract: An apparatus to facilitate descriptor resiliency in a computer system platform is disclosed. The apparatus comprises a non-volatile memory to store firmware for a computer system platform, wherein the firmware comprises a primary descriptor including access permission details for platform components and a secondary descriptor including a backup copy of the access permission details and a controller, coupled to the first non-volatile memory, including recovery hardware to detect a problem during a platform reset with the primary descriptor, recover the contents of the primary descriptor from the backup copy included in the secondary descriptor and store the contents of the backup copy to primary descriptor.

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: A method of handling a firmware update for a device is disclosed, comprising: determining a device to be in an updatable state; setting the device into an updating state after determining the updatable state; and after the device is in the updating state, writing a firmware update to memory for the device. After writing the firmware update, the device is switchable to a working state in which the device operates based on the firmware update.

Abstract: An apparatus to implement an IP independent firmware load is disclosed. The apparatus includes a plurality of agents, a plurality of agents, at least one agent including a memory to store firmware to be executed by the agent to perform a function associated with the agent and a register to store enumeration data for the firmware load mechanism of the IP, and a processor to initiate an enumeration process to read the enumeration data from the register of the at least one agent, make a decision based on that data to retrieve a firmware module from a storage device, verify the firmware module, and load the firmware module into the memory of the at least one agent.

Abstract: Techniques are provided for managing power delivery to multiple universal serial bus (USB) type-C ports of a desktop computer system. In an example, a method can include providing a first power level to a USB power delivery controller during a non-sleep mode operation of the desktop computer, and providing a second power level to the USB power delivery controller when the computer is in a sleep mode, the second power level configured to provide default charge power to a connected device when the computer is in the sleep mode.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: An apparatus to facilitate descriptor resiliency in a computer system platform is disclosed. The apparatus comprises a non-volatile memory to store firmware for a computer system platform, wherein the firmware comprises a primary descriptor including access permission details for platform components and a secondary descriptor including a backup copy of the access permission details and a controller, coupled to the first non-volatile memory, including recovery hardware to detect a problem during a platform reset with the primary descriptor, recover the contents of the primary descriptor from the backup copy included in the secondary descriptor and store the contents of the backup copy to primary descriptor.

Abstract: An apparatus to facilitate a computer system platform boot is disclosed. The apparatus comprises a system on chip (SOC), including a cache memory, a storage device to store platform firmware including boot code, a security controller to load the boot code into the cache during a platform reset and a processor to execute the boot code from the cache memory to initiate the SOC.

Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.

Abstract: A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate communication with electronic devices supported by an interface specification and electronic devices unsupported by the interface specification. An example apparatus includes a first firmware interface to facilitate communication between an operating system and a first electronic device, the first electronic device supported in an interface specification. The example apparatus includes a second firmware interface instantiated to facilitate communication with a second electronic device that is not supported in the interface specification, the second firmware interface configured to communicate with the first firmware interface to route communication between the operating system and the second electronic device via the first firmware interface and the second firmware interface.

Abstract: Embodiments may include systems and methods for managing multiple ports of a computing interface. A computing device may include a connector with a power port and a data port. A connector manager may identify whether a port partner is coupled to the connector, identify an inquiry related to a status of the connector, where the inquiry may be received from a BIOS of the computing device. In addition, the connector manager may generate an indication of the status of the connector, and further transmit the indication of the status of the connector to the BIOS. A BIOS may identify that a data device coupled to the connector through a port partner is to be initialized, and further transmit to a connector manager an inquiry related to a status of the connector, before initializing the data device. Other embodiments may be described and/or claimed.

Abstract: A method and system for manages mapping of universal serial bus (USB) connectors to a plurality of USB host controllers. The method determines an enumeration of USB connectors in a system, identifying USB host controllers in the system, generating a grouping for a USB connector with USB host controllers, and configures USB routing in the system to map the USB connector with the USB host controllers according to the grouping.

Abstract: An apparatus to facilitate firmware resiliency in a computer system platform is disclosed. The apparatus comprises a first non-volatile memory to store primary firmware for a computer system platform, a second non-volatile memory to store a firmware copy of the primary firmware and a resiliency hardware, coupled to the first non-volatile memory via the system fabric, to detect unauthorized access to the primary firmware and restore the primary firmware stored in the first non-volatile memory with the firmware copy.