公开(公告)号：US20240202313A1

公开(公告)日：2024-06-20

申请号：US18084196

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Chandan Singh ,  Ofer Licht ,  Chirag Shroff ,  Srinivas Kothapally

IPC: G06F21/52 ,  G06F21/57

CPC classification number: G06F21/52 ,  G06F21/575 ,  G06F2221/033

Abstract: Techniques and architecture are described to control a debug port access employing the debug image signed offline by a challenge/response mechanism, where the signed image itself is tied to an ECID of a chip together with debug lifecycle information coming from fuses and a hash of a loader being debugged. All these inputs form a nonce (the debug image) that ties the debug image to the hardware being debugged and is restricted to the current debug lifecycle. The cryptographically signed debug image is authenticated by a boot image (or the chip) with a public key in the debug image. The debug image may be expanded to secure maintenance using a secure maintenance blob or “firmware maintenance certificate or nonce.” The secure maintenance blob also includes a natural attribute list of low-level features to be enabled upon verification of the secure maintenance blob.

公开(公告)号：US20240427896A1

公开(公告)日：2024-12-26

申请号：US18339017

申请日：2023-06-21

Applicant: Cisco Technology, Inc.

Inventor： Chirag K. Shroff ,  William F. Sulzen ,  Ofer Licht ,  Chandan Singh

IPC: G06F21/57 ,  G06F9/445

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuring network groups without software-based processing and management. A method includes: validating veracity of a secure enclave based on a secure identify of the secure enclave using the instructions of a secure enclave predriver stored in a memory integral to a processor; establishing a secure connection with the secure enclave; retrieving at least one authentication key from the secure enclave; retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver; validating a veracity of the bootstrapper based on the at least one authentication key; initializing an external memory using the instructions of the bootstrapper; copying a bootloader from the secure storage into the external memory; validating a veracity of the bootloader based on the at least one authentication key; and executing the bootloader.