Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is to communicate with an NVM. The processor is to store in the NVM at least a Type-Length-Value (TLV) record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least a validity indicator of the TLV record, to read the TLV record from the NVM, and to invalidate the TLV record by modifying the validity indicator stored in the non-encrypted fields, without decryption of any of the encrypted fields.

Abstract: A peripheral device includes a processor, a memory interface, a host interface and a cache controller. The processor executes software code. The cache memory caches a portion of the software code. The memory interface communicates with a NVM storing a replica of the software code. The host interface communicates with hosts storing additional replicas of the software code. The cache controller is to determine whether each host is allocated for code fetching, to receive a request from the processor for a segment of the software code, when available in the cache memory to fetch the segment from the cache memory, when unavailable in the cache memory and at least one host is allocated, to fetch the segment from the hosts that are allocated, when unavailable in the cache memory and no host is allocated, to fetch the segment from the NVM, and to serve the fetched segment to the processor.

Abstract: In one embodiment, a secure challenge-response method includes requesting respective token challenges from devices, receiving the respective token challenges from the devices, providing the respective token challenges to a signing server, receiving from the signing server a signature of the respective token challenges signed with a private key of the signing server, and providing to a given device of the devices a request to perform an operation, the request including the signature and the respective token challenges.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A peripheral device includes a processor, a memory interface, a host interface and a cache controller. The processor executes software code. The cache memory caches a portion of the software code. The memory interface communicates with a NVM storing a replica of the software code. The host interface communicates with hosts storing additional replicas of the software code. The cache controller is to determine whether each host is allocated for code fetching, to receive a request from the processor for a segment of the software code, when available in the cache memory to fetch the segment from the cache memory, when unavailable in the cache memory and at least one host is allocated, to fetch the segment from the hosts that are allocated, when unavailable in the cache memory and no host is allocated, to fetch the segment from the NVM, and to serve the fetched segment to the processor.

Abstract: In one embodiment, a device includes a memory to store a first public key indicating security ownership of the device by a first owner, an interface to receive a signature of an intermediate public key signed by a first owner signing service with a first private key, and processing circuitry to load the intermediate public key in the memory, responsively to authenticating the signature, and remove the first public key from the memory, and wherein the interface is to receive a second public key and a signature of the second public key signed by a second owner signing service with an intermediate private key, the processing circuitry is to load a second public key in the memory indicating ownership has been transferred to the second owner responsively to authenticating the signature of the second public key with the intermediate public key, and remove the intermediate public key from the memory.

Abstract: In one embodiment, a secure challenge-response method includes requesting respective token challenges from devices, receiving the respective token challenges from the devices, providing the respective token challenges to a signing server, receiving from the signing server a signature of the respective token challenges signed with a private key of the signing server, and providing to a given device of the devices a request to perform an operation, the request including the signature and the respective token challenges.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: In one embodiment, a system includes data communication device including a network interface to receive a nonce supply request from a remote machine, processing core(s), processing circuitry to generate a nonce, sign the nonce with a private key of the data communication device yielding a first digital signature, provide the nonce and first digital signature to the remote machine, receive, from the remote machine, a secure reset request including a second digital signature of the nonce signed with a private key of the remote machine, verify the second digital signature with a public key of the remote machine to verify that the remote machine provided the secure reset request and that the nonce signed by the second digital signature is the same nonce provided to the remote machine, and issue a reset command to the processing core(s) to reboot responsively to the verification of the second digital signature.

Abstract: A compute node includes a network-connected device, and a baseboard management controller (BMC) that is connected to the network-connected device by a sideband interface. The network-connected device is configured to communicate with a network. The BMC is configured to configure the network-connected device, via the sideband interface, to engage in a debug session over the network with a remote debug device.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is to communicate with an NVM. The processor is to store in the NVM at least a Type-Length-Value (TLV) record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least a validity indicator of the TLV record, to read the TLV record from the NVM, and to invalidate the TLV record by modifying the validity indicator stored in the non-encrypted fields, without decryption of any of the encrypted fields.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM Type-Length-Value (TLV) records, each TLV record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least respective validity indicators of the TLV records, to read the TLV records that include the encrypted fields and the non-encrypted fields from the NVM, and to invalidate selected TLV records by modifying the respective validity indicators of the selected TLV records that are stored in the non-encrypted fields.

Abstract: In one embodiment, a network interface card device includes communication interfaces to provide data connection with respective local devices configured to run respective clock synchronization clients, at least one network interface to provide data connection between a packet data network and ones of the local devices, and a hardware clock to maintain a time value, and serve the clock synchronization clients.

Abstract: Apparatuses, systems, and techniques that implement a unidirectional counter with one-time-programmable memory that prevents the counter from reversing direction. In at least one embodiment, a unidirectional counter is implemented with a base value represented as a binary number and an offset represented as a bit field where each bit represents an equal amount.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM Type-Length-Value (TLV) records, each TLV record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least respective validity indicators of the TLV records, to read the TLV records that include the encrypted fields and the non-encrypted fields from the NVM, and to invalidate selected TLV records by modifying the respective validity indicators of the selected TLV records that are stored in the non-encrypted fields.

Abstract: A compute node includes a network-connected device, and a baseboard management controller (BMC) that is connected to the network-connected device by a sideband interface. The network-connected device is configured to communicate with a network. The BMC is configured to configure the network-connected device, via the sideband interface, to engage in a debug session over the network with a remote debug device.

Abstract: An electro-optical (EO) interconnect assembly includes an optical fiber, and first and second EO transceivers. The first and second EO transceivers, which are coupled to respective ends of the optical fiber, are configured to (i) connect to respective first and second network devices, (ii) exchange electrical signals with the first and second network devices, (iii) convert between the electrical signals and optical signals, and exchange the optical signals with one another over the optical fiber, and (iv) conduct with one another, over the optical fiber, a secure challenge-response transaction, and to initiate a responsive action upon failure of the challenge-response transaction.

Abstract: In one embodiment, a computer apparatus includes a first NIC including at least one network interface port to transfer data with a first packet-data network (PDN) including a master clock to provide a clock synchronization signal S1, a first physical hardware clock (PHC) to maintain a time value T1 responsively to S1, and a first clock controller to generate a clock synchronization signal S2 responsively to S1, S2 having a frequency set responsively to S1, and send S2 over a connection to a second NIC including at least one network interface port to transfer data with a second PDN, a second PHC, and a second clock controller to receive S2, update the second PHC with a time value T2 responsively to S2, send another clock synchronization signal to network nodes in the second PDN responsively to T2, the second NIC acting as a master clock in the second PDN.