Abstract: A method and device for generating a shared session secret with forward secrecy between a first device and a second device. The first and second devices perform mutual authentication. The first and second devices establish a first shared secret using a key encapsulation mechanism with a long-term cryptographic key pair of the devices. The first and second devices generate an ephemeral cryptographic key pair comprising an ephemeral public key and an ephemeral private key, respectively, and transfer the ephemeral public key of the device to the other device using the first shared secret. The first and second devices then establish a second shared secret using the key encapsulation mechanism with the ephemeral public keys of the first device and the second device. The second shared secret is used as a temporary shared session secret.

Abstract: A method comprises establishing, in a trusted security manager of a trusted execution environment, a device update pre-authentication policy for a device communicatively coupled to the trusted execution manager, providing the device update pre-authentication policy to the device, receiving, from the device, a pre-authentication event signal, and providing, to the device, a pre-authentication event response comprising an update indicator to indicate to the device whether a runtime update may be performed.

Abstract: An apparatus is disclosed. The apparatus comprises one or more processors to receive a request to perform a firmware update at a device, prepare a second trusted compute base (TCB) layer for the firmware update, generate a first compound device identifier (CDI) associated with a first TCB layer to be used by the second TCB layer to attest an operational state of the first TCB layer prior to applying the update and generate a second CDI associated with the first TCB layer to be used by the second TCB layer to attest the operational state of the first layer after the update has been applied and perform the firmware update of the second TCB layer.

Abstract: Methods and apparatus relating to a Federal Information Processing Standard (FIPS) compliant Device Identifier Composition Engine (DICE) certificate chain architecture for embedded systems are described. In an embodiment, Deterministic Random Bit Generator (DRBG) logic circuitry generates a random number for each layer of a Device Identifier Composition Engine (DICE). The DRBG logic circuitry is a Federal Information Processing Standard (FIPS) approved DRBG logic circuitry. Logic circuitry derives an Elliptic Curve Digital Signature Algorithm (ECDSA) private key for a layer of the DICE based at least in part on one or more operations of a FIPS-approved ECDSA key pair generation logic circuitry. Other embodiments are also disclosed and claimed.

Abstract: Various examples relate to an apparatus, a device, a method, and a computer program for a computing device, for providing a certificate chain, and to a computing device. An apparatus comprises processor circuitry to obtain information on an identity of a firmware being used to operate the computing device, generate a leaf certificate for the firmware being used to operate the computing device based on the identity of the firmware being used to operate the computing device and using an intermediate certificate being generated based on an identity of a firmware having been used during a cold boot of the computing device, and provide a certificate chain comprising the leaf certificate for an external verifier.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.

Abstract: Methods and apparatus relating to a Federal Information Processing Standard (FIPS) compliant Device Identifier Composition Engine (DICE) certificate chain architecture for embedded systems are described. In an embodiment, Deterministic Random Bit Generator (DRBG) logic circuitry generates a random number for each layer of a Device Identifier Composition Engine (DICE). The DRBG logic circuitry is a Federal Information Processing Standard (FIPS) approved DRBG logic circuitry. Logic circuitry derives an Elliptic Curve Digital Signature Algorithm (ECDSA) private key for a layer of the DICE based at least in part on one or more operations of a FIPS-approved ECDSA key pair generation logic circuitry. Other embodiments are also disclosed and claimed.

Abstract: An apparatus is disclosed. The apparatus comprises one or more processors to receive a request to perform a firmware update at a device, prepare a second trusted compute base (TCB) layer for the firmware update, generate a first compound device identifier (CDI) associated with a first TCB layer to be used by the second TCB layer to attest an operational state of the first TCB layer prior to applying the update and generate a second CDI associated with the first TCB layer to be used by the second TCB layer to attest the operational state of the first layer after the update has been applied and perform the firmware update of the second TCB layer.

Abstract: Various embodiments provide apparatuses, systems, and methods for establishing, by a data object exchange (DOE entity) of a peripheral component interconnect express (PCIe) device, a first session for communication between a first host entity of a host device and a first PCIe entity of the PCIe device, and a second session for communication between a second host entity of the host device and a second PCIe entity of the PCIe device. The first session may have a first security policy and be a session of a first connection between the PCIe device and the host device. The second session may have a second security policy and be a session of a second connection between the PCIe device and the host device. Other embodiments may be described and claimed.

Abstract: Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

Abstract: In one example an apparatus comprises verification circuitry to store an object image in a computer readable memory external to an XMSS verifier circuitry and verify the object image by repeating operations to receive, in a local memory of the XMSS verifier circuitry, a fixed-sized block of data from the object image and process the fixed-sized block of data to compute the signature verification. Other examples may be described.

Abstract: The disclosure provides method, system and apparatus to provide authentication between one or more endpoints during an initial and subsequent boot cycles. In an exemplary application, an asymmetric-key cryptography is used only once to set up a persistent seed between the host and the device. After the initial setup, symmetric-key cryptography may be used with the agreed seed for authentication and session key establishment. The device wraps the persistent seed with device secrets and stores it on the host, hence secure NVM is not required on the device. The disclosed embodiments are particularly advantageous over the art of record as they provide authentications speeds of over 20,000 times faster than asymmetric-key cryptography.

Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

Abstract: Embodiments described herein enable independently recoverable security for processor and peripheral communication, enabling a processor without native non-volatile memory to generate and recover credentials in response to a firmware update. The processor and peripheral can each have credentials burned into secure fuses. The processor can derive a shared secret from the secure fuses using security attributes that are based on the security version number of firmware within the processor and the peripherals to which the processor is to security communicate. The processor and peripherals can generate ephemeral session keys from the shared secret and nonces. The ephemeral session keys can be used to secure communications between the processor and the peripherals.

Abstract: Technologies for provisioning cryptographic keys include hardcoding identical cryptographic key components of a Rivest-Shamir-Adleman (RSA) public-private key pair to each compute device of a plurality of compute devices. A unique cryptographic exponent that forms a valid RSA public-private key pair with cryptographic key components hardcoded into each compute device is provided to each compute device so that each compute device has a unique public key. The public key of each compute device may be used to provision unique secrets to the corresponding compute device.

Abstract: In embodiments, an apparatus for microcontroller (?C) or system-on-chip (SoC) computing includes a set of fuses disposed in a ?C or a SoC to store a seed value and M pairs of loop counter values (LCVs) with which to locally generate M private keys from the seed value on the microcontroller or SoC, where M is a positive integer, each private key to decrypt data encrypted with a pre-defined public key cryptosystem, wherein each private key includes two prime numbers p and q (p,q), the LCVs being a number of iterations of a key derivation function (KDF) needed to respectively obtain p and q from the seed value; and a key decoder, disposed in the (?C) or the SoC, and coupled to the set of fuses, to read the seed value and the M pairs of LCVs, and, for each of the M private keys to: respectively generate (p,q) from the seed value by respectively iterating the KDF by the LCVs for that key.