A compute system includes a security processor, a component, a component memory, a first communication link, and a second communication link. The component memory stores machine readable instructions executable by the component. The first communication link communicatively couples the component memory to the security processor. The second communication link communicatively couples the component memory to the component. The security processor is to cryptographically authenticate the machine readable instructions stored in the component memory in a boot process.

One or more computing devices, systems, and/or methods are provided. In an example, a method comprises executing an application image to initialize a computing system. System state data associated with the initializing of the computing system is stored in a hardware register having at least one lockable until reset bit. A fault condition is identified responsive to the system state data not matching an expected value.

A computer platform includes a security processor; at least one hardware processor; and a memory. The security processor stores data representing a private platform key. The private platform key is part of an asymmetric pair of keys, and the asymmetric pair of keys includes a public platform key. The memory stores a firmware image. The firmware image includes data representing a root certificate of a public key infrastructure that signs a second certificate that is associated with the computer platform. The second certificate includes the public platform key and binding information binding the second certificate to the computer platform. The firmware image includes instructions that, when executed by the hardware processor(s), cause the hardware processor(s) to access data representing the second certificate and determine whether the second certificate is valid based on the root certificate and the binding information. The instructions, when executed by the hardware processor(s), further cause the hardware processor(s) to, responsive to determining that the second certificate is valid, use the public platform key to secure communication with the security processor.

A controller that is separate from a processor of the system verifies controller code for execution on the controller. In response to verifying the controller code, the controller verifies system boot code.

A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

A powerful direct digital control (DDC) and integration control platform that is scalable and easy to use and meet building owners and contractors' desires for a highly secure and robust technical solution. One may combine heating, ventilation and air conditioning (HVAC) DDC control with the embedded workstation platform, and DDC controllers with embedded workstation platform software design. An embedded workstation platform event-driven approach (such as a Windows operating system (OS) or Unix OS environment) is not necessarily easily suited to real-time common in HVAC DDC control. The present system may solve an issue of combining high-power event needs for HVAC DDC Controls.

An apparatus to facilitate descriptor resiliency in a computer system platform is disclosed. The apparatus comprises a non-volatile memory to store firmware for a computer system platform, wherein the firmware comprises a primary descriptor including access permission details for platform components and a secondary descriptor including a backup copy of the access permission details and a controller, coupled to the first non-volatile memory, including recovery hardware to detect a problem during a platform reset with the primary descriptor, recover the contents of the primary descriptor from the backup copy included in the secondary descriptor and store the contents of the backup copy to primary descriptor.

The present disclosure relates to a chip booting control method, a chip, a display panel, and an electronic apparatus. The method is applied to a control circuit of a chip, and the chip further includes a buffer. The method includes: reading first booting information from the buffer in response to a chip triggering non-power-down reset, the first booting information being used to boot the chip; determining whether the first booting information satisfies a first preset condition; and booting the chip according to the first booting information in response to the first booting information satisfying the first preset condition.

A secure boot policy may be stored in the information handling system and used to create a trusted relationship with a CPU, including a neutral CPU that has not been fused with an OEM key. The secure boot policy may be a data blob including platform-specific identification information (e.g., one or more of flash memory unique ID, motherboard ePPID), a boot policy (e.g., specifying to enable or disable neutral CPU fusing), and a signature. The secure boot policy may be stored in a one-time-programmable (OTP) storage of the information handling system, such as an OTP region in the serial peripheral interface (SPI) flash memory part storing the basic input/output system (BIOS). The BIOS may verify the secure boot policy using a public key and check if the boot policy is bound to current BIOS flash part and/or system configuration, and then apply the boot policy if the verification is passed.

In general, embodiments of the invention relate to implementing a secure boot process in information handling systems that supports both an external root of trust (eRoT) and an internal root of trust (RoT). Further, embodiments of the invention relate to binding a management controller to a specific chassis and, in the case where the eRoT is used, to an eRoT. When the management controller and the chassis are provisioned according to one or more embodiments of the invention, security checks may be performed by management controller executing an initial program loader (IPL) using the aforementioned bindings. If the bindings are not present or do not match, then the boot process halts and the user is unable to use the information handling system.