Abstract: Systems and techniques are described for implementing testing-and-manufacturing keys for a system-on-chip (SoC). A hardware test portion of the SoC is configured to exercise features of domains that process data being communicated across the fabrics during an externally initiated test. In response to receiving a testing-and-manufacturing token from an external test system, a testing-and-manufacturing key support component of the SoC generates a testing-and-manufacturing key. The hardware test portion is configured to execute a test function to promote security of the SoC, however, only in response to the testing-and-manufacturing security component authenticating the testing-and-manufacturing key. Through implementing testing-and-manufacturing keys this way, the system-on-chip secures access to potentially sensitive functions and secrets, while allowing their unencumbered and authorized access for testing the system-on-chip during various life cycle states.

Abstract: The present disclosure describes various aspects of secure provisioning with hardware verification. In some aspects, sensitive data are provisioned to an integrated circuit (IC) device through a provisioning process. Provisioning data for the IC device are divided into a plurality of fragments, and each fragment is encrypted in one of a plurality of cryptographic keys. Corresponding cryptographic keys are generated at the IC device. The encrypted fragments are transferred to the IC device in respective secure transfer operations, each including sending a seed value to the IC device, validating integrity data configured to characterize integrated circuitry within a portion of the IC device specified by the seed value, and transferring the encrypted fragment to the IC device in response to validating the integrity data. In response to completing the secure transfer operation, the IC device may reconstruct the provisioning data from the encrypted fragments and corresponding cryptographic keys.

Abstract: According to an example embodiment, an electrical connector may include a plug connected to a cord. The cord may be connected to a back of the plug. A width of the plug may narrow from the back of the plug to a front of the plug. The cord may be connected to the back of the plug. The cord may include at least one electrical wire.

Abstract: Systems and methods for providing access to secure information are disclosed. In one aspect, a computer-implemented method for providing access to secure information comprises receiving a first one-time password (OTP) from a computing device, and verifying whether the first OTP is valid. The method also comprises, if the first OTP is valid, performing the steps of generating a second OTP for accessing the secure information, and transmitting the second OTP to the computing device. In another aspect, a computer-implemented method for providing access to secure information comprises generating a first one-time password (OTP), and transmitting the first OTP to an OTP device. The method also comprises, in response to the first OTP, receiving a second OTP from the OTP device, and sending the second OTP to a system that controls access to the secure information, wherein the first OTP is different from the second OTP.

Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.

Abstract: A system and method is disclosed for recovering a boot image. Hardware instructions initiate a loading of a computer operating system on a computing device. During the loading of the operating system, multiple portions of boot code are verified and a determination is made whether each portion is valid. If a portion of boot code is determined to be invalid, a secure portion of the boot code is loaded to repair the invalid code and the loading of the operating system resumed.

Abstract: According to an example embodiment, an electrical connector may include a plug connected to a cord. The cord may be connected to a back of the plug. A width of the plug may narrow from the back of the plug to a front of the plug. The cord may be connected to the back of the plug. The cord may include at least one electrical wire.

Abstract: Aspects of the subject technology relate to executing a boot sequence from a recovery image. A determination of a validity of one or more keyblocks is made. A determination of a first version identifier and a second version identifier is made. A comparison of the first version identifier and the second version identifier is performed. A boot sequence from a recovery image is executed based on the comparison.

Abstract: A method for controlling outer surface temperatures of a computing device enclosure or case includes operating one or more internal thermal management mechanisms to control an internal temperature inside the computing device enclosure or case, obtaining a measure of an external ambient temperature outside the computing device case, and making operation of the one or more internal thermal management mechanisms depend, at least in part, on the measure of the external ambient temperature.

Abstract: A charging device may include a computer plug, outlet plug, AC-to-DC converter, controller, and memory. The computer plug may provide power to a computing device and receive data from the computing device. The outlet plug may receive alternating current (AC) power from an electrical outlet. The AC-to-DC converter may convert the AC power into direct current (DC) power and provide the DC power to the computing device via the computer plug. The controller may control a voltage and/or current of the DC power based on data received from the computing device and instructions stored in a memory. The memory may include read-only instructions for the controller to modify a read-write portion of the memory based on data received from the computing device via the computer plug, and read-write instructions for the controller to set the voltage of the DC power based on the data received from the computing device.

Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.

Abstract: Systems and methods for providing access to secure information are disclosed. In one aspect, a computer-implemented method for providing access to secure information comprises receiving a first one-time password (OTP) from a computing device, and verifying whether the first OTP is valid. The method also comprises, if the first OTP is valid, performing the steps of generating a second OTP for accessing the secure information, and transmitting the second OTP to the computing device. In another aspect, a computer-implemented method for providing access to secure information comprises generating a first one-time password (OTP), and transmitting the first OTP to an OTP device. The method also comprises, in response to the first OTP, receiving a second OTP from the OTP device, and sending the second OTP to a system that controls access to the secure information, wherein the first OTP is different from the second OTP.

Abstract: A system and method is disclosed for recovering a boot image from a secure location. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified and a determination is made whether each level is usable by the device. If a level of boot code is determined to be unusable, a secure copy of the boot code is loaded from a secure read-only location to repair the unusable code to launch the computer operating system.

Abstract: A computer-implemented method for updating firmware in a computer is disclosed according to an aspect of the subject technology. The method comprises writing new firmware to a non-volatile memory of the computer and setting a boot count to a non-zero value. The method also comprises a) decrementing the boot count and b) attempting to boot the computer using the new firmware in the non-volatile memory. The method further comprises, if the computer fails to boot using the new firmware and the boot count is greater than zero, then repeating steps a) and b).

Abstract: A computer-implemented method for controlling a developer mode of a computer is disclosed according to an aspect of the subject technology. The method comprises, during boot time of the computer, determining whether one or more keys on a keyboard corresponding to the developer mode are held down, and, if the one or more keys are held down, then setting a developer mode value within a lockable memory space to enable the developer mode.

Abstract: A dual-mode computing system and machine-implemented method for providing an indication of an operating mode of the system. The system including a processor, a memory storing verified code, a secure memory coupled to a processor and a developer mode indicator coupled to the secure memory, wherein the processor is configured to execute verified code to perform operations comprising initiating boot up of the system. The operations further comprising accessing a developer mode state stored within the secure memory to determine whether the system is in developer mode, wherein the developer mode allows the system to execute unverified code, activating the developer mode indicator when it is determined that the system is in developer mode and locking the secure memory to ignore subsequent calls to modify the developer mode state when it is determined that the system is in developer mode.

Abstract: Systems, methods, and machine-readable media for initiating a recovery mode to execute a recovery mode procedure is discussed. The system may include a main processor, an embedded controller, timer circuitry, and recovery circuitry. The recovery circuitry may be configured to receive an indication to execute a recovery mode procedure and, in response to receiving the indication to execute the recovery mode procedure, to trigger a first time period and a second time period. The timer circuitry may be configured to shut off the embedded controller for the first time period, wherein when the first time period expires, the embedded controller is further configured to boot from embedded controller recovery code and shut off the main processor for the second time period, wherein when the second time period expires, the main processor may be configured to boot from main processor recovery code and execute the recovery mode procedure.

Abstract: Configurations providing a non-zero threshold for verifying a root file system of an operating system stored on blocks of a boot storage are disclosed. In particular, the root file system is verified during a boot sequence for the operating system. For each block of the root file system of the boot storage, the subject technology verifies a respective block of the boot storage. A counter tracking a number of verification failures is incremented if the block fails verification. In some configurations, the subject technology determines whether the counter meets a predetermined non-zero threshold. If the counter meets the predetermined non-zero threshold, the root file system is marked as corrupted. A recovery mode for the operating system is then initiated. If the counter does not meet the predetermined non-zero threshold, the operating system is reset in order to verify the root file system during a subsequent boot sequence.

Abstract: Systems, methods, and machine-readable media for storing a recovery image on a secondary memory device on a computing system and updating the recovery image. In some aspects, the system may include a main storage device comprising an operating system, a secondary storage device, internal to the computer system and separate from the main storage device, comprising a recovery image, and a processor configured to determine whether to boot the computer system in a normal mode using the main storage device or in a recovery mode using the recovery image on the secondary storage device. In some aspects, the system may also include a recovery circuit configured to prevent access to the secondary storage device during the normal mode when the recovery circuit is disabled and to permit access to the second storage device when the recovery circuit is enabled during the recovery mode process.

Abstract: A computing device comprising a security slot integral with an external surface of the computing device, wherein the security slot is configured to receive and mechanically cooperate with a blocking mechanism. In certain aspects, the computing device further comprises a switch mounted behind the security slot and integral to the computing device and configured to permit access to a developer mode when the switch is in a first position and to restrict access to the developer mode when the switch is in a second position.