TECHNIQUES TO DETECT NON-ENUMERABLE DEVICES VIA A FIRMWARE INTERFACE TABLE
Embodiments are generally directed to apparatuses, method, techniques, and so forth including a memory coupled to processing circuitry, wherein the memory stores a firmware interface table and the firmware interface table comprises an entry to identify a non-enumerable resource. Embodiments include accessing the firmware interface table to identify the non-enumerable resource.
Latest Intel Patents:
- APPARATUS, SYSTEM AND METHOD OF COMMUNICATING A PHYSICAL LAYER PROTOCOL DATA UNIT (PPDU) INCLUDING A TRAINING FIELD
- USES OF CODED DATA AT MULTI-ACCESS EDGE COMPUTING SERVER
- SELECTIVE PACKING OF PATCHES FOR IMMERSIVE VIDEO
- MULTI-LINK DEVICE RESETUP AND TRANSITION WITH STATION DEVICE ADDRESS AUTHENTICATION
- METHOD AND APPARATUS FOR SHARED VIRTUAL MEMORY TO MANAGE DATA COHERENCY IN A HETEROGENEOUS PROCESSING SYSTEM
This application claims priority to U.S. Provisional Patent Application No. 62/365,969, filed Jul. 22, 2016, U.S. Provisional Patent Application No. 62/376,859, filed Aug. 18, 2016, and United Provisional Patent Application No. 62/427,268, filed Nov. 29, 2016, each of which are hereby incorporated by reference in their entirety.
TECHNICAL FIELDEmbodiments described herein generally include detecting non-enumerable devices via a firmware interface table.
BACKGROUNDA computing data center may include one or more computing systems including a plurality of compute nodes that may include various compute structures (e.g., servers or sleds) and may be physically located on multiple racks. The sleds may include a number of physical resources interconnected via one or more compute structures and buses. Typically, a computing data center may include a number of devices that may need to be discovered during a boot sequence. Devices, such as processors and chipsets, are identified by unique stock keeping units (SKUs) and are used to identify various with devices. Sometimes these devices and SKUs are non-discoverable and must be hardcoded into the basic input/output system (BIOS). Generally, this leads to each original equipment manufacturer (OEM) defining their own code or format for handling variations and validations of implementations. Which increases time to manufacturer, costs, and inconsistency between systems. Thus, embodiments are directed to solving these and other problems.
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.
Various embodiments may be generally directed to discovering non-enumerable resources of a system. For example, embodiments include storing a firmware interface table (FIT) in a firmware device coupled to processing circuitry, the FIT includes entries to identify non-enumerable resources. The entries may include vendor defined identification information, such as a SKU, that may be used to identify a non-enumerable resource, for example.
Embodiments also include accessing, by processing circuitry, the FIT to identify the non-enumerable resources. For example, processing circuitry may read or retrieve the entries in the FIT, which include the identification to identify the non-enumerable resources. In some instances, one or more entries associated with a vendor may be signed by a vendor key (or hash value) and used to validate the one or more entries. Further, each of the vendor keys may be signed by a manufacturer of the platform or sled, e.g. Intel® Corp., for use in validating the vendor keys. Embodiments are not limited in this manner. These and other details will become more apparent in the following description.
Reference is now made to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding thereof. It may be evident, however, that the novel embodiments can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate a description thereof. The intention is to cover all modifications, equivalents, and alternatives consistent with the claimed subject matter.
The illustrative data center 100 differs from typical data centers in many ways. For example, in the illustrative embodiment, the circuit boards (“sleds”) on which components such as CPUs, memory, and other components are placed are designed for increased thermal performance. In particular, in the illustrative embodiment, the sleds are shallower than typical boards. In other words, the sleds are shorter from the front to the back, where cooling fans are located. This decreases the length of the path that air must to travel across the components on the board. Further, the components on the sled are spaced further apart than in typical circuit boards, and the components are arranged to reduce or eliminate shadowing (i.e., one component in the air flow path of another component). In the illustrative embodiment, processing components such as the processors are located on a top side of a sled while near memory, such as DIMMs, are located on a bottom side of the sled. As a result of the enhanced airflow provided by this design, the components may operate at higher frequencies and power levels than in typical systems, thereby increasing performance. Furthermore, the sleds are configured to blindly mate with power and data communication cables in each rack 102A, 102B, 102C, 102D, enhancing their ability to be quickly removed, upgraded, reinstalled, and/or replaced. Similarly, individual components located on the sleds, such as processors, accelerators, memory, and data storage drives, are configured to be easily upgraded due to their increased spacing from each other. In the illustrative embodiment, the components additionally include hardware attestation features to prove their authenticity.
Furthermore, in the illustrative embodiment, the data center 100 utilizes a single network architecture (“fabric”) that supports multiple other network architectures including Ethernet and Omni-Path. The sleds, in the illustrative embodiment, are coupled to switches via optical fibers, which provide higher bandwidth and lower latency than typical twister pair cabling (e.g., Category 5, Category 5e, Category 6, etc.). Due to the high bandwidth, low latency interconnections and network architecture, the data center 100 may, in use, pool resources, such as memory, accelerators (e.g., graphics accelerators, FPGAs, ASICs, etc.), and data storage drives that are physically disaggregated, and provide them to compute resources (e.g., processors) on an as needed basis, enabling the compute resources to access the pooled resources as if they were local. The illustrative data center 100 additionally receives usage information for the various resources, predicts resource usage for different types of workloads based on past resource usage, and dynamically reallocates the resources based on this information.
The racks 102A, 102B, 102C, 102D of the data center 100 may include physical design features that facilitate the automation of a variety of types of maintenance tasks. For example, data center 100 may be implemented using racks that are designed to be robotically-accessed, and to accept and house robotically-manipulable resource sleds. Furthermore, in the illustrative embodiment, the racks 102A, 102B, 102C, 102D include integrated power sources that receive higher current than typical for power sources. The increased current enables the power sources to provide additional power to the components on each sled, enabling the components to operate at higher than typical frequencies.
In various embodiments, dual-mode optical switches may be capable of receiving both Ethernet protocol communications carrying Internet Protocol (IP packets) and communications according to a second, high-performance computing (HPC) link-layer protocol (e.g., Intel's Omni-Path Architecture's, Infiniband) via optical signaling media of an optical fabric. As reflected in
Included among the types of sleds to be accommodated by rack architecture 600 may be one or more types of sleds that feature expansion capabilities.
MPCMs 916-1 to 916-7 may be configured to provide inserted sleds with access to power sourced by respective power modules 920-1 to 920-7, each of which may draw power from an external power source 921. In various embodiments, external power source 921 may deliver alternating current (AC) power to rack 902, and power modules 920-1 to 920-7 may be configured to convert such AC power to direct current (DC) power to be sourced to inserted sleds. In some embodiments, for example, power modules 920-1 to 920-7 may be configured to convert 277-volt AC power into 12-volt DC power for provision to inserted sleds via respective MPCMs 916-1 to 916-7. The embodiments are not limited to this example.
MPCMs 916-1 to 916-7 may also be arranged to provide inserted sleds with optical signaling connectivity to a dual-mode optical switching infrastructure 914, which may be the same as—or similar to—dual-mode optical switching infrastructure 514 of
Sled 1004 may also include dual-mode optical network interface circuitry 1026. Dual-mode optical network interface circuitry 1026 may generally comprise circuitry that is capable of communicating over optical signaling media according to each of multiple link-layer protocols supported by dual-mode optical switching infrastructure 914 of
Coupling MPCM 1016 with a counterpart MPCM of a sled space in a given rack may cause optical connector 1016A to couple with an optical connector comprised in the counterpart MPCM. This may generally establish optical connectivity between optical cabling of the sled and dual-mode optical network interface circuitry 1026, via each of a set of optical channels 1025. Dual-mode optical network interface circuitry 1026 may communicate with the physical resources 1005 of sled 1004 via electrical signaling media 1028. In addition to the dimensions of the sleds and arrangement of components on the sleds to provide improved cooling and enable operation at a relatively higher thermal envelope (e.g., 250 W), as described above with reference to
As shown in
In another example, in various embodiments, one or more pooled storage sleds 1132 may be included among the physical infrastructure 1100A of data center 1100, each of which may comprise a pool of storage resources that is available globally accessible to other sleds via optical fabric 1112 and dual-mode optical switching infrastructure 1114. In some embodiments, such pooled storage sleds 1132 may comprise pools of solid-state storage devices such as solid-state drives (SSDs). In various embodiments, one or more high-performance processing sleds 1134 may be included among the physical infrastructure 1100A of data center 1100. In some embodiments, high-performance processing sleds 1134 may comprise pools of high-performance processors, as well as cooling features that enhance air cooling to yield a higher thermal envelope of up to 250 W or more. In various embodiments, any given high-performance processing sled 1134 may feature an expansion connector 1117 that can accept a far memory expansion sled, such that the far memory that is locally available to that high-performance processing sled 1134 is disaggregated from the processors and near memory comprised on that sled. In some embodiments, such a high-performance processing sled 1134 may be configured with far memory using an expansion sled that comprises low-latency SSD storage. The optical infrastructure allows for compute resources on one sled to utilize remote accelerator/FPGA, memory, and/or SSD resources that are disaggregated on a sled located on the same rack or any other rack in the data center. The remote resources can be located one switch jump away or two-switch jumps away in the spine-leaf network architecture described above with reference to
In various embodiments, one or more layers of abstraction may be applied to the physical resources of physical infrastructure 1100A in order to define a virtual infrastructure, such as a software-defined infrastructure 1100B. In some embodiments, virtual computing resources 1136 of software-defined infrastructure 1100B may be allocated to support the provision of cloud services 1140. In various embodiments, particular sets of virtual computing resources 1136 may be grouped for provision to cloud services 1140 in the form of SDI services 1138. Examples of cloud services 1140 may include—without limitation—software as a service (SaaS) services 1142, platform as a service (PaaS) services 1144, and infrastructure as a service (IaaS) services 1146.
In some embodiments, management of software-defined infrastructure 1100B may be conducted using a virtual infrastructure management framework 1150B. In various embodiments, virtual infrastructure management framework 1150B may be designed to implement workload fingerprinting techniques and/or machine-learning techniques in conjunction with managing allocation of virtual computing resources 1136 and/or SDI services 1138 to cloud services 1140. In some embodiments, virtual infrastructure management framework 1150B may use/consult telemetry data in conjunction with performing such resource allocation. In various embodiments, an application/service management framework 1150C may be implemented in order to provide QoS management capabilities for cloud services 1140. The embodiments are not limited in this context.
Sled 1204 may also include dual-mode optical network interface circuitry 1226. Dual-mode optical network interface circuitry 1226 may generally include circuitry that is capable of communicating over optical signaling media according to each of multiple link-layer protocols supported by dual-mode optical switching infrastructure, as previously discussed in
Coupling MPCM 1216 with a counterpart MPCM of a sled space in a given rack may cause optical connector 1216A to couple with an optical connector comprised in the counterpart MPCM. This may generally establish optical connectivity between optical cabling of the sled and dual-mode optical network interface circuitry 1226, via each of a set of optical channels 1225. Dual-mode optical network interface circuitry 1226 may communicate with the physical resources 1205 of sled 1204 via electrical signaling media 1228.
The sled 1204 may also include a management controller 1262, which may be capable of performing management functions for the sled 1204 and physical resources 1205. The management controller 1262 provides management functionality including sending metric data to a pod management controller or rack management controller. In some instances, the management controller 1262 may be part of an Intelligent Platform Management Interface (IPMI) architecture and may be a baseboard management controller (BMC) or specialized service processor that monitors the physical state and operational state of the physical resources 1205 using sensors and communicating with the physical resources 1205 themselves to collect the metric data. In some instances, the management controller 1262 may be a sled management controller. Embodiments are not limited in this manner.
The management controller 1262 may also perform other functions, including but not limited to, collecting and providing identification information with respect to the one or more physical resources 1205 during startup or restart operations of the sled 1204. This identification information may identify non-discoverable or non-enumerable resources, such as those coupled via a general purpose input/output (GPIO) bus, a system management bus (SMBus), serial peripheral interface (SPI) bus, enhanced SPI (eSPI) bus, low pin count (LPC) bus, flash/non-volatile memory interfaces such as Common Flash Memory Interface (CFI), Open NAND Flash Interface (ONFI), and so forth. Identification information for these resources was typically hardcoded into the BIOS to handle specific platform tasks. However, hardcoding the identification information generally leads to each original equipment manufacturer (OEM) defining their own code or format for handling variations and validations of the implementations of their devices. Embodiments discussed provide a standard format for deploying this identification information.
Embodiments include incorporating the identification information in a firmware interface table (FIT) 1219 of a firmware device 1217, which may be non-volatile memory. The FIT 1219 may include the identification information, such as a stock keeping unit (SKU) identification or platform identifiers, for physical resources 1205 in a standard format. The FIT 1219 may also include platform/SKU description languages for the non-enumerable resources. The identification information and platform/SKU description language in the FIT 1219 may be discoverable and validated by circuitry 1213 and provided to other components for configuration.
In embodiments, the FIT 1219 may store additional information in the FIT, such as memory parameters and link initialization information. Typically, the memory parameters and link initialization information may be stored in BIOS code. However, if any changes are required to memory parameters or link initialization information, the total time to manufacture may be delayed, increasing cost because of a change in BIOS code. This information, memory parameters and link initialization information, alternatively may also be stored in the FIT 1219 may be updateable/changed with affected the BIOS code. Thus, “generic” BIOS code may be utilized to reduce cost and risk of delays during the time of manufacturer.
Embodiments may include the sled 1204 having the circuitry 1213 capable of executing one or more instructions, such as microcode 1211, to discover and provide the identification information and platform/SKU description languages for resources or devices. For example, the circuitry 1213 may execute the microcode 1211 based on one or more registers being set or signals communicated to the circuitry 1213. The microcode 1211 may be stored in non-volatile memory, which may be secured memory in some instances. The instructions may be communicated via one or more interconnects 1258 between the non-volatile memory and the circuitry 1213 for execution, for example. In some instances, the microcode 1211 and circuitry 1213 may be implemented in the same device or silicon and other in instances the circuitry 1213 and microcode 1211 may be part of different devices. In some embodiments, the circuitry 1213 may be part of a processing unit, a controller, the management controller 1262, a physical compute resource 1205-2, and so forth. In some instances, the circuitry 1213 may be standalone circuitry for processing microcode 1211 as part of a startup or reset operation.
The circuitry 1213 may read or access the FIT 1219 in the firmware device 1217, which may be non-volatile memory and may be secure memory. In some instances, the firmware device 1217 may be read only memory (ROM) that is part of an Advanced Configuration and Power Interface (ACPI) architecture or Unified Extensible Firmware Interface (UEFI) architecture. As will be discussed in more detail below, the FIT 1219 may include one or more entries, e.g. SKU identifiers, associated with one or more vendors. The vendors may be the OEM of particular resources or devices that are incorporated with the sled 1204 or coupled with the sled 1204 via one or more interconnects. In some instances, the devices or resources may be physical resources 1205, which may include physical memory resource(s) 1205-1, physical compute resource(s) 1205-2, a physical storage resource(s) 1205-3, and physical accelerator resource(s) 1205-4.
In some instances, one or more of the physical resources 1205 may be a non-enumerable resource or device that are typically not discoverable during a typical startup or restart of a sled. As mentioned, these non-enumerable resources may include devices coupled with components of the sled 1204, such as the management controller 1262, via a GPIO bus, SMBus bus, and a USB. For example, these non-enumerable resources may include a battery subsystem of a laptop or mobile device, a temperature sensor, a fan sensor, a voltage sensor, switches, clock chips, and so forth connected via a SMBus. Other non-enumerable devices connected via the SMBus may include Peripheral Component Interconnect (PCI) add-in or expansion cards. Non-enumerable resources that may utilize the GPIO bus may include output devices, such as light emitting diodes, buzzers, speakers, and so forth. Other non-enumerable resources that may utilize the GPIO bus may include input devices, such as buttons, various sensors (motion, light, etc.), and so forth. Embodiments are not limited to these examples.
As mentioned, identification information for each the non-enumerable resources may be programmed or stored in a FIT 1219 in the firmware device 1217. Thus, the circuitry 1213 may discover these devices via the identification information in the FIT 1219 and provide the identification information to other components of the sled 1204 include the management controller 1262, the BIOS 1212, a management engine (not show), an Innovation Engine (not shown) and so forth via one or more interconnects 1268 and electrical signaling. In some instances, the circuitry 1213 may validate each entry in the FIT 1219 to ensure the integrity of the identification information. For example, a vendor may sign or generate a key or hash value for its identification information/entries in the FIT 1219. One key or hash value may be generated and based on all of the entries identifying devices for a particular vendor, for example. Each vendor may generate and have a unique key or hash value based on its own resources. The key or hash value may be stored in a secure device, such as Intel's® Trusted Platform Model (TPM®), or any other secure memory or secure storage device. The circuitry 1213 may validate entries in the FIT 1219 by comparing the key or hash value from the FIT 1219 with the trusted key or hash value stored in the secure device.
In some embodiments, the circuitry 1213 may validate the entire FIT 1219 structure by comparing a global key or hash value in the FIT 1219 with a stored and validated global key or hash value stored in the secure device. The global key or hash value may be generated and based on the keys associated with the vendors and entries. As will be discussed in more detail below, the vendor key or hash values may be generated by each particular vendor and the global key or hash value may be generated by the manufacturer of the sled 1204 or OEM of the overall compute system. In other words, vendors of each non-enumerable resource may generate a key or hash value for validating their particular resources, and the OEM of the overall system may generate the global key or hash value based on each of the vendor's keys or hash values. All of the keys or hash values may be stored in secure device and used to validate resource entries and the system. These and other details will become more apparent in the following description.
The FIT 1319 may be included in read-only memory space, such as PAL/SAL ROM space, within a firmware address space of firmware, such as firmware device 1217 of
In embodiments discussed herein, the FIT 1319 includes identification information for physical resources, and in particular, non-enumerable resource which may not be discoverable. Moreover, the FIT 1319 may include entries 1345, each associated with a particular non-enumerable resource and may be a SKU for the particular non-enumerable resource. Thus, Entry_1 1345-1-1 may be associated with and include a SKU for a first non-enumerable resource. In another example, Entry_2 1345-1-2 may be associated with and include a SKU for a second non-enumerable resource. In a third example, Entry_3 1345-1-3 may be associated with and include a SKU for a third non-enumerable resource. The FIT 1319 may include any number of entries as illustrated by Entry_p 1345-1-p, where p may be any positive integer, for any number of vendors.
In the illustrated example, each of the entries 1345 manufactured by a particular vendor may be signed by the same vendor key 1343. For example, Entry_1 1345-1-1, Entry_2 1345-1-2, and Entry_3 1345-1-3 may be for non-enumerable resources manufactured and/or sold by the same vendor and signed by the same vendor key (Vendor Key_1) 1343-1 in the FIT 1319. The vendor key 1343 may be a hash value generated from each of the entries 1345 in the FIT 1319 for a particular vendor. Moreover, each vendor may have a different vendor key 1343, which is based on the entries 1345 in the FIT 1319 manufactured by that particular vendor.
In embodiments, the FIT 1319 may also include a global vendor key 1341, which may be a hash value generated and/or signed by the manufacturer of the compute system or a sled. In some instances, the global vendor key 1341 may not be located within the FIT 1319, but may be located within a different secure memory. As will be discussed in more detail below, the vendor keys 1343 may be used to verify the entries 1345 and the global key 1341 may be used to verify the vendor keys 1343.
In embodiments, processing circuitry 1413 may receive an indication or signal to perform a detection or determination of one or more non-enumerable resources that are present on a platform, such as a sled discussed herein. The indication or signal may be based on one or more registers being set and caused by power being applied to the platform or sled as part of a startup routine or during a restart routine. The indication or signal may occur prior to many of the components or elements initializing during a pre-boot initialization, and may occur prior to or during a power on self-test (POST) routine. In some instances, the indication or signal may occur prior to execution of instruction of the BIOS and the identification information may be provided to the BIOS for use during execution of the BIOS instructions. In some instances, the indication or signal may include receiving instructions from microcode 1411. However, embodiments are not limited in this manner.
At line 1452, the processing circuitry 1413 may receive or retrieve one or more instructions from microcode 1411 to perform as part of the pre-boot initialization and to determine one or more non-enumerable resources included in a platform or sled. The one or more instructions and microcode 1411 may be stored in a non-volatile memory and/or a read-only memory that may have been programmed at the time of manufacturer by the manufacturer. In some instances, the microcode 1411 may be stored in a secure memory such that it may not be changed or corrupted. However, embodiments are not limited in this manner and in some instances, the microcode 1411 may be updatable or reprogrammable.
At line 1454, the processing circuitry 1413 may retrieve or receive identification information from the firmware device 1417 and in particular the FIT 1419. The identification information may include one or more entries 1445 identifying non-enumerable resources of the platform or sled. For example, each entry 1445 may indicate an identifier or be a SKU for a particular non-enumerable resource. The processing circuitry 1413 may also receive or retrieve one or more keys from the FIT 1419. The one or more keys may include vendor keys 1443 and a global key 1441. A vendor key 1443 may be a hash value generated and based on each of the entries 1443 developed or manufactured by a particular vendor. For example, a first vendor may generate a first key, e.g. vendor key 1443-1, based on entries 1445 associated with non-enumerable resources manufactured by the first vendor. In another example, a second vendor may generate a second key, e.g. a vendor key 1443-2, based on entries 1445 associated with non-Docket enumerable resources manufactured by the second vendor. In these examples, the first key and the second key will be different keys. Any number of vendor keys 1443-m, where m may be any positive integer, may be generated and equal the total number of vendors manufacturing non-enumerable resources that are part of the platform or sled. Further, the vendor keys 1443 may be signed or a global key 1441 may be generated based on the vendor keys 1443. For example, a hash value may be generated using the vendor keys 1443. In some instances, the global key 1441 may be stored in the FIT 1419. In other instances, the global 1441 may be generated by the processing circuitry 1413 in real-time, while processing instructions of the microcode 1411. For example, the processing circuitry 1413 may use the vendor keys 1443 to generate a hash value, which may be a global 1441, and for use in verification.
The processing circuitry 1413 may utilize the global key 1441 (or a generated global key) to verify the vendor keys 1443 in the FIT 1419. For example, the processing circuitry 1413, at line 1456, may receive or retrieve a validated global key 1421 from a secure device 1414 for comparison with the global key 1441 of the FIT 1419. In some instances, the processing circuitry 1413 may generate the global key, e.g. a hash value, using the vendor keys 1443 stored in the FIT 1419 in real-time. If the global key 1441 or generated global key matches the validated global key 1421, the vendor keys 1443 of the FIT 1419 may be validated. If the global key 1441 or generated global key does not match the validated global key 1421, the vendor keys 1443 may not be validated and a corrective action may be taken. The validated global key 1421 may be generated at the time of manufacturer by the manufacturer and stored in the secure device 1414, which may be non-volatile and/or read-only memory.
Similarly, the processing circuitry 1413 may also validate each of the entries 1445 may comparing each of the one or more vendor keys 1443 with a corresponding validated vendor key 1423 in the secure device 1414. If a vendor key 1443 matches a corresponding validated vendor key 1423, the entries 1445 for that vendor may be validated. If a vendor key 1443 does not match a corresponding validated vendor key 1423, the entries 1445 for that vendor may not be validated and a corrective action may be taken.
At line 1458, the processing circuitry 1413 may provide the identification information, including the one or more entries (SKUs) associated with the non-enumerable resources to one or more other components of the platform or sled. For example, the processing circuitry 1413 may provide the identification to the BIOS 1412 and management controller 1462 to perform other pre-boot operations and to boot the platform or sled. The identification information may be utilized by the BIOS 1412, the management controller 1462, and other components, such as management engine (not shown), to configure other components for the platform or sled. In some embodiments, the entries 1445 in the FIT 1419 may be in particular such that one or more non-enumerable resources are configured in a particular order. Further, entries and non-enumerable resource information may be provided to the pod management controller, such that these devices may be utilized and managed in the data center. Embodiments are not limited in this manner.
At block 1502, the logic flow 1500 includes circuitry receiving one or more signals or indications to perform pre-boot operations to determine one or more non-enumerable resources that are present on a platform or a sled. The circuitry may execute one or more instructions based on the signals or indications, the instructions may be part of microcode that may be stored in a memory or firmware. Moreover, the microcode may have been generated during the time of manufacturer of the platform or sled or may be updateable. Embodiments are not limited in this manner.
At block 1504, the logic flow 1500 includes circuitry to gather identification information for one or more non-enumerable resources. More specifically, the circuitry may receive or retrieve identification information, such as SKUs, associated with non-enumerable resources from a FIT. Each identifier or entry in the FIT may be associated with a particular non-enumerable resource and with a particular vendor. Moreover, each vendor may have a number of non-enumerable resources as part of the platform or sled.
In embodiments, the circuitry may also gather vendor keys associated with the entries (SKUs) in the FIT that may be used to verify or validate the entries. Each vendor may have its own vendor key that may be generated from the entries in the FIT. A vendor key may be compared with to a validated vendor key in a secure device to determine whether entries associated with that vendor key are valid. The circuitry may also gather or generate a global key based on the vendor keys that may be used to validate the vendor keys. The global key may be compared with a validated global key to validate the vendor keys. Embodiments are not limited in this manner.
At decision block 1508, the logic flow 1500 may include circuitry to determine whether one or more of the vendor keys and the global key are valid. If at least one of the vendor keys or global keys are not valid, the logic flow 1500 may include causing a corrective action at block 1510. The corrective action may include notify a system administrator of the invalidity. Embodiments are not limited in this manner.
If at block 1508, the vendor keys and global key are valid, the logic flow 1500 may include providing the identification information including the SKUs to one or more other components of the platform or sled. For example, the identification information may be provided to a BIOS or a management controller to perform additional startup operations.
At block 1605, the logic flow 1600 includes storing a firmware interface table (FIT) in a firmware device coupled to processing circuitry, the firmware interface table comprising an entry to identify a non-enumerable resource. The entry includes identification information, such as a SKU, that may be used to identify the non-enumerable resource, for example.
At block 1610, the logic flow 1600 includes accessing, by the processing circuitry, the firmware interface table to identify the non-enumerable resource. For example, processing circuitry may read or retrieve entries in the FIT, which include the identification to identify the non-enumerable resource. In some instances, one or more entries associated with a vendor may be signed by a vendor key (or hash value) and used to validate the one or more entries. Further, each of the vendor keys may be signed by a manufacturer of the platform or sled, e.g. Intel® Corp., for use in validating the vendor keys. Embodiments are not limited in this manner.
The detailed disclosure now turns to providing examples that pertain to further embodiments. Examples one through twenty-five (1-25) provided below are intended to be exemplary and non-limiting.
In a first example, a system, a device, an apparatus, and so forth may include processing circuitry, processing circuitry, and a firmware device coupled to the processing circuitry, the firmware device comprising a firmware interface table, the firmware interface table comprising an entry to identify a non-enumerable resource. The processing circuitry to access the firmware interface table to identify the non-enumerable resource.
In a second example and in furtherance of the first example, a system, a device, an apparatus, and so forth including the entry signed by a key and the processing circuitry to validate the entry based on a comparison between the key and a validated key stored in a secure device
In a third example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the firmware interface table comprising a plurality of entries including the entry, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by a key, and the processing circuitry to validate the plurality of entries based on a comparison between the key and a validated key stored in a secure device.
In a fourth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
In a fifth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the processing circuitry to validate the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
In a sixth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the first key and the second key signed by a third key, and the processing circuitry to validate the first key and the second key based on a comparison between the third key and a third validated key.
In a seventh example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the entry comprising a stock keeping unit (SKU) identification code to identify the non-enumerable resource.
In an eighth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the processing circuitry to process one or more instructions of microcode to validate the entry and provide the entry to one or more of a Basic Input/Output System (BIOS), a baseboard management controller (BMC), and a management engine (ME).
In a ninth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus), a general purpose input/output (GPIO) bus, serial peripheral interface (SPI) bus, enhanced SPI (eSPI) bus, low pin count (LPC) bus, flash/non-volatile memory interfaces such as Common Flash Memory Interface (CFI), Open NAND Flash Interface (ONFI), and so forth.
In a tenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to access a firmware interface table of a firmware device to identify a non-enumerable resource, the firmware interface table comprising an entry to identify the non-enumerable resource.
In an eleventh example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to validate the entry based on a comparison between the key and a validated key stored in a secure device.
In a twelfth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to validate a plurality of entries including the entry based on a comparison between a key and a validated key stored in a secure device, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by the key.
In a thirteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to process the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
In a fourteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to validate the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
In a fifteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to process the first key and the second key signed by a third key, and the processing circuitry to validate the first key and the second key based on a comparison between the third key and the third validated key.
In a sixteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to process the entry comprising a stock keeping unit (SKU) identification code to identify the non-enumerable resource.
In a seventeenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to process one or more instructions of microcode to validate the entry and provide the entry to one or more of a Basic Input/Output System (BIOS), a baseboard management controller (BMC), and a management engine (ME).
In an eighteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to determine the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus) and a general purpose input/output (GPIO) bus.
In a nineteenth example and in furtherance of any of the previous examples, a computer-implemented method may include accessing a firmware interface table of a firmware device to identify a non-enumerable resource, the firmware interface table comprising an entry to identify the non-enumerable resource, and identifying the non-enumerable resource based on the entry in the firmware interface table.
In a twentieth example and in furtherance of any of the previous examples, a computer-implemented method may include validating the entry based on a comparison between the key and a validated key stored in a secure device.
In a twenty-first example and in furtherance of any of the previous examples, a computer-implemented method may include validating a plurality of entries including the entry based on a comparison between a key and a validated key stored in a secure device, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by the key.
In a twenty-second example and in furtherance of any of the previous examples, a computer-implemented method may include processing the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
In a twenty-third example and in furtherance of any of the previous examples, a computer-implemented method may include validating the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
In a twenty-fourth example and in furtherance of any of the previous examples, a computer-implemented method may include validating the first key and the second key based on a comparison between a third key and a third validated key, the third key signing the first and second keys.
In a twenty-fifth example and in furtherance of any of the previous examples, a computer-implemented method may include the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus) and a general purpose input/output (GPIO) bus.
Some embodiments may be described using the expression “one embodiment” or “an embodiment” along with their derivatives. These terms mean that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment. Further, some embodiments may be described using the expression “coupled” and “connected” along with their derivatives. These terms are not necessarily intended as synonyms for each other. For example, some embodiments may be described using the terms “connected” and “coupled” to indicate that two or more elements are in direct physical or electrical contact with each other. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
It is emphasized that the Abstract of the Disclosure is provided to allow a reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Also, in the preceding Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are at this moment incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively. Moreover, the terms “first,” “second,” “third,” and so forth, are used merely as labels and are not intended to impose numerical requirements on their objects.
What has been described above includes examples of the disclosed architecture? It is, of course, not possible to describe every conceivable combination of components and methodologies, but one of ordinary skill in the art may recognize that many further combinations and permutations are possible. Accordingly, the novel architecture is intended to embrace all such alterations, modifications, and variations that fall within the spirit and scope of the appended claims.
Claims
1. An apparatus, comprising:
- processing circuitry; and
- a memory coupled to the processing circuitry, the memory storing a firmware interface table, the firmware interface table comprising an entry to identify a non-enumerable resource; and
- the processing circuitry to access the firmware interface table to identify the non-enumerable resource.
2. The apparatus of claim 1, the entry signed by a key and the processing circuitry to validate the entry based on a comparison between the key and a validated key stored in a secure device.
3. The apparatus of claim 1, the firmware interface table comprising a plurality of entries including the entry, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by a key; and
- the processing circuitry to validate the plurality of entries based on a comparison between the key and a validated key stored in a secure device.
4. The apparatus of claim 1, the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
5. The apparatus of claim 4, the processing circuitry to validate the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
6. The apparatus of claim 4, the first key and the second key signed by a third key; and
- the processing circuitry to validate the first key and the second key based on a comparison between the third key and a third validated key.
7. The apparatus of claim 1, the entry comprising a stock keeping unit (SKU) identification code to identify the non-enumerable resource.
8. The apparatus of claim 1, the processing circuitry to process one or more instructions of microcode to validate the entry and provide the entry to one or more of a Basic Input/Output System (BIOS), a baseboard management controller (BMC), and a management engine (ME).
9. The apparatus of claim 1, the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus) and a general purpose input/output (GPIO) bus.
10. A non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to:
- access a firmware interface table stored in a firmware device to identify a non-enumerable resource, the firmware interface table comprising an entry to identify the non-enumerable resource; and
- identify the non-enumerable resource based on the entry in the firmware interface table.
11. The computer-readable storage medium of claim 10, comprising a plurality of instructions, that when executed, enable processing circuitry to validate the entry based on a comparison between the key and a validated key stored in a secure device.
12. The computer-readable storage medium of claim 10, comprising a plurality of instructions, that when executed, enable processing circuitry to validate a plurality of entries including the entry based on a comparison between a key and a validated key stored in a secure device, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by the key.
13. The computer-readable storage medium of claim 10, the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
14. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to validate the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
15. The computer-readable storage medium of claim 10, the first key and the second key signed by a third key, and the processing circuitry to validate the first key and the second key based on a comparison between the third key and the third validated key.
16. The computer-readable storage medium of claim 10, the entry comprising a stock keeping unit (SKU) identification code to identify the non-enumerable resource.
17. The computer-readable storage medium of claim 10, comprising a plurality of instructions, that when executed, enable processing circuitry to process one or more instructions of microcode to validate the entry and provide the entry to one or more of a Basic Input/Output System (BIOS), a baseboard management controller (BMC), and a management engine (ME).
18. The computer-readable storage medium of claim 10, the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus) and a general purpose input/output (GPIO) bus.
19. A computer-implemented method, comprising:
- accessing a firmware interface table stored in a memory to identify a non-enumerable resource, the firmware interface table comprising an entry to identify the non-enumerable resource; and
- identifying the non-enumerable resource based on the entry in the firmware interface table.
20. The computer-implemented method of claim 19, comprising validating the entry based on a comparison between the key and a validated key stored in a secure device.
21. The computer-implemented method of claim 19, comprising validating a plurality of entries including the entry based on a comparison between a key and a validated key stored in a secure device, the plurality of entries associated with a vendor, each of the entries associated with different non-enumerable resources, and the plurality of entries signed by the key.
22. The computer-implemented method of claim 19, the firmware interface table comprising a plurality of entries including the entry, a first portion of the plurality of entries associated with a first vendor and a second portion of the plurality of entries associated with a second vendor, the first portion signed by a first key and the second portion signed by a second key.
23. The computer-implemented method of claim 22, comprising validating the first portion based on a comparison between the first key and a first validated key, and validate the second portion based on a comparison between the second key and a second validated key.
24. The computer-implemented method of claim 19, comprising validating the first key and the second key based on a comparison between a third key and a third validated key, the third key signing the first and second keys.
25. The computer-implemented method of claim 19, the non-enumerable resource comprising a device coupled via one of a system management bus (SMBus) and a general purpose input/output (GPIO) bus.
Type: Application
Filed: Dec 30, 2016
Publication Date: Jan 25, 2018
Applicant: INTEL CORPORATION (SANTA CLARA, CA)
Inventors: MURUGASAMY K. NACHIMUTHU (BEAVERTON, OR), MOHAN J. KUMAR (ALOHA, OR)
Application Number: 15/396,039