Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: Technologies provide hardware-assisted privacy protection of sensor data. One embodiment includes unlocking a user interface coupled to a trusted execution environment of a processor in a device, where the user interface includes a plurality of selectable settings associated with a plurality of access levels for sensor data captured by a sensor. The embodiment also includes receiving a selection signal from the user interface indicating that a user selected a first setting associated with a first access level for the sensor data captured by the sensor, and restricting access to the sensor data based on a first set of one or more entities associated with the first access level. In more specific embodiments, the user interface includes a knob that is rotatably attached to a housing of the device or a privacy panel including a slider bar that is to be displayed on a touch screen display of the device.

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.

Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack.

Abstract: Methods and apparatus relating to a lockable partition in NVMe (Non-Volatile Memory express) drives with drive migration support are described. In an embodiment, a Non-Volatile Memory (NVM) device stores data and partition logic circuitry locks or unlocks a partition on the NVM device in response to a command. The NVM device is physically migratable to a different platform and the NVM device is protected after power loss during runtime. The partition logic circuitry locks or unlocks the partition in response to the command and a cryptographic key. Other embodiments are also disclosed and claimed.

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

Abstract: A method for establishing network connections includes connecting a device to a first network, retrieving voice input of a user, sending a message including data related to the voice input to at least one gateway device on the first network, receiving configuration data for a second network via the first network in response to the message, and establishing a connection of the device to the second network using the configuration data received via the first network. Furthermore, an electronic device, a network gateway device and a system are defined.

Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack.

Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.

Abstract: The disclosure generally relates to method, system and apparatus for concurrent volume and file based inline encryption on commodity operating systems (OS). More particularly, some embodiments of the disclosure relate to a Converged Cryptographic Engine (CCE) for storage encryption.

Abstract: Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.

Abstract: Methods and apparatus relating to Organic Light Emitting Diode (OLED) compensation based on protected content are described. In an embodiment, secure memory stores data that is only accessible by trusted logic. Display controller logic circuitry updates pixel values to be stored in the secure memory based on a plurality of frames. The display controller logic circuitry allows access by untrusted software to the updated pixel values after a first number of updates to the pixel values stored in the secure memory. Other embodiments are also disclosed and claimed.

Abstract: An apparatus to implement an IP independent secure firmware load into an IP agent without a ROM to establish hardware root of trust is disclosed.

Abstract: An apparatus to implement an IP independent firmware load is disclosed. The apparatus includes a plurality of agents, a plurality of agents, at least one agent including a memory to store firmware to be executed by the agent to perform a function associated with the agent and a register to store enumeration data for the firmware load mechanism of the IP, and a processor to initiate an enumeration process to read the enumeration data from the register of the at least one agent, make a decision based on that data to retrieve a firmware module from a storage device, verify the firmware module, and load the firmware module into the memory of the at least one agent.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Technologies provide hardware-assisted privacy protection of sensor data. One embodiment includes unlocking a user interface coupled to a trusted execution environment of a processor in a device, where the user interface includes a plurality of selectable settings associated with a plurality of access levels for sensor data captured by a sensor. The embodiment also includes receiving a selection signal from the user interface indicating that a user selected a first setting associated with a first access level for the sensor data captured by the sensor, and restricting access to the sensor data based on a first set of one or more entities associated with the first access level. In more specific embodiments, the user interface includes a knob that is rotatably attached to a housing of the device or a privacy panel including a slider bar that is to be displayed on a touch screen display of the device.