Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.

Secure execution environment on a server

Non-volatile Memory Express over Fabric (NVMeOF) using Volume Management Device (VMD) schemes and associated methods, systems and software. The schemes are implemented in a data center environment including compute resources in compute drawers and storage resources residing in pooled storage drawers that are communicatively couple via a fabric. Compute resources are composed as compute nodes or virtual machines/containers running on compute nodes to utilize remote storage devices in pooled storage drawers, while exposing the remote storage devices as local NVMe storage devices to software running on the compute nodes. This is facilitated by virtualizing the system's storage infrastructure through use of hardware-based components, firmware-based components, or a combination of hardware/firmware- and software-based components. The schemes support the use of remote NVMe storage devices using an NVMeOF protocol and/or use of non-NVMe storage devices using NVMe emulation.

Non-volatile memory express over fabric (NVMeOF) using volume management device

The invention relates to C-3 novel triterpenone with C-28 amide derivatives, related compounds, and pharmaceutical compositions useful for the therapeutic treatment of viral diseases and particularly HIV mediated diseases (formula 1).

C-3 novel triterpenone with c-28 amide derivatives as hiv inhibitors

A system of booting a computer in which a pair of boots (or dual boots) is provided in the flash memory of the computer. The first flash boot, also called the primary boot, is activated when the computer is turned on, after the POST (Power on Self-Test). The primary boot determines if a secondary boot is stored in the flash memory of the computer. If the secondary boot is not stored in the flash memory of the computer, the primary boot resumes and the computer is booted using the primary boot. If a secondary boot is stored in the flash memory of the computer, the primary boot resumes and is completed, after which the computer is reset and rebooted using the secondary boot.

Dual boot computer system

Techniques for reconfiguring a server to perform various hardware functions are disclosed herein. In one embodiment, a client device sends an instance request to a compute service system for launching an instance. The instance request indicates a resource requirement for the instance. In response to the instance request, the compute service system selects a server from among a plurality of servers in the compute service system based on determining that the server is configurable to at least partially meet the resource requirement. The compute service system then sends a provisioning request to the selected server. The provisioning request includes information for programming a reconfigurable resource of an adapter device in the selected server according to a particular hardware function.

Reconfiguring a server including a reconfigurable adapter device

Embodiments detailed herein describe a system comprising a manageability server to generate an encrypted sideband message having at least one command; a server including: a radio frequency identification (RFID) device, the RFID device to include storage to store at least one encrypted sideband message having at least one command, and a security circuit coupled to the RFID device, the security circuit to: retrieve at least one encrypted sideband message from the RFID device storage, decrypt the one encrypted sideband message, determine validity of the decrypted sideband message using information from the decrypted sideband message, and perform an action in response to the at least one command.

Systems, apparatuses, and methods for platform security

A processor can be configured to access boot firmware from a remote location independent from use of a chipset. After a processor powers-on or reboots, the processor can execute microcode. The microcode will cause the processor to train a link with a remote device. The remote device can provide the processor with access to boot firmware. The processor can copy the boot firmware to the processor's cache or memory. The processor will attempt to authenticate the boot firmware. If the boot firmware is authenticated, the processor executes the copy of the boot firmware.

Techniques for processor boot-up

Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload

Techniques to verify and authenticate resources in a data center computer environment

Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

Apparatuses and methods for speculative execution side channel mitigation

Technologies for providing in-processor workload phase detection include a sled having a compute engine, which itself includes a performance monitor unit The compute engine obtains telemetry data from the performance monitor unit The performance monitor unit produces telemetry data indicative of performance metrics of the sled during execution of one or more workloads The telemetry data is indicative of a resource utilization and workload performance by the sled as the workloads are executed The compute engine determines, from a lookup table indicative of resource utilization phases, a resource utilization phase based on the obtained telemetry data A workload fingerprint is updated based on the determined resource utilization phase, and the workload fingerprint is output Other embodiments are also described and claimed

Dalvi Sagar

Papers

Systems, apparatuses, and methods for platform security

Techniques for processor boot-up

Techniques to verify and authenticate resources in a data center computer environment

Apparatuses and methods for speculative execution side channel mitigation

Technologies for in-processor workload phase detection