Background

[0001] Compute systems may include components that read corresponding machine readable instructions (e.g., firmware) stored in a memory during a boot process. After the boot process, each of the components may execute the corresponding machine readable instructions to implement their individual functions within the compute system.

Brief Description of the Drawings

[0002] Figs. 1 A-1 F are block diagrams illustrating various examples of a compute system.

[0003] Figs. 2A and 2B are flow diagrams illustrating one example of a method to secure boot a plurality of components within a compute system.

Detailed Description

[0004] In the following detailed description, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific examples in which the disclosure may be practiced. It is to be understood that other examples may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims. It is to be understood that features of the various examples described herein may be combined, in part or whole, with each other, unless specifically noted otherwise.

[0005] In a compute system, it may be desirable to cryptographically authenticate machine readable instructions (e.g., firmware) for each component in a secure boot process before the machine readable instructions are loaded by their corresponding components. Cryptographic authentication for machine readable instructions before the machine readable instructions are executed by a component provides a layer of hardware security in a compute system. The cryptographic authentication may include asymmetric key exchange between a component and the machine readable instructions, encrypted certificate exchange from the machine readable instructions to the component, and encrypted hash check of the machine readable instructions against a secure image of the machine readable instructions.

[0006] For a component to cryptographically authenticate its corresponding machine readable instructions as described above, many complex mechanisms may be implemented on each component, such as pseudo random number generators, asymmetric and/or symmetric key generation and exchange, and encrypted hash generation mechanisms. If every discreet component in a compute system is enabled for a secure boot process, these mechanisms would be implemented in numerous components adding cost and complexity to each individual component. In addition, many components do not have the proper architecture to support these cryptographic mechanisms. With multiple components spread across a compute system including private keys, encrypted information, and other security data, there is an increased risk of compromising this information and data. Therefore, it would be advantageous to have secure data and security mechanisms stored in a centralized security processor.

[0007] Accordingly, disclosed herein are examples of compute systems including a centralized security processor to perform a secure boot process of machine readable instructions (e.g., firmware) before the machine readable instructions are read and executed on corresponding components in the compute system. The machine readable instructions for each corresponding component may be stored in a corresponding memory for each component.

The memory for each component includes a dual communication link including a first communication link to the centralized security processor and a second communication link to the corresponding component. The first communication link is used to cryptographically authenticate the machine readable instructions for each component, and the second communication link is used to read the machine readable instructions for execution within the corresponding component once the machine readable instructions have been authenticated by the centralized security processor. The first communication link and the second communication link for the memory for each component may be implemented over the same communication bus, such that both the centralized security processor and the corresponding component share the same communication interface to the memory. Therefore, memory devices including a single communication interface may be used for the component memories.

[0008] The compute systems described herein avoid implementing extensive cryptography capabilities across multiple components in a compute system. Components that use the machine readable instructions are not cryptography enabled. Accordingly, legacy components and subsystems, such as components or subsystems whose architecture prohibits integration of cryptographic capabilities, may be upgraded to be secure boot enabled without adding cryptographic capabilities to the components or subsystems. In addition, the compute systems described herein may save money on cryptographic certifications (e.g., Common Criteria, FIPS, ANSSI, NIST, etc.), since the centralized security processor would include cryptographic capabilities to be certified but each of the components or subsystems would not include cryptographic capabilities to be certified. Thus, one component of a compute system would be certified instead of multiple components of the compute system. Cryptographic certifications generally cost hundreds of thousands of dollars and months to obtain. By certifying one component, compute system designers could use low-demand components in a secure boot environment and not pay a large overhead to integrate and certify cryptographic capabilities within the low volume components.

[0009] Holding the secure data in a centralized processor versus scattering the secure data over multiple components across a compute system also allows a higher level of security, since there is one access point to secure data rather than multiple access points. Further, in a typical secure boot architecture, multiple components are enabled for secure mechanisms, which generally increases the unit cost and research and development investment into each individual component. In this case, the security architecture tends to become more minimalistic when implemented multiple times on many different components. In contrast, with security mechanisms integrated into a single, centralized processor as disclosed herein, a high investment into the security architecture and processes may be put into that single processor ensuring the greatest protection from physical attacks and software attacks.

[0010] Fig. 1 A is a block diagram illustrating one example of a compute system 100a. Compute system 100a includes a security processor 102, a component 104, a component memory 106, a first communication link 108, and a second communication link 110. The component memory 106 stores machine readable instructions executable by the component 104. The first communication link 108 communicatively couples the component memory 106 to the security processor 102. The second communication link 110 communicatively couples the component memory 106 to the component 104. The security processor 102 is to cryptographically authenticate the machine readable instructions stored in the component memory 106 in a boot process.

[0011] Compute system 100a may be a computer system (e.g., server, desktop, laptop, etc.), a tablet, a cellular phone, or another system that performs computing functions. In one example, security processor 102, component 104, component memory 106, first communication link 108, and second communication link 110 may be arranged on a motherboard of the compute system 100a. Security processor 102 may include a Microcontroller Unit (MCU), a Programmable System On a Chip (PSOC), a Central Processing Unit (CPU), an embedded controller, or another suitable processor. Security processor 102 may be based on the ARM Cortex Cyptolsland or TrustZone architectures or another suitable security architecture.

[0012] The component 104 may include a Universal Serial Bus (USB) hub, a Local Area Network (LAN) controller, a Baseboard Management Controller (BMC), an Embedded Controller (EC), a Super Input/Output (SIO) controller, a high-speed switch controller, a signal conditioning controller, an external port controller, a power delivery controller, or another suitable compute system component. The first communication link 108 may include a Serial Peripheral Interface (SPI) communication link, an enhanced Serial Peripheral Interface (eSPI) communication link, an Inter-Integrated Circuit (I2C) communication link, a SenseWire (I3C) communication link, a System Management Bus (SMBus) communication link, or another suitable communication link. The second communication link 110 may include an SPI communication link, an eSPI communication link, an I2C communication link, a SenseWire (I3C) communication link, an SMBus communication link, or another suitable communication link.

[0013] Thus, component memory 106 includes a dual communication link, however, a single communication link should be active at a given point in time to reduce read and/or write conflicts. First communication link 108 may be active and second communication link 110 may be inactive to allow security processor 102 to cryptographically authenticate the machine readable instructions stored in component memory 106 during a secure boot process before the machine readable instructions are used by the component 104. Second communication link 110 may be active and first communication link 108 may be inactive to allow component 104 to use the machine readable instructions stored in component memory 106.

[0014] The first communication link 108 and the second communication link 110 may be electrically coupled to the same physical communication interface of the component memory 106. In one example, the first communication link 108 and the second communication link 110 may be electrically coupled to the same physical communication interface of the component memory 106 by wire ORing the first communication link 108 and the second communication link 110 and interfacing to the component memory 106. In another example, as will be described below with reference to Fig. 1 F, the first communication link 108 and the second communication link 110 may be electrically coupled to the same physical communication interface of the component memory 106 by externally multiplexing the first communication link 108 and the second communication link 110 to the component memory 106.

[0015] Fig. 1 B is a block diagram illustrating another example of a compute system 100b. Compute system 100b includes a security processor 102, a plurality of components 104i to 104N, a plurality of component memories 106i to 106N, a plurality of first communication links 108i to 108N, and a plurality of second communication links 110i to 11 ON, where “N” is any suitable number of components. Each component memory 106i to 106N corresponds to a component 104i to 104N and stores machine readable instructions executable by the corresponding component 104i to 104N, respectively. Each first communication link 108i to 108N communicatively couples the corresponding component memory 106i to 106N to the security processor 102, respectively. Each second communication link 110i to 11 ON communicatively couples the corresponding component memory 106i to 106N to the corresponding component 104i to 104N, respectively.

[0016] The security processor 102 is to cryptographically authenticate the machine readable instructions stored in each of the plurality of component memories 106i to 106N in a boot process. In one example, the security processor 102 is configured to cryptographically authenticate the machine readable instructions stored in each of the plurality of component memories 106i to 106N in parallel during the boot process. In another example, the security processor 102 is configured to cryptographically authenticate the machine readable instructions stored in each of the plurality of component memories 106i to 106N in series during the boot process.

[0017] Compute system 100b may be a computer system (e.g., server, desktop, laptop, etc.), a tablet, a cellular phone, or another system that performs computing functions. In one example, security processor 102, components 104i to 104N, component memories 106i to 106N, first communication links 108i to 108N, and second communication links 110i to 11 ON may be arranged on a motherboard of the compute system 100b.

[0018] Each component 104i to 104N may include a USB hub, a LAN controller, a BMC, an EC, an SIO controller, a high-speed switch controller, a signal conditioning controller, an external port controller, a power delivery controller, or another suitable compute system component. Each first communication link 108i to 108N may include an SPI communication link, an eSPI communication link, an I2C communication link, a SenseWire (I3C) communication link, an SMBus communication link, or another suitable communication link. Each second communication link 110i to 11 ON may include an SPI communication link, an eSPI communication link, an I2C communication link, a SenseWire (I3C) communication link, an SMBus communication link, or another suitable communication link. The first communication links 108i to 108N may include a single type of communication link or a mixture of different types of communication links. Likewise, the second communication links 110i to 11 ON may include a single type of communication link or a mixture of different types of communication links.

[0019] Fig. 1C is a block diagram illustrating another example of a compute system 100c. Compute system 100c is similar to compute system 100b previously described and illustrated with reference to Fig. 1 B, except that compute system 100c includes additional features. In addition to a security processor 102, a plurality of components 104i to 104N, a plurality of component memories 106i to 106N, a plurality of first communication links 108i to 108N, and a plurality of second communication links 110i to 11 ON, compute system 100c includes a security processor memory 120. The security processor memory 120 is communicatively coupled to the security processor 102 through a communication link 130. The security processor memory 120 stores machine readable instructions 122 executable by the security processor 102, a private key(s) 124, a secure certificate(s) 126, and backup machine readable instructions 128 for the component memories 106i to 106N.

[0020] The security processor 102 may execute the machine readable instructions 122 stored in security processor memory 120 to cryptographically authenticate the machine readable instructions stored in each of the component memories 106i to 106N. The security processor 102 is to cryptographically authenticate the machine readable instructions stored in each of the component memories 106i to 106N by asymmetric key exchange, certificate verification, and secure hash algorithm (SHA) checks between each of the component memories 106i to 106N and the security processor 102. In one example, the asymmetric key exchange may be based on the private key(s) 124 stored in the security processor memory 120, and the certificate verification may be based on the secure certificate(s) 126 stored in the security processor memory 120.

[0021] The security processor 102 is to erase a selected component memory 106i to 106N and write backup machine readable instructions to the selected component memory 106i to 106N in response to the cryptographic authentication of the selected component memory 106i to 106N failing. In one example, the security processor 102 writes backup machine readable instructions to the selected component memory 106i to 106N from the backup instructions 128 of the security processor memory 120 in response to the cryptographic authentication of the selected component memory 106i to 106N failing.

[0022] In this example, each of the plurality of components 104i to 104N includes a reset input 132i to 132N, respectively. The security processor 102 is communicatively coupled to each of the plurality of reset inputs 132i to 132N through a reset signal path 134. The security processor 102 is to disable each of the plurality of components 104i to 104N by applying a signal having a first state (e.g., a logic high “1 ” state or a logic low “0” state) to the reset input 132i to 132N of each of the plurality of components 104i to 104N, respectively, while the security processor 102 is cryptographically authenticating the machine readable instructions stored in each of the plurality of component memories 106i to 106N.

[0023] Once the security processor 102 has cryptographically authenticated the machine readable instructions stored in each of the plurality of component memories 106i to 106N, the security processor 102 enables each of the plurality of components 104i to 104N by applying a signal having a second state (e.g., opposite to the first state) to the reset input 132i to 132N of each of the plurality of components 104i to 104N, respectively. With each of the plurality of components 104i to 104N enabled, each of the components 104i to 104N may load and execute the machine readable instructions stored in the corresponding component memories 106i to 106N, respectively.

[0024] Fig. 1 D is a block diagram illustrating another example of a compute system 100d. Compute system 100d includes a single security processor 102, a plurality of components 104i to 104N, a plurality of Read-Only Memories (ROMs) 106i to 106N, a first communication link 108, and a plurality of second communication links 110i to 11 ON. In addition, compute system 100d includes a security processor ROM 120, a power source 144, and a plurality of switches 146i to 146N. Each ROM 106i to 106N corresponds to a component 104i to 104N and stores machine readable instructions 107i to 107N executable by the corresponding component 104i to 104N. Each ROM 106i to 106N is communicatively coupled to the single security processor 102 through a first communication link 108 and to the corresponding component 104i to 104N through a corresponding second communication link 110i to 11 ON. Each of the plurality of ROMs 106i to 106N may include a Serial Peripheral Interface (SPI) ROM, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a flash memory, or another suitable ROM. Security processor ROM 120 may include an SPI ROM, an EEPROM, a flash memory, or another suitable ROM. [0025] In this example, each of the plurality of components 104i to 104N includes a power input 142i to 142N, respectively. Each switch 146i to 146N is electrically coupled between the power source 144 and a power input 142i to 142N of the corresponding component 104i to 104N, respectively. The control input of each switch 146i to 146N is electrically coupled to the security processor 102 through a reset signal path 148. In response to the security processor 102 applying a reset signal having a first state to reset signal path 148, each of the switches 146i to 146N are opened to remove power from the corresponding components 104i to 104N. With power removed from each of the components 104i to 104N, the components 104i to 104N are disabled. In response to the security processor 102 applying a reset signal having a second state to reset signal path 148, each of the switches 146i to 146N are closed to apply power to the corresponding components 104i to 104N. With power applied to the components 104i to 104N, the components 104i to 104N are enabled to read and execute the corresponding machine readable instructions 107i to 107N stored in the corresponding ROMs 106i to 106N, respectively.

Each switch 146i to 146N may include a transistor(s), a logic gate(s), and/or other suitable circuitry for selectively applying and removing power from power source 144 to each component 104i to 104N.

[0026] The security processor 102 is to, in a boot process, disable each of the plurality of components 104i to 104N, cryptographically authenticate the machine readable instructions 107i to 107N stored in each of the ROMs 106i to 106N with each of the plurality of components 104i to 104N disabled, and enable each of the plurality of components 104i to 104N with the machine readable instructions 107i to 107N stored in each of the ROMs 106i to 106N cryptographically authenticated. In one example, the security processor 102 is to cryptographically authenticate the machine readable instructions 107i to 107N stored in each of the ROMs 106i to 106N by asymmetric key exchange, certificate verification, and SHA checks between each of the ROMs 106i to 106N and the security processor 102.

[0027] In this example, the security processor 102 is to control each of the plurality of switches 146i to 146N to remove power from each of the plurality of components 104i to 104N while the security processor 102 is cryptographically authenticating the machine readable instructions 107i to 107N stored in each of the plurality of ROMs 106i to 106N. The security processor 102 is to erase a selected ROM 106i to 106N and write backup machine readable instructions to the selected ROM 106i to 106N in response to the cryptographic authentication of the selected ROM 106i to 106N failing.

[0028] In this example, first communication link 108 is a common communication link communicatively coupled between the security processor 102 and each of the plurality of ROMs 106i to 106N. In other examples, a first subset of the plurality of ROMs 106i to 106N may be communicatively coupled to the security processor 102 through a corresponding discrete communication link as previously described and illustrated with reference to Figs. 1 B and1C, and a second subset of the plurality of ROMs 106i to 106N may be communicatively coupled to the security processor 102 through a shared communication link.

[0029] Fig. 1 E is a block diagram illustrating another example of a compute system 100e. Compute system 100e is similar to compute system 100d previously described and illustrated with reference to Fig. 1 D, except that compute system 100e includes a single component or multiple components that are enabled and disabled by the security processor 102 via a corresponding reset input of the component(s) and a single component or multiple components that are enabled and disabled by the security processor 102 via a power input of the component(s). In this example, components 104i and 1042 include power inputs 142i and 1422, respectively, as previously described and illustrated with reference to Fig. 1 D, and component 104N includes a reset input 132N as previously described and illustrated with reference to Fig. 1C. Each switch 146i and 1462 is electrically coupled between the power source 144 and the power input 142i and 1422 of the corresponding component 104i and 1042, respectively. The control input of switches 146i and 1462 are electrically coupled to security processor 102 through a first reset (RESET1) signal path 148. The reset input 132N of component 104N is electrically coupled to security processor 102 through as second reset (RESET2) signal path 134.

[0030] In this example, the security processor 102 is to control each of the switches 146i and 1462 to remove power from each of the components 104i and 1042 and to disable component 104N through reset input 132N while the security processor 102 is cryptographically authenticating the machine readable instructions 107i to 107N stored in each of the plurality of ROMs 106i to 106N. Once the machine readable instructions 107i to 107N stored in each of the plurality of ROMs 106i to 106N are cryptographically authenticated, the security processor 102 is to control each of the switches 146i and 1462 to apply power to each of the components 104i and 1042 and to enable component 104N through reset input 132N. [0031] Fig. 1 F is a block diagram illustrating another example of a compute system 10Of. Compute system 10Of is similar to compute system 100a previously described and illustrated with reference to Fig. 1 A, except that compute system 10Of includes a multiplexer 150. A first input of multiplexer 150 is electrically coupled to the first communication link 108. A second input of multiplexer 150 is electrically coupled to the second communication link 110.

The output of multiplexer 150 is electrically coupled to a single communication interface of the component memory 106 through a communication link 152. The control input of multiplexer 150 is electrically coupled to the security processor 102 through a control signal path 154.

[0032] In this example, security processor 102 controls multiplexer 150 to connect either the first communication link 108 or the second communication link 110 to the component memory 106. Security processor 102 connects the first communication link 108 to the component memory 106 with the security processor 102 cryptographically authenticating the machine readable instructions stored in the component memory 106 during a secure boot process. Security processor 102 connects the second communication link 110 to the component memory 106 once the secure boot process is complete so that component 104 may use the machine readable instructions stored in the component memory 106.

[0033] Figs. 2A and 2B are flow diagrams illustrating one example of a method 200 to secure boot a plurality of components within a compute system. In one example, method 200 may be implemented by compute system 100a, 100b, 100c, 100d, or 100e previously described and illustrated with reference to Figs.

1 A-1 E, respectively. As illustrated in Fig. 2A at 202, method 200 includes disabling the plurality of components (e.g., components 104i to 104N), each of the plurality of components communicatively coupled to a corresponding component memory (e.g., component memory or ROM 106i to 106N) of the compute system. At 204, method 200 includes with each of the plurality of components disabled, cryptographically authenticating, via a security processor (e.g., security processor 102) of the compute system, machine readable instructions (e.g., instructions 107i to 107N) stored in each corresponding component memory. At 206, method 200 includes enabling each of the plurality of components with the machine readable instructions stored in each corresponding component memory cryptographically authenticated. At 208, method 200 includes with each of the plurality of components enabled, executing the machine readable instructions stored in each corresponding component memory via the corresponding component.

[0034] In one example, disabling the plurality of components comprises applying a signal having a first state to a reset input (e.g., reset input 132i to 132N) of each of the plurality of components. In this case, enabling each of the plurality of components comprises applying a signal having a second state to the reset input of each of the plurality of components. In another example, disabling the plurality of components comprises removing power from each of the plurality of components (e.g., via switches 146i to 146N). In this case, enabling each of the plurality of components comprises applying power to each of the plurality of components.

[0035] As illustrated in Fig. 2B at 210, method 200 may further include erasing a selected component memory in response to the machine readable instructions stored in the selected component memory failing the cryptographic authentication. At 212, method 200 may further include writing backup machine readable instructions (e.g., from backup instructions 128) to the selected component memory.

[0036] Although specific examples have been illustrated and described herein, a variety of alternate and/or equivalent implementations may be substituted for the specific examples shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific examples discussed herein. Therefore, it is intended that this disclosure be limited only by the claims and the equivalents thereof.