	US 12,340,007 B2
	Enabling late-binding of security features via configuration security controller for accelerator devices
Alpa Trivedi, Portland, OR (US); Steffen Schulz, Darmstadt (DE); and Patrick Koeberl, Alsbach-Haenlein (DE)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Jul. 26, 2023, as Appl. No. 18/359,621.
Application 18/359,621 is a continuation of application No. 17/129,243, filed on Dec. 21, 2020, granted, now 11,763,043.
Claims priority of provisional application 63/083,783, filed on Sep. 25, 2020.
Prior Publication US 2023/0367916 A1, Nov. 16, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 15/177 (2006.01); G06F 9/00 (2018.01); G06F 9/30 (2018.01); G06F 9/38 (2018.01); G06F 9/50 (2006.01); G06F 11/07 (2006.01); G06F 11/30 (2006.01); G06F 15/78 (2006.01); G06F 21/85 (2013.01); G06F 30/331 (2020.01); G06F 30/398 (2020.01); G06N 3/04 (2023.01); H04L 9/08 (2006.01); H04L 9/40 (2022.01); G06F 21/30 (2013.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); G06F 21/57 (2013.01); G06F 21/71 (2013.01); G06F 21/73 (2013.01); G06F 21/74 (2013.01); G06F 21/76 (2013.01); G06F 30/31 (2020.01); G06F 111/04 (2020.01); G06F 119/12 (2020.01); G06N 3/08 (2023.01); G06N 20/00 (2019.01); H04L 9/00 (2022.01)

CPC G06F 21/85 (2013.01) [G06F 9/30101 (2013.01); G06F 9/3877 (2013.01); G06F 9/505 (2013.01); G06F 11/0709 (2013.01); G06F 11/0751 (2013.01); G06F 11/0754 (2013.01); G06F 11/0793 (2013.01); G06F 11/3058 (2013.01); G06F 15/177 (2013.01); G06F 15/7825 (2013.01); G06F 15/7867 (2013.01); G06F 30/331 (2020.01); G06F 30/398 (2020.01); G06N 3/04 (2013.01); H04L 9/0877 (2013.01); H04L 63/0442 (2013.01); H04L 63/12 (2013.01); H04L 63/20 (2013.01); G06F 11/0772 (2013.01); G06F 11/3051 (2013.01); G06F 21/30 (2013.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); G06F 21/57 (2013.01); G06F 21/575 (2013.01); G06F 21/71 (2013.01); G06F 21/73 (2013.01); G06F 21/74 (2013.01); G06F 21/76 (2013.01); G06F 30/31 (2020.01); G06F 2111/04 (2020.01); G06F 2119/12 (2020.01); G06F 2221/034 (2013.01); G06N 3/08 (2013.01); G06N 20/00 (2019.01); H04L 9/008 (2013.01); H04L 9/0841 (2013.01)]

20 Claims

1. An apparatus comprising:

a security controller to manage security and configuration of the apparatus, wherein the security controller comprises a programmable portion and a non-programmable portion, and wherein the security controller is further to:

initialize the programmable portion of the security controller as part of a secure boot and attestation chain of trust;

receive configuration data for the programmable portion of the security controller, the programmable portion comprising components of the security controller capable of re-programming;

verify and validate the configuration data as originating from a secure and trusted source; and

responsive to successful verification and validation of the configuration data, re-program, during runtime of the apparatus, the programmable portion of the security controller using configurations that are based on a security threat model for a given deployment.