Systems and methods for asset management for secure programmable logic devices (PLDs) are disclosed. An example system includes a secure PLD including programmable logic blocks (PLBs) arranged in PLD fabric of the secure PLD, and a configuration engine configured to program the PLD fabric according to a configuration image stored in non-volatile memory (NVM) of the secure PLD and/or coupled through a configuration input/output (I/O) of the secure PLD. The secure PLD is configured to receive a secure PLD asset access request from the PLD fabric or an external system coupled to the secure PLD through the configuration I/O, and to perform a secure PLD asset update process corresponding to the secure PLD asset access request, where the performing the asset update process is based on a lock status associated with a secure PLD asset corresponding to the secure PLD asset access request.

Systems and methods for failure characterization of secure programmable logic devices (PLDs) are disclosed. An example system includes a secure PLD including programmable logic blocks (PLBs) arranged in PLD fabric of the secure PLD, and a configuration engine configured to program the PLD fabric according to a configuration image stored in non-volatile memory (NVM) of the secure PLD and/or coupled through a configuration input/output (I/O) of the secure PLD. The secure PLD is configured to receive a failure characterization (FC) command from the PLD fabric or an external system coupled to the secure PLD through the configuration I/O, and to execute the FC command to, at least in part, erase and/or nullify portions of the NVM. The secure PLD may also be configured to boot a debug configuration for the PLD fabric that identifies and/or characterizes operational failures of the secure PLD.

Systems and methods for provisioning secure programmable logic devices (PLDs) are disclosed. An example secure PLD provisioning system includes an external system comprising a processor and a memory and configured to be coupled to a secure PLD through a configuration input/output (I/O) of the secure PLD. The external system is configured to generate a locked PLD comprising the secure PLD based, at least in part, on a request from a secure PLD customer, wherein the request from the secure PLD customer comprises a customer public key; and to provide a secured unlock package for the locked secure PLD. The external system may also be configured to provide an authenticatable key manifest comprising a customer programming key token and a corresponding programming public key associated with the locked secure PLD, wherein the authenticatable key manifest is signed using a programming private key generated by the locked secure PLD.

An electronic device is described herein. In accordance with one embodiment, the electronic device includes an embedded controller having a debug logic, an interface circuit coupled to the debug logic, and a memory coupled to the interface circuit. The interface circuit is operative to read debug information stored in the debug logic and to transmit the read debug information to the memory. The interface circuit is further operative to receive debug information stored in the memory and write the received debug information into the debug logic.

A computer system includes an operating system, a memory coupled to the operating system, and a processor (e.g., an anti-debug processor) coupled to the operating system. The operating system receives, from a debug process, a request to create an essential debug object for attachment to a target process. The anti-debug processor scans a kernel memory of the operating system for the essential debug object and verifies a presence of the essential debug object in the kernel memory, and scans the kernel memory to identify a process that has stored in the kernel memory the essential debug object. The anti-debug processor then halts the debug process, without using an internal interface or function of the operating system, thereby preventing the debug process from attaching to the target process.

Apparatus and methods are disclosed for controlling execution of memory access instructions in a block-based processor architecture using an instruction decoder that decodes instructions having variable numbers of target operands. In one example of the disclosed technology, a block-based processor core includes an instruction decoder configured to decode target operands for an instruction in an instruction block, the instruction being encoded to allow for a variable number of target operands and a control unit configured to send data for at least one of the decoded target operands for an operation performed by the at least one of the cores. In some examples, the instruction indicates target instructions with a vector encoding. In other examples, a variable length format allows for the indication of one or more targets.

In accordance with embodiments of the present disclosure, an information handling system may include a host system comprising at least one processor, a management controller communicatively coupled to the at least one processor and configured to provide out-of-band management of the information handling system, a debugging circuit, and a logic device coupled to the host system and to the management controller. The logic device may be configured to determine that a trigger event has taken place, and in response to the trigger event, provide a serial data stream corresponding to the trigger event to the debugging circuit. The debugging circuit may be configured to provide access to the serial data stream to a debugging information handling system via a wireless interface.

A chip having a debug memory interface includes a processing unit, an internal storage unit, a debug memory interface, and a detection unit. The internal storage unit is used to record status data during operation of the processing unit. The detection unit is used to detect whether the debug memory interface is electrically connected to an external memory device. When the debug memory interface is judged to be electrically connected to the external memory device, a control signal is transmitted to the processing unit in order to trigger the processing unit to read a debug program from the external memory device and execute the debug program to run a debug mode based on the status data.

An apparatus and method are provided for executing debug instructions. The apparatus has processing circuitry for executing instructions fetched from memory, and a debug interface. The processing circuitry is responsive to a halt event to enter a halted mode where the processing circuitry stops executing the instructions fetched from memory, and instead is arranged to execute debug instructions received from a debugger via the debug interface. The processing circuitry is responsive to detection of a trigger condition when executing a given debug instruction to exit the halted mode transparently to the debugger, and to take an exception in order to execute exception handler code comprising a sequence of instructions fetched from memory. On return from the exception, the processing circuitry then re-enters the halted mode and performs any additional processing required to complete execution of the given debug instruction. This provides a mechanism for allowing an apparatus to perform operations required by debug instructions in situations where the processing circuitry hardware is not able to natively perform those operations in response to the specified debug instruction.

A technique is provided for accessing metadata when debugging a program to be executed on processing circuitry. The processing circuitry operates on data formed of data granules having associated metadata items. A method of operating a debugger is provided that comprises controlling the performance of metadata access operations when the debugger decides to access a specified number of metadata items. In particular, the specified number is such that the metadata access operation needs to be performed by the processing circuitry multiple times in order to access the specified number of metadata items. Upon deciding to access a specified number of metadata items, the debugger issues at least one command to cause the processing circuitry to perform a plurality of instances of the metadata access operation in order to access at least a subset of the specified number of metadata items. The number of metadata items accessed by each instance of the metadata access operation is non-deterministic by the debugger from the metadata access operation. However, the at least one command is such that the plurality of instances of the metadata access operation are performed by the processing circuitry without the debugger interrogating the processing circuitry between each instance of the metadata access operation to determine progress in the number of metadata items accessed. Such an approach can significantly improve the efficiency of performing such accesses to metadata items under debugger control.