A method, system and computer-usable medium are disclosed for operating an endpoint court at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint core at an endpoint device, the method including: receiving an event subscription request from an endpoint agent over a message bus; and managing communication of events for processing by the endpoint agent based on the event subscription request so that events to which the endpoint agent has subscribed are selectively processed at the endpoint agent. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Systems and methods are disclosed herein that may implement an information handling system including a gateway and a peripheral device monitor. The gateway may interface peripheral devices and control access of host resources of the information handling system by any of the peripheral devices. The peripheral device monitor may detect connection of an unverified peripheral device to the gateway, perform a trust verification process with the unverified peripheral device, control the gateway to enable access of the host resources by the unverified peripheral device when the unverified peripheral device becomes verified, and control the gateway to prevent access to the host resources by the unverified peripheral device when the unverified peripheral device fails the trust verification process. The trust verification process may include validating a device certificate and verifying a digest of boot code of the peripheral device. The peripheral device monitor may perform a verification failure procedure when the unverified peripheral device fails the trust verification process.

In one embodiment, an apparatus includes: a control circuit to receive a message authentication code (MAC) for an epoch comprising a plurality of flits; a calculation circuit to calculate a computed MAC for the epoch; a cryptographic circuit to receive the epoch via a link and decrypt the plurality of flits, prior to authentication of the epoch; and at least one memory to store messages of the decrypted plurality of flits, prior to the authentication of the epoch. Other embodiments are described and claimed.

In one embodiment, an apparatus includes: a control circuit to receive a message authentication code (MAC) for an epoch comprising a plurality of flits; a calculation circuit to calculate a computed MAC for the epoch; a cryptographic circuit to receive the epoch via a link and decrypt the plurality of flits, prior to authentication of the epoch; and at least one memory to store messages of the decrypted plurality of flits, prior to the authentication of the epoch. Other embodiments are described and claimed.

Methods and apparatus for adaptive integrity levels in electronic and programmable logic systems. In one example, an interface for communication between a first component and a second component is provided. The interface includes logic configured to change an integrity level for a communication from the first component to the second component during operation of the first component and the second component.

The application discloses a data encryption and decryption system and method. The system includes a host system, a sequencer, a hardware processor, multiple direct memory access modules, and multiple cryptography engines, the cryptography engine comprises an input buffer, an output buffer, a symmetric encryption/decryption algorithm module and a digest algorithm module. The host system determines encryption/decryption calculation method and/or digest calculation method, and generates corresponding encryption/decryption calculation commands and/or digest calculation commands. The sequencer analyzes the encryption/decryption calculation commands and/or digest calculation command to generate control flow commands, and controls one or more of the multiple direct memory access modules via the control flow commands to input data to be encrypted/decrypted into the input buffer of one or more cryptography engines. The hardware processor controls the symmetric encryption/decryption algorithm module to perform encryption/decryption calculations on the data to be encrypted/decrypted according to the encryption/decryption calculation commands, and/or, controls the digest algorithm module to perform digest calculations on data to be encrypted/decrypted according to the digest calculation commands, and sends calculation results to the host system by the direct memory access module.

The application discloses a data encryption and decryption system and method. The system includes a host system, a sequencer, a hardware processor, multiple direct memory access modules, and multiple cryptography engines, the cryptography engine comprises an input buffer, an output buffer, a symmetric encryption/decryption algorithm module and a digest algorithm module. The host system determines encryption/decryption calculation method and/or digest calculation method, and generates corresponding encryption/decryption calculation commands and/or digest calculation commands. The sequencer analyzes the encryption/decryption calculation commands and/or digest calculation command to generate control flow commands, and controls one or more of the multiple direct memory access modules via the control flow commands to input data to be encrypted/decrypted into the input buffer of one or more cryptography engines. The hardware processor controls the symmetric encryption/decryption algorithm module to perform encryption/decryption calculations on the data to be encrypted/decrypted according to the encryption/decryption calculation commands, and/or, controls the digest algorithm module to perform digest calculations on data to be encrypted/decrypted according to the digest calculation commands, and sends calculation results to the host system by the direct memory access module.

An integrated-circuit device comprises a processor, a peripheral component, a bus system, connected to the processor and to the peripheral component, and configured to carry bus transactions; and hardware filter logic. The bus system is configured to carry security-state signals for distinguishing between secure and non-secure bus transactions. The peripheral component comprises a register interface, accessible over the bus system, and comprising a hardware register and a direct-memory-access (DMA) controller for initiating bus transactions on the bus system. The peripheral component supports a secure-in-and-non-secure-out state in which the hardware filter logic is configured to prevent non-secure bus transactions from accessing the hardware register of the peripheral component, but to allow secure bus transactions to access the peripheral component. The peripheral component is configured to allow an incoming secure bus transaction to access the hardware register and to initiate a bus transaction as non-secure.

An integrated-circuit device comprises a processor, a peripheral component, a bus system, connected to the processor and to the peripheral component, and configured to carry bus transactions; and hardware filter logic. The bus system is configured to carry security-state signals for distinguishing between secure and non-secure bus transactions. The peripheral component comprises a register interface, accessible over the bus system, and comprising a hardware register and a direct-memory-access (DMA) controller for initiating bus transactions on the bus system. The peripheral component supports a secure-in-and-non-secure-out state in which the hardware filter logic is configured to prevent non-secure bus transactions from accessing the hardware register of the peripheral component, but to allow secure bus transactions to access the peripheral component. The peripheral component is configured to allow an incoming secure bus transaction to access the hardware register and to initiate a bus transaction as non-secure.

Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.