U.S. patent application number 15/396039 was filed with the patent office on 2018-01-25 for techniques to detect non-enumerable devices via a firmware interface table.
This patent application is currently assigned to INTEL CORPORATION. The applicant listed for this patent is INTEL CORPORATION. Invention is credited to MOHAN J. KUMAR, MURUGASAMY K. NACHIMUTHU.
Application Number | 20180024838 15/396039 |
Document ID | / |
Family ID | 60804962 |
Filed Date | 2018-01-25 |
United States Patent
Application |
20180024838 |
Kind Code |
A1 |
NACHIMUTHU; MURUGASAMY K. ;
et al. |
January 25, 2018 |
TECHNIQUES TO DETECT NON-ENUMERABLE DEVICES VIA A FIRMWARE
INTERFACE TABLE
Abstract
Embodiments are generally directed to apparatuses, method,
techniques, and so forth including a memory coupled to processing
circuitry, wherein the memory stores a firmware interface table and
the firmware interface table comprises an entry to identify a
non-enumerable resource. Embodiments include accessing the firmware
interface table to identify the non-enumerable resource.
Inventors: |
NACHIMUTHU; MURUGASAMY K.;
(BEAVERTON, OR) ; KUMAR; MOHAN J.; (ALOHA,
OR) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
INTEL CORPORATION |
SANTA CLARA |
CA |
US |
|
|
Assignee: |
INTEL CORPORATION
SANTA CLARA
CA
|
Family ID: |
60804962 |
Appl. No.: |
15/396039 |
Filed: |
December 30, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
62427268 |
Nov 29, 2016 |
|
|
|
62376859 |
Aug 18, 2016 |
|
|
|
62365969 |
Jul 22, 2016 |
|
|
|
Current U.S.
Class: |
713/1 |
Current CPC
Class: |
B25J 15/0014 20130101;
G06F 13/1668 20130101; G06F 13/4282 20130101; H04L 67/1097
20130101; H05K 1/181 20130101; H05K 7/1418 20130101; G06F 2212/1044
20130101; G06F 3/0613 20130101; G06F 3/0665 20130101; G06F 11/141
20130101; G11C 5/02 20130101; H04L 67/02 20130101; Y04S 10/50
20130101; H03M 7/4031 20130101; H04L 49/15 20130101; H04L 67/10
20130101; H05K 7/1492 20130101; H04L 41/0896 20130101; H04L 47/82
20130101; H04L 67/1014 20130101; H05K 2201/066 20130101; G11C 5/06
20130101; G05D 23/2039 20130101; G06F 2212/402 20130101; G07C 5/008
20130101; H04L 47/38 20130101; G06F 9/5027 20130101; G06F 2212/401
20130101; G11C 7/1072 20130101; H04Q 11/0062 20130101; H05K
2201/10159 20130101; H04L 47/24 20130101; G06F 12/10 20130101; H04L
49/25 20130101; H04L 49/45 20130101; G06F 3/0631 20130101; G06Q
10/06 20130101; H04L 67/1004 20130101; H05K 2201/10189 20130101;
G06F 3/0638 20130101; G08C 17/02 20130101; H05K 7/1421 20130101;
H04L 67/306 20130101; H04Q 2011/0037 20130101; G02B 6/4292
20130101; G06F 3/064 20130101; G06F 13/409 20130101; G11C 14/0009
20130101; H04L 9/3247 20130101; G06F 3/0658 20130101; G06F 2212/202
20130101; G08C 2200/00 20130101; H04L 43/16 20130101; H04L 47/765
20130101; H05K 7/1422 20130101; G06F 13/161 20130101; H03M 7/6023
20130101; H04Q 1/09 20130101; G06F 13/1694 20130101; H04B 10/25
20130101; H05K 13/0486 20130101; G06F 3/0689 20130101; G06F 12/0862
20130101; G06F 2212/1041 20130101; H03M 7/30 20130101; H04L 41/082
20130101; H04L 43/0894 20130101; H04L 69/04 20130101; H04Q
2011/0073 20130101; H05K 7/1485 20130101; H04Q 2011/0079 20130101;
G06F 3/0611 20130101; G11C 11/56 20130101; H04L 45/02 20130101;
H05K 7/1447 20130101; H05K 7/20727 20130101; H05K 7/20736 20130101;
H04W 4/023 20130101; G06F 3/0673 20130101; H03M 7/40 20130101; H03M
7/6005 20130101; H04L 9/14 20130101; G02B 6/3882 20130101; G06F
9/4881 20130101; G06F 2209/5019 20130101; H04L 41/024 20130101;
H04L 47/805 20130101; H05K 7/1489 20130101; G06Q 10/20 20130101;
G06F 9/505 20130101; G06F 16/9014 20190101; G06F 2212/152 20130101;
H04L 43/065 20130101; H04L 43/0876 20130101; G06F 9/5072 20130101;
G06F 3/061 20130101; G06F 3/0655 20130101; G06F 9/5044 20130101;
G06F 2212/7207 20130101; G06Q 10/06314 20130101; H04B 10/25891
20200501; H04L 43/0817 20130101; H04L 49/555 20130101; H04L 69/329
20130101; H04L 41/046 20130101; H04L 41/12 20130101; H04L 45/52
20130101; H04L 67/1012 20130101; H04Q 11/0003 20130101; H03M 7/3086
20130101; G06F 3/0683 20130101; G06F 8/65 20130101; G06F 3/0688
20130101; G06F 13/4068 20130101; G06Q 10/087 20130101; H04L 9/3263
20130101; H04L 41/5019 20130101; H04L 67/1029 20130101; H04Q
11/0005 20130101; H04Q 2011/0052 20130101; H05K 7/1491 20130101;
H04L 67/34 20130101; G02B 6/3897 20130101; G06F 15/161 20130101;
G06F 15/8061 20130101; H04Q 1/04 20130101; H04Q 2011/0041 20130101;
H05K 7/1442 20130101; G06F 3/0625 20130101; G06Q 50/04 20130101;
H04Q 11/0071 20130101; H05K 7/20745 20130101; G06F 1/20 20130101;
G06F 3/0664 20130101; H04W 4/80 20180201; Y10S 901/01 20130101;
G06F 2209/5022 20130101; G06F 11/3414 20130101; G06F 12/0893
20130101; G06F 13/385 20130101; H03M 7/4081 20130101; H04L 47/823
20130101; H05K 7/1461 20130101; G06F 2209/483 20130101; B65G 1/0492
20130101; G06F 3/065 20130101; G06F 3/0679 20130101; G06F 2212/1024
20130101; H04L 47/782 20130101; H04L 49/00 20130101; G06F 3/0653
20130101; G06F 13/42 20130101; H04L 43/08 20130101; H04L 67/12
20130101; G06F 3/0659 20130101; G06F 3/067 20130101; H03M 7/4056
20130101; H04L 12/2809 20130101; H04L 29/12009 20130101; H04L
49/357 20130101; H05K 7/2039 20130101; H05K 2201/10121 20130101;
Y02D 10/00 20180101; H04L 41/0813 20130101; H04Q 2213/13523
20130101; H05K 7/20836 20130101; Y02P 90/30 20151101; G06F 9/3887
20130101; G06F 12/1408 20130101; H04L 67/1008 20130101; H04L
67/1034 20130101; H04Q 2011/0086 20130101; G06F 9/4401 20130101;
G02B 6/4452 20130101; G06F 3/0616 20130101; G06F 3/0619 20130101;
G06F 3/0647 20130101; G06F 9/30036 20130101; G06F 9/5077 20130101;
G06F 2212/1008 20130101; H04L 41/145 20130101; H04L 41/147
20130101; G06F 9/544 20130101; G06F 12/109 20130101; G06F 13/4022
20130101; H04L 49/35 20130101; H04Q 2213/13527 20130101; H05K
1/0203 20130101; H03M 7/3084 20130101; G02B 6/3893 20130101; G05D
23/1921 20130101; G06F 1/183 20130101; H05K 7/1487 20130101; H05K
7/20709 20130101; H04Q 11/00 20130101; G06F 9/5016 20130101; H04L
9/0643 20130101; H04L 67/16 20130101; H05K 5/0204 20130101; H05K
7/1498 20130101 |
International
Class: |
G06F 9/44 20060101
G06F009/44 |
Claims
1. An apparatus, comprising: processing circuitry; and a memory
coupled to the processing circuitry, the memory storing a firmware
interface table, the firmware interface table comprising an entry
to identify a non-enumerable resource; and the processing circuitry
to access the firmware interface table to identify the
non-enumerable resource.
2. The apparatus of claim 1, the entry signed by a key and the
processing circuitry to validate the entry based on a comparison
between the key and a validated key stored in a secure device.
3. The apparatus of claim 1, the firmware interface table
comprising a plurality of entries including the entry, the
plurality of entries associated with a vendor, each of the entries
associated with different non-enumerable resources, and the
plurality of entries signed by a key; and the processing circuitry
to validate the plurality of entries based on a comparison between
the key and a validated key stored in a secure device.
4. The apparatus of claim 1, the firmware interface table
comprising a plurality of entries including the entry, a first
portion of the plurality of entries associated with a first vendor
and a second portion of the plurality of entries associated with a
second vendor, the first portion signed by a first key and the
second portion signed by a second key.
5. The apparatus of claim 4, the processing circuitry to validate
the first portion based on a comparison between the first key and a
first validated key, and validate the second portion based on a
comparison between the second key and a second validated key.
6. The apparatus of claim 4, the first key and the second key
signed by a third key; and the processing circuitry to validate the
first key and the second key based on a comparison between the
third key and a third validated key.
7. The apparatus of claim 1, the entry comprising a stock keeping
unit (SKU) identification code to identify the non-enumerable
resource.
8. The apparatus of claim 1, the processing circuitry to process
one or more instructions of microcode to validate the entry and
provide the entry to one or more of a Basic Input/Output System
(BIOS), a baseboard management controller (BMC), and a management
engine (ME).
9. The apparatus of claim 1, the non-enumerable resource comprising
a device coupled via one of a system management bus (SMBus) and a
general purpose input/output (GPIO) bus.
10. A non-transitory computer-readable storage medium, comprising a
plurality of instructions, that when executed, enable processing
circuitry to: access a firmware interface table stored in a
firmware device to identify a non-enumerable resource, the firmware
interface table comprising an entry to identify the non-enumerable
resource; and identify the non-enumerable resource based on the
entry in the firmware interface table.
11. The computer-readable storage medium of claim 10, comprising a
plurality of instructions, that when executed, enable processing
circuitry to validate the entry based on a comparison between the
key and a validated key stored in a secure device.
12. The computer-readable storage medium of claim 10, comprising a
plurality of instructions, that when executed, enable processing
circuitry to validate a plurality of entries including the entry
based on a comparison between a key and a validated key stored in a
secure device, the plurality of entries associated with a vendor,
each of the entries associated with different non-enumerable
resources, and the plurality of entries signed by the key.
13. The computer-readable storage medium of claim 10, the firmware
interface table comprising a plurality of entries including the
entry, a first portion of the plurality of entries associated with
a first vendor and a second portion of the plurality of entries
associated with a second vendor, the first portion signed by a
first key and the second portion signed by a second key.
14. The computer-readable storage medium of claim 13, comprising a
plurality of instructions, that when executed, enable processing
circuitry to validate the first portion based on a comparison
between the first key and a first validated key, and validate the
second portion based on a comparison between the second key and a
second validated key.
15. The computer-readable storage medium of claim 10, the first key
and the second key signed by a third key, and the processing
circuitry to validate the first key and the second key based on a
comparison between the third key and the third validated key.
16. The computer-readable storage medium of claim 10, the entry
comprising a stock keeping unit (SKU) identification code to
identify the non-enumerable resource.
17. The computer-readable storage medium of claim 10, comprising a
plurality of instructions, that when executed, enable processing
circuitry to process one or more instructions of microcode to
validate the entry and provide the entry to one or more of a Basic
Input/Output System (BIOS), a baseboard management controller
(BMC), and a management engine (ME).
18. The computer-readable storage medium of claim 10, the
non-enumerable resource comprising a device coupled via one of a
system management bus (SMBus) and a general purpose input/output
(GPIO) bus.
19. A computer-implemented method, comprising: accessing a firmware
interface table stored in a memory to identify a non-enumerable
resource, the firmware interface table comprising an entry to
identify the non-enumerable resource; and identifying the
non-enumerable resource based on the entry in the firmware
interface table.
20. The computer-implemented method of claim 19, comprising
validating the entry based on a comparison between the key and a
validated key stored in a secure device.
21. The computer-implemented method of claim 19, comprising
validating a plurality of entries including the entry based on a
comparison between a key and a validated key stored in a secure
device, the plurality of entries associated with a vendor, each of
the entries associated with different non-enumerable resources, and
the plurality of entries signed by the key.
22. The computer-implemented method of claim 19, the firmware
interface table comprising a plurality of entries including the
entry, a first portion of the plurality of entries associated with
a first vendor and a second portion of the plurality of entries
associated with a second vendor, the first portion signed by a
first key and the second portion signed by a second key.
23. The computer-implemented method of claim 22, comprising
validating the first portion based on a comparison between the
first key and a first validated key, and validate the second
portion based on a comparison between the second key and a second
validated key.
24. The computer-implemented method of claim 19, comprising
validating the first key and the second key based on a comparison
between a third key and a third validated key, the third key
signing the first and second keys.
25. The computer-implemented method of claim 19, the non-enumerable
resource comprising a device coupled via one of a system management
bus (SMBus) and a general purpose input/output (GPIO) bus.
Description
RELATED CASES
[0001] This application claims priority to U.S. Provisional Patent
Application No. 62/365,969, filed Jul. 22, 2016, U.S. Provisional
Patent Application No. 62/376,859, filed Aug. 18, 2016, and United
Provisional Patent Application No. 62/427,268, filed Nov. 29, 2016,
each of which are hereby incorporated by reference in their
entirety.
TECHNICAL FIELD
[0002] Embodiments described herein generally include detecting
non-enumerable devices via a firmware interface table.
BACKGROUND
[0003] A computing data center may include one or more computing
systems including a plurality of compute nodes that may include
various compute structures (e.g., servers or sleds) and may be
physically located on multiple racks. The sleds may include a
number of physical resources interconnected via one or more compute
structures and buses. Typically, a computing data center may
include a number of devices that may need to be discovered during a
boot sequence. Devices, such as processors and chipsets, are
identified by unique stock keeping units (SKUs) and are used to
identify various with devices. Sometimes these devices and SKUs are
non-discoverable and must be hardcoded into the basic input/output
system (BIOS). Generally, this leads to each original equipment
manufacturer (OEM) defining their own code or format for handling
variations and validations of implementations. Which increases time
to manufacturer, costs, and inconsistency between systems. Thus,
embodiments are directed to solving these and other problems.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] Embodiments of the invention are illustrated by way of
example, and not by way of limitation, in the figures of the
accompanying drawings in which like reference numerals refer to
similar elements.
[0005] FIG. 1 illustrates an example of a data center.
[0006] FIG. 2 illustrates an example of a rack.
[0007] FIG. 3 illustrates an example of a data center.
[0008] FIG. 4 illustrates an example of a data center.
[0009] FIG. 5 illustrates an example of a switching
infrastructure.
[0010] FIG. 6 illustrates an example of a data center.
[0011] FIG. 7 illustrates an example of a sled.
[0012] FIG. 8 illustrates an example of a data center.
[0013] FIG. 9 illustrates an example of a data center.
[0014] FIG. 10 illustrates an example of a sled.
[0015] FIG. 11 illustrates an example of a data center.
[0016] FIG. 12 illustrates an example of a sled.
[0017] FIG. 13 illustrates an example of a firmware interface
table.
[0018] FIG. 14 illustrates an example of a processing diagram.
[0019] FIG. 15. illustrates an example of a first logic flow
diagram.
[0020] FIG. 16. illustrates an example of a second logic flow
diagram.
DETAILED DESCRIPTION
[0021] Various embodiments may be generally directed to discovering
non-enumerable resources of a system. For example, embodiments
include storing a firmware interface table (FIT) in a firmware
device coupled to processing circuitry, the FIT includes entries to
identify non-enumerable resources. The entries may include vendor
defined identification information, such as a SKU, that may be used
to identify a non-enumerable resource, for example.
[0022] Embodiments also include accessing, by processing circuitry,
the FIT to identify the non-enumerable resources. For example,
processing circuitry may read or retrieve the entries in the FIT,
which include the identification to identify the non-enumerable
resources. In some instances, one or more entries associated with a
vendor may be signed by a vendor key (or hash value) and used to
validate the one or more entries. Further, each of the vendor keys
may be signed by a manufacturer of the platform or sled, e.g.
Intel.RTM. Corp., for use in validating the vendor keys.
Embodiments are not limited in this manner. These and other details
will become more apparent in the following description.
[0023] Reference is now made to the drawings, wherein like
reference numerals are used to refer to like elements throughout.
In the following description, for purposes of explanation, numerous
specific details are set forth in order to provide a thorough
understanding thereof. It may be evident, however, that the novel
embodiments can be practiced without these specific details. In
other instances, well-known structures and devices are shown in
block diagram form in order to facilitate a description thereof.
The intention is to cover all modifications, equivalents, and
alternatives consistent with the claimed subject matter.
[0024] FIG. 1 illustrates a conceptual overview of a data center
100 that may generally be representative of a data center or other
type of computing network in/for which one or more techniques
described herein may be implemented according to various
embodiments. As shown in FIG. 1, data center 100 may generally
contain a plurality of racks, each of which may house computing
equipment comprising a respective set of physical resources. In the
particular non-limiting example depicted in FIG. 1, data center 100
contains four racks 102A to 102D, which house computing equipment
comprising respective sets of physical resources (PCRs) 105A to
105D. According to this example, a collective set of physical
resources 106 of data center 100 includes the various sets of
physical resources 105A to 105D that are distributed among racks
102A to 102D. Physical resources 106 may include resources of
multiple types, such as--for example--processors, co-processors,
accelerators, field-programmable gate arrays (FPGAs), memory, and
storage. The embodiments are not limited to these examples.
[0025] The illustrative data center 100 differs from typical data
centers in many ways. For example, in the illustrative embodiment,
the circuit boards ("sleds") on which components such as CPUs,
memory, and other components are placed are designed for increased
thermal performance. In particular, in the illustrative embodiment,
the sleds are shallower than typical boards. In other words, the
sleds are shorter from the front to the back, where cooling fans
are located. This decreases the length of the path that air must to
travel across the components on the board. Further, the components
on the sled are spaced further apart than in typical circuit
boards, and the components are arranged to reduce or eliminate
shadowing (i.e., one component in the air flow path of another
component). In the illustrative embodiment, processing components
such as the processors are located on a top side of a sled while
near memory, such as DIMMs, are located on a bottom side of the
sled. As a result of the enhanced airflow provided by this design,
the components may operate at higher frequencies and power levels
than in typical systems, thereby increasing performance.
Furthermore, the sleds are configured to blindly mate with power
and data communication cables in each rack 102A, 102B, 102C, 102D,
enhancing their ability to be quickly removed, upgraded,
reinstalled, and/or replaced. Similarly, individual components
located on the sleds, such as processors, accelerators, memory, and
data storage drives, are configured to be easily upgraded due to
their increased spacing from each other. In the illustrative
embodiment, the components additionally include hardware
attestation features to prove their authenticity.
[0026] Furthermore, in the illustrative embodiment, the data center
100 utilizes a single network architecture ("fabric") that supports
multiple other network architectures including Ethernet and
Omni-Path. The sleds, in the illustrative embodiment, are coupled
to switches via optical fibers, which provide higher bandwidth and
lower latency than typical twister pair cabling (e.g., Category 5,
Category 5e, Category 6, etc.). Due to the high bandwidth, low
latency interconnections and network architecture, the data center
100 may, in use, pool resources, such as memory, accelerators
(e.g., graphics accelerators, FPGAs, ASICs, etc.), and data storage
drives that are physically disaggregated, and provide them to
compute resources (e.g., processors) on an as needed basis,
enabling the compute resources to access the pooled resources as if
they were local. The illustrative data center 100 additionally
receives usage information for the various resources, predicts
resource usage for different types of workloads based on past
resource usage, and dynamically reallocates the resources based on
this information.
[0027] The racks 102A, 102B, 102C, 102D of the data center 100 may
include physical design features that facilitate the automation of
a variety of types of maintenance tasks. For example, data center
100 may be implemented using racks that are designed to be
robotically-accessed, and to accept and house
robotically-manipulable resource sleds. Furthermore, in the
illustrative embodiment, the racks 102A, 102B, 102C, 102D include
integrated power sources that receive higher current than typical
for power sources. The increased current enables the power sources
to provide additional power to the components on each sled,
enabling the components to operate at higher than typical
frequencies. FIG. 2 illustrates an exemplary logical configuration
of a rack 202 of the data center 100. As shown in FIG. 2, rack 202
may generally house a plurality of sleds, each of which may
comprise a respective set of physical resources. In the particular
non-limiting example depicted in FIG. 2, rack 202 houses sleds
204-1 to 204-4 comprising respective sets of physical resources
205-1 to 205-4, each of which constitutes a portion of the
collective set of physical resources 206 comprised in rack 202.
With respect to FIG. 1, if rack 202 is representative of--for
example--rack 102A, then physical resources 206 may correspond to
the physical resources 105A comprised in rack 102A. In the context
of this example, physical resources 105A may thus be made up of the
respective sets of physical resources, including physical storage
resources 205-1, physical accelerator resources 205-2, physical
memory resources 204-3, and physical compute resources 205-5
comprised in the sleds 204-1 to 204-4 of rack 202. The embodiments
are not limited to this example. Each sled may contain a pool of
each of the various types of physical resources (e.g., compute,
memory, accelerator, storage). By having robotically accessible and
robotically manipulable sleds comprising disaggregated resources,
each type of resource can be upgraded independently of each other
and at their own optimized refresh rate.
[0028] FIG. 3 illustrates an example of a data center 300 that may
generally be representative of one in/for which one or more
techniques described herein may be implemented according to various
embodiments. In the particular non-limiting example depicted in
FIG. 3, data center 300 comprises racks 302-1 to 302-32. In various
embodiments, the racks of data center 300 may be arranged in such
fashion as to define and/or accommodate various access pathways.
For example, as shown in FIG. 3, the racks of data center 300 may
be arranged in such fashion as to define and/or accommodate access
pathways 311A, 311B, 311C, and 311D. In some embodiments, the
presence of such access pathways may generally enable automated
maintenance equipment, such as robotic maintenance equipment, to
physically access the computing equipment housed in the various
racks of data center 300 and perform automated maintenance tasks
(e.g., replace a failed sled, upgrade a sled). In various
embodiments, the dimensions of access pathways 311A, 311B, 311C,
and 311D, the dimensions of racks 302-1 to 302-32, and/or one or
more other aspects of the physical layout of data center 300 may be
selected to facilitate such automated operations. The embodiments
are not limited in this context.
[0029] FIG. 4 illustrates an example of a data center 400 that may
generally be representative of one in/for which one or more
techniques described herein may be implemented according to various
embodiments. As shown in FIG. 4, data center 400 may feature an
optical fabric 412. Optical fabric 412 may generally comprise a
combination of optical signaling media (such as optical cabling)
and optical switching infrastructure via which any particular sled
in data center 400 can send signals to (and receive signals from)
each of the other sleds in data center 400. The signaling
connectivity that optical fabric 412 provides to any given sled may
include connectivity both to other sleds in a same rack and sleds
in other racks. In the particular non-limiting example depicted in
FIG. 4, data center 400 includes four racks 402A to 402D. Racks
402A to 402D house respective pairs of sleds 404A-1 and 404A-2,
404B-1 and 404B-2, 404C-1 and 404C-2, and 404D-1 and 404D-2. Thus,
in this example, data center 400 comprises a total of eight sleds.
Via optical fabric 412, each such sled may possess signaling
connectivity with each of the seven other sleds in data center 400.
For example, via optical fabric 412, sled 404A-1 in rack 402A may
possess signaling connectivity with sled 404A-2 in rack 402A, as
well as the six other sleds 404B-1, 404B-2, 404C-1, 404C-2, 404D-1,
and 404D-2 that are distributed among the other racks 402B, 402C,
and 402D of data center 400. The embodiments are not limited to
this example.
[0030] FIG. 5 illustrates an overview of a connectivity scheme 500
that may generally be representative of link-layer connectivity
that may be established in some embodiments among the various sleds
of a data center, such as any of example data centers 100, 300, and
400 of FIGS. 1, 3, and 4. Connectivity scheme 500 may be
implemented using an optical fabric that features a dual-mode
optical switching infrastructure 514. Dual-mode optical switching
infrastructure 514 may generally comprise a switching
infrastructure that is capable of receiving communications
according to multiple link-layer protocols via a same unified set
of optical signaling media, and properly switching such
communications. In various embodiments, dual-mode optical switching
infrastructure 514 may be implemented using one or more dual-mode
optical switches 515. In various embodiments, dual-mode optical
switches 515 may generally comprise high-radix switches. In some
embodiments, dual-mode optical switches 515 may comprise multi-ply
switches, such as four-ply switches. In various embodiments,
dual-mode optical switches 515 may feature integrated silicon
photonics that enable them to switch communications with
significantly reduced latency in comparison to conventional
switching devices. In embodiments, the dual-mode switch may be a
single physical network wire that may be capable of carrying
Ethernet or Onmi-Path communication, which may be auto-detected by
the dual-mode optical switch 515 or configured by the Pod
management controller. This allows for the same network to be used
for Cloud traffic (Ethernet) or High Performance Computing (HPC),
typically Onmi-Path or Infiniband. Moreover, and in some instances,
an Onmi-Path protocol may carry Onmi-Path communication and
Ethernet communication. In some embodiments, dual-mode optical
switches 515 may constitute leaf switches 530 in a leaf-spine
architecture additionally including one or more dual-mode optical
spine switches 520. Note that in some embodiments, the architecture
may not be a leaf-spine architecture, but may be a two-ply switch
architecture to connect directly to the sleds.
[0031] In various embodiments, dual-mode optical switches may be
capable of receiving both Ethernet protocol communications carrying
Internet Protocol (IP packets) and communications according to a
second, high-performance computing (HPC) link-layer protocol (e.g.,
Intel's Omni-Path Architecture's, Infiniband) via optical signaling
media of an optical fabric. As reflected in FIG. 5, with respect to
any particular pair of sleds 504A and 504B possessing optical
signaling connectivity to the optical fabric, connectivity scheme
500 may thus provide support for link-layer connectivity via both
Ethernet links and HPC links. Thus, both Ethernet and HPC
communications can be supported by a single high-bandwidth,
low-latency switch fabric. The embodiments are not limited to this
example.
[0032] FIG. 6 illustrates a general overview of a rack architecture
600 that may be representative of an architecture of any particular
one of the racks depicted in FIGS. 1 to 4 according to some
embodiments. As reflected in FIG. 6, rack architecture 600 may
generally feature a plurality of sled spaces into which sleds may
be inserted, each of which may be robotically-accessible via a rack
access region 601. In the particular non-limiting example depicted
in FIG. 6, rack architecture 600 features five sled spaces 603-1 to
603-5. Sled spaces 603-1 to 603-5 feature respective multi-purpose
connector modules (MPCMs) 616-1 to 616-5. In some instances, when a
sled is inserted into any given one of sled spaces 603-1 to 603-5,
the corresponding MPCM may couple with a counterpart MPCM of the
inserted sled. This coupling may provide the inserted sled with
connectivity to both signaling infrastructure and power
infrastructure of the rack in which it is housed.
[0033] Included among the types of sleds to be accommodated by rack
architecture 600 may be one or more types of sleds that feature
expansion capabilities. FIG. 7 illustrates an example of a sled 704
that may be representative of a sled of such a type. As shown in
FIG. 7, sled 704 may comprise a set of physical resources 705, as
well as an MPCM 716 designed to couple with a counterpart MPCM when
sled 704 is inserted into a sled space such as any of sled spaces
603-1 to 603-5 of FIG. 6. Sled 704 may also feature an expansion
connector 717. Expansion connector 717 may generally comprise a
socket, slot, or other type of connection element that is capable
of accepting one or more types of expansion modules, such as an
expansion sled 718. By coupling with a counterpart connector on
expansion sled 718, expansion connector 717 may provide physical
resources 705 with access to supplemental computing resources 705B
residing on expansion sled 718. The embodiments are not limited in
this context.
[0034] FIG. 8 illustrates an example of a rack architecture 800
that may be representative of a rack architecture that may be
implemented in order to provide support for sleds featuring
expansion capabilities, such as sled 704 of FIG. 7. In the
particular non-limiting example depicted in FIG. 8, rack
architecture 800 includes seven sled spaces 803-1 to 803-7, which
feature respective MPCMs 816-1 to 816-7. Sled spaces 803-1 to 803-7
include respective primary regions 803-1A to 803-7A and respective
expansion regions 803-1B to 803-7B. With respect to each such sled
space, when the corresponding MPCM is coupled with a counterpart
MPCM of an inserted sled, the primary region may generally
constitute a region of the sled space that physically accommodates
the inserted sled. The expansion region may generally constitute a
region of the sled space that can physically accommodate an
expansion module, such as expansion sled 718 of FIG. 7, in the
event that the inserted sled is configured with such a module.
[0035] FIG. 9 illustrates an example of a rack 902 that may be
representative of a rack implemented according to rack architecture
800 of FIG. 8 according to some embodiments. In the particular
non-limiting example depicted in FIG. 9, rack 902 features seven
sled spaces 903-1 to 903-7, which include respective primary
regions 903-1A to 903-7A and respective expansion regions 903-1B to
903-7B. In various embodiments, temperature control in rack 902 may
be implemented using an air cooling system. For example, as
reflected in FIG. 9, rack 902 may feature a plurality of fans 919
that are generally arranged to provide air cooling within the
various sled spaces 903-1 to 903-7. In some embodiments, the height
of the sled space is greater than the conventional "1U" server
height. In such embodiments, fans 919 may generally comprise
relatively slow, large diameter cooling fans as compared to fans
used in conventional rack configurations. Running larger diameter
cooling fans at lower speeds may increase fan lifetime relative to
smaller diameter cooling fans running at higher speeds while still
providing the same amount of cooling. The sleds are physically
shallower than conventional rack dimensions. Further, components
are arranged on each sled to reduce thermal shadowing (i.e., not
arranged serially in the direction of air flow). As a result, the
wider, shallower sleds allow for an increase in device performance
because the devices can be operated at a higher thermal envelope
(e.g., 250 W) due to improved cooling (i.e., no thermal shadowing,
more space between devices, more room for larger heat sinks,
etc.).
[0036] MPCMs 916-1 to 916-7 may be configured to provide inserted
sleds with access to power sourced by respective power modules
920-1 to 920-7, each of which may draw power from an external power
source 921. In various embodiments, external power source 921 may
deliver alternating current (AC) power to rack 902, and power
modules 920-1 to 920-7 may be configured to convert such AC power
to direct current (DC) power to be sourced to inserted sleds. In
some embodiments, for example, power modules 920-1 to 920-7 may be
configured to convert 277-volt AC power into 12-volt DC power for
provision to inserted sleds via respective MPCMs 916-1 to 916-7.
The embodiments are not limited to this example.
[0037] MPCMs 916-1 to 916-7 may also be arranged to provide
inserted sleds with optical signaling connectivity to a dual-mode
optical switching infrastructure 914, which may be the same as--or
similar to--dual-mode optical switching infrastructure 514 of FIG.
5. In various embodiments, optical connectors contained in MPCMs
916-1 to 916-7 may be designed to couple with counterpart optical
connectors contained in MPCMs of inserted sleds to provide such
sleds with optical signaling connectivity to dual-mode optical
switching infrastructure 914 via respective lengths of optical
cabling 922-1 to 922-7. In some embodiments, each such length of
optical cabling may extend from its corresponding MPCM to an
optical interconnect loom 923 that is external to the sled spaces
of rack 902. In various embodiments, optical interconnect loom 923
may be arranged to pass through a support post or other type of
load-bearing element of rack 902. The embodiments are not limited
in this context. Because inserted sleds connect to an optical
switching infrastructure via MPCMs, the resources typically spent
in manually configuring the rack cabling to accommodate a newly
inserted sled can be saved.
[0038] FIG. 10 illustrates an example of a sled 1004 that may be
representative of a sled designed for use in conjunction with rack
902 of FIG. 9 according to some embodiments. Sled 1004 may feature
an MPCM 1016 that comprises an optical connector 1016A and a power
connector 1016B, and that is designed to couple with a counterpart
MPCM of a sled space in conjunction with insertion of MPCM 1016
into that sled space. Coupling MPCM 1016 with such a counterpart
MPCM may cause power connector 1016 to couple with a power
connector comprised in the counterpart MPCM. This may generally
enable physical resources 1005 of sled 1004 to source power from an
external source, via power connector 1016 and power transmission
media 1024 that conductively couples power connector 1016 to
physical resources 1005.
[0039] Sled 1004 may also include dual-mode optical network
interface circuitry 1026. Dual-mode optical network interface
circuitry 1026 may generally comprise circuitry that is capable of
communicating over optical signaling media according to each of
multiple link-layer protocols supported by dual-mode optical
switching infrastructure 914 of FIG. 9. In some embodiments,
dual-mode optical network interface circuitry 1026 may be capable
both of Ethernet protocol communications and of communications
according to a second, high-performance protocol. In various
embodiments, dual-mode optical network interface circuitry 1026 may
include one or more optical transceiver modules 1027, each of which
may be capable of transmitting and receiving optical signals over
each of one or more optical channels. The embodiments are not
limited in this context.
[0040] Coupling MPCM 1016 with a counterpart MPCM of a sled space
in a given rack may cause optical connector 1016A to couple with an
optical connector comprised in the counterpart MPCM. This may
generally establish optical connectivity between optical cabling of
the sled and dual-mode optical network interface circuitry 1026,
via each of a set of optical channels 1025. Dual-mode optical
network interface circuitry 1026 may communicate with the physical
resources 1005 of sled 1004 via electrical signaling media 1028. In
addition to the dimensions of the sleds and arrangement of
components on the sleds to provide improved cooling and enable
operation at a relatively higher thermal envelope (e.g., 250 W), as
described above with reference to FIG. 9, in some embodiments, a
sled may include one or more additional features to facilitate air
cooling, such as a heatpipe and/or heat sinks arranged to dissipate
heat generated by physical resources 1005. It is worthy of note
that although the example sled 1004 depicted in FIG. 10 does not
feature an expansion connector, any given sled that features the
design elements of sled 1004 may also feature an expansion
connector according to some embodiments. The embodiments are not
limited in this context.
[0041] FIG. 11 illustrates an example of a data center 1100 that
may generally be representative of one in/for which one or more
techniques described herein may be implemented according to various
embodiments. As reflected in FIG. 11, a physical infrastructure
management framework 1150A may be implemented to facilitate
management of a physical infrastructure 1100A of data center 1100.
In various embodiments, one function of physical infrastructure
management framework 1150A may be to manage automated maintenance
functions within data center 1100, such as the use of robotic
maintenance equipment to service computing equipment within
physical infrastructure 1100A. In some embodiments, physical
infrastructure 1100A may feature an advanced telemetry system that
performs telemetry reporting that is sufficiently robust to support
remote automated management of physical infrastructure 1100A. In
various embodiments, telemetry information provided by such an
advanced telemetry system may support features such as failure
prediction/prevention capabilities and capacity planning
capabilities. In some embodiments, physical infrastructure
management framework 1150A may also be configured to manage
authentication of physical infrastructure components using hardware
attestation techniques. For example, robots may verify the
authenticity of components before installation by analyzing
information collected from a radio frequency identification (RFID)
tag associated with each component to be installed. The embodiments
are not limited in this context.
[0042] As shown in FIG. 11, the physical infrastructure 1100A of
data center 1100 may comprise an optical fabric 1112, which may
include a dual-mode optical switching infrastructure 1114. Optical
fabric 1112 and dual-mode optical switching infrastructure 1114 may
be the same as--or similar to--optical fabric 412 of FIG. 4 and
dual-mode optical switching infrastructure 514 of FIG. 5,
respectively, and may provide high-bandwidth, low-latency,
multi-protocol connectivity among sleds of data center 1100. As
discussed above, with reference to FIG. 1, in various embodiments,
the availability of such connectivity may make it feasible to
disaggregate and dynamically pool resources such as accelerators,
memory, and storage. In some embodiments, for example, one or more
pooled accelerator sleds 1130 may be included among the physical
infrastructure 1100A of data center 1100, each of which may
comprise a pool of accelerator resources--such as co-processors
and/or FPGAs, for example--that is available globally accessible to
other sleds via optical fabric 1112 and dual-mode optical switching
infrastructure 1114.
[0043] In another example, in various embodiments, one or more
pooled storage sleds 1132 may be included among the physical
infrastructure 1100A of data center 1100, each of which may
comprise a pool of storage resources that is available globally
accessible to other sleds via optical fabric 1112 and dual-mode
optical switching infrastructure 1114. In some embodiments, such
pooled storage sleds 1132 may comprise pools of solid-state storage
devices such as solid-state drives (SSDs). In various embodiments,
one or more high-performance processing sleds 1134 may be included
among the physical infrastructure 1100A of data center 1100. In
some embodiments, high-performance processing sleds 1134 may
comprise pools of high-performance processors, as well as cooling
features that enhance air cooling to yield a higher thermal
envelope of up to 250 W or more. In various embodiments, any given
high-performance processing sled 1134 may feature an expansion
connector 1117 that can accept a far memory expansion sled, such
that the far memory that is locally available to that
high-performance processing sled 1134 is disaggregated from the
processors and near memory comprised on that sled. In some
embodiments, such a high-performance processing sled 1134 may be
configured with far memory using an expansion sled that comprises
low-latency SSD storage. The optical infrastructure allows for
compute resources on one sled to utilize remote accelerator/FPGA,
memory, and/or SSD resources that are disaggregated on a sled
located on the same rack or any other rack in the data center. The
remote resources can be located one switch jump away or two-switch
jumps away in the spine-leaf network architecture described above
with reference to FIG. 5. The embodiments are not limited in this
context.
[0044] In various embodiments, one or more layers of abstraction
may be applied to the physical resources of physical infrastructure
1100A in order to define a virtual infrastructure, such as a
software-defined infrastructure 1100B. In some embodiments, virtual
computing resources 1136 of software-defined infrastructure 1100B
may be allocated to support the provision of cloud services 1140.
In various embodiments, particular sets of virtual computing
resources 1136 may be grouped for provision to cloud services 1140
in the form of SDI services 1138. Examples of cloud services 1140
may include--without limitation--software as a service (SaaS)
services 1142, platform as a service (PaaS) services 1144, and
infrastructure as a service (IaaS) services 1146.
[0045] In some embodiments, management of software-defined
infrastructure 1100B may be conducted using a virtual
infrastructure management framework 1150B. In various embodiments,
virtual infrastructure management framework 1150B may be designed
to implement workload fingerprinting techniques and/or
machine-learning techniques in conjunction with managing allocation
of virtual computing resources 1136 and/or SDI services 1138 to
cloud services 1140. In some embodiments, virtual infrastructure
management framework 1150B may use/consult telemetry data in
conjunction with performing such resource allocation. In various
embodiments, an application/service management framework 1150C may
be implemented in order to provide QoS management capabilities for
cloud services 1140. The embodiments are not limited in this
context.
[0046] FIG. 12 illustrates an example of a sled 1204 that may be
representative of a sled designed for use in conjunction with the
racks discussed herein, for example. In embodiments, sled 1204 may
be similar to and have similar components and functionality as sled
1004 discussed in FIG. 12. Sled 1204 may feature an MPCM 1216 that
which may include an optical connector 1216A, a power connector
1216B, and an ETH connector 1216C, and that is designed to couple
with a counterpart MPCM of a sled space in conjunction with
insertion of MPCM 1216 into that sled space. Coupling MPCM 1216
with such a counterpart MPCM may cause power connector 1216B to
couple with a power connector comprised in the counterpart MPCM.
This may generally enable physical resources 1205 of sled 1204 to
source power from an external source, via power connector 1216B and
power transmission media 1224 that conductively couples power
connector 1216 to physical resources 1205.
[0047] Sled 1204 may also include dual-mode optical network
interface circuitry 1226. Dual-mode optical network interface
circuitry 1226 may generally include circuitry that is capable of
communicating over optical signaling media according to each of
multiple link-layer protocols supported by dual-mode optical
switching infrastructure, as previously discussed in FIGS. 9 and
10. In some embodiments, dual-mode optical network interface
circuitry 1226 may be capable both of Ethernet protocol
communications and of communications according to a second,
high-performance protocol. In various embodiments, dual-mode
optical network interface circuitry 1226 may include one or more
optical transceiver modules 1227, each of which may be capable of
transmitting and receiving optical signals over each of one or more
optical channels. The embodiments are not limited in this
context.
[0048] Coupling MPCM 1216 with a counterpart MPCM of a sled space
in a given rack may cause optical connector 1216A to couple with an
optical connector comprised in the counterpart MPCM. This may
generally establish optical connectivity between optical cabling of
the sled and dual-mode optical network interface circuitry 1226,
via each of a set of optical channels 1225. Dual-mode optical
network interface circuitry 1226 may communicate with the physical
resources 1205 of sled 1204 via electrical signaling media
1228.
[0049] The sled 1204 may also include a management controller 1262,
which may be capable of performing management functions for the
sled 1204 and physical resources 1205. The management controller
1262 provides management functionality including sending metric
data to a pod management controller or rack management controller.
In some instances, the management controller 1262 may be part of an
Intelligent Platform Management Interface (IPMI) architecture and
may be a baseboard management controller (BMC) or specialized
service processor that monitors the physical state and operational
state of the physical resources 1205 using sensors and
communicating with the physical resources 1205 themselves to
collect the metric data. In some instances, the management
controller 1262 may be a sled management controller. Embodiments
are not limited in this manner.
[0050] The management controller 1262 may also perform other
functions, including but not limited to, collecting and providing
identification information with respect to the one or more physical
resources 1205 during startup or restart operations of the sled
1204. This identification information may identify non-discoverable
or non-enumerable resources, such as those coupled via a general
purpose input/output (GPIO) bus, a system management bus (SMBus),
serial peripheral interface (SPI) bus, enhanced SPI (eSPI) bus, low
pin count (LPC) bus, flash/non-volatile memory interfaces such as
Common Flash Memory Interface (CFI), Open NAND Flash Interface
(ONFI), and so forth. Identification information for these
resources was typically hardcoded into the BIOS to handle specific
platform tasks. However, hardcoding the identification information
generally leads to each original equipment manufacturer (OEM)
defining their own code or format for handling variations and
validations of the implementations of their devices. Embodiments
discussed provide a standard format for deploying this
identification information.
[0051] Embodiments include incorporating the identification
information in a firmware interface table (FIT) 1219 of a firmware
device 1217, which may be non-volatile memory. The FIT 1219 may
include the identification information, such as a stock keeping
unit (SKU) identification or platform identifiers, for physical
resources 1205 in a standard format. The FIT 1219 may also include
platform/SKU description languages for the non-enumerable
resources. The identification information and platform/SKU
description language in the FIT 1219 may be discoverable and
validated by circuitry 1213 and provided to other components for
configuration.
[0052] In embodiments, the FIT 1219 may store additional
information in the FIT, such as memory parameters and link
initialization information. Typically, the memory parameters and
link initialization information may be stored in BIOS code.
However, if any changes are required to memory parameters or link
initialization information, the total time to manufacture may be
delayed, increasing cost because of a change in BIOS code. This
information, memory parameters and link initialization information,
alternatively may also be stored in the FIT 1219 may be
updateable/changed with affected the BIOS code. Thus, "generic"
BIOS code may be utilized to reduce cost and risk of delays during
the time of manufacturer.
[0053] Embodiments may include the sled 1204 having the circuitry
1213 capable of executing one or more instructions, such as
microcode 1211, to discover and provide the identification
information and platform/SKU description languages for resources or
devices. For example, the circuitry 1213 may execute the microcode
1211 based on one or more registers being set or signals
communicated to the circuitry 1213. The microcode 1211 may be
stored in non-volatile memory, which may be secured memory in some
instances. The instructions may be communicated via one or more
interconnects 1258 between the non-volatile memory and the
circuitry 1213 for execution, for example. In some instances, the
microcode 1211 and circuitry 1213 may be implemented in the same
device or silicon and other in instances the circuitry 1213 and
microcode 1211 may be part of different devices. In some
embodiments, the circuitry 1213 may be part of a processing unit, a
controller, the management controller 1262, a physical compute
resource 1205-2, and so forth. In some instances, the circuitry
1213 may be standalone circuitry for processing microcode 1211 as
part of a startup or reset operation.
[0054] The circuitry 1213 may read or access the FIT 1219 in the
firmware device 1217, which may be non-volatile memory and may be
secure memory. In some instances, the firmware device 1217 may be
read only memory (ROM) that is part of an Advanced Configuration
and Power Interface (ACPI) architecture or Unified Extensible
Firmware Interface (UEFI) architecture. As will be discussed in
more detail below, the FIT 1219 may include one or more entries,
e.g. SKU identifiers, associated with one or more vendors. The
vendors may be the OEM of particular resources or devices that are
incorporated with the sled 1204 or coupled with the sled 1204 via
one or more interconnects. In some instances, the devices or
resources may be physical resources 1205, which may include
physical memory resource(s) 1205-1, physical compute resource(s)
1205-2, a physical storage resource(s) 1205-3, and physical
accelerator resource(s) 1205-4.
[0055] In some instances, one or more of the physical resources
1205 may be a non-enumerable resource or device that are typically
not discoverable during a typical startup or restart of a sled. As
mentioned, these non-enumerable resources may include devices
coupled with components of the sled 1204, such as the management
controller 1262, via a GPIO bus, SMBus bus, and a USB. For example,
these non-enumerable resources may include a battery subsystem of a
laptop or mobile device, a temperature sensor, a fan sensor, a
voltage sensor, switches, clock chips, and so forth connected via a
SMBus. Other non-enumerable devices connected via the SMBus may
include Peripheral Component Interconnect (PCI) add-in or expansion
cards. Non-enumerable resources that may utilize the GPIO bus may
include output devices, such as light emitting diodes, buzzers,
speakers, and so forth. Other non-enumerable resources that may
utilize the GPIO bus may include input devices, such as buttons,
various sensors (motion, light, etc.), and so forth. Embodiments
are not limited to these examples.
[0056] As mentioned, identification information for each the
non-enumerable resources may be programmed or stored in a FIT 1219
in the firmware device 1217. Thus, the circuitry 1213 may discover
these devices via the identification information in the FIT 1219
and provide the identification information to other components of
the sled 1204 include the management controller 1262, the BIOS
1212, a management engine (not show), an Innovation Engine (not
shown) and so forth via one or more interconnects 1268 and
electrical signaling. In some instances, the circuitry 1213 may
validate each entry in the FIT 1219 to ensure the integrity of the
identification information. For example, a vendor may sign or
generate a key or hash value for its identification
information/entries in the FIT 1219. One key or hash value may be
generated and based on all of the entries identifying devices for a
particular vendor, for example. Each vendor may generate and have a
unique key or hash value based on its own resources. The key or
hash value may be stored in a secure device, such as Intel's.RTM.
Trusted Platform Model (TPM.RTM.), or any other secure memory or
secure storage device. The circuitry 1213 may validate entries in
the FIT 1219 by comparing the key or hash value from the FIT 1219
with the trusted key or hash value stored in the secure device.
[0057] In some embodiments, the circuitry 1213 may validate the
entire FIT 1219 structure by comparing a global key or hash value
in the FIT 1219 with a stored and validated global key or hash
value stored in the secure device. The global key or hash value may
be generated and based on the keys associated with the vendors and
entries. As will be discussed in more detail below, the vendor key
or hash values may be generated by each particular vendor and the
global key or hash value may be generated by the manufacturer of
the sled 1204 or OEM of the overall compute system. In other words,
vendors of each non-enumerable resource may generate a key or hash
value for validating their particular resources, and the OEM of the
overall system may generate the global key or hash value based on
each of the vendor's keys or hash values. All of the keys or hash
values may be stored in secure device and used to validate resource
entries and the system. These and other details will become more
apparent in the following description.
[0058] FIG. 13 illustrates an example of a firmware interface table
1319 that may be incorporated in a firmware device. Embodiments are
not limited to the illustrated example and embodiments may include
more or less entries to identify physical resources for any number
of vendors based on particular configurations of a sled or compute
system. The FIT 1319 may also include additional information, not
shown in the illustrated example, as will be discussed in more
detail below.
[0059] The FIT 1319 may be included in read-only memory space, such
as PAL/SAL ROM space, within a firmware address space of firmware,
such as firmware device 1217 of FIG. 12 or firmware device 1417 of
FIG. 14. Moreover, the firmware address space includes the PAL and
SAL code areas and other information, such as the IA-32 reset
vector (reset vector 1340), various entry points/addresses,
reserved areas, and so forth. The FIT 1319 may start at address 4
GB-X, where X is the protected boot block and is variable and 4 GB
indicates the size of the firmware address space. Further, the
FIT's ending address is 4 G-X-Y, where Y is the FIT size and may be
dependent on the number of entries in the FIT. Typically the FIT
includes a fit header 1342, starting addresses and sizes for
different firmware components that are outside a protected boot
block.
[0060] In embodiments discussed herein, the FIT 1319 includes
identification information for physical resources, and in
particular, non-enumerable resource which may not be discoverable.
Moreover, the FIT 1319 may include entries 1345, each associated
with a particular non-enumerable resource and may be a SKU for the
particular non-enumerable resource. Thus, Entry_1 1345-1-1 may be
associated with and include a SKU for a first non-enumerable
resource. In another example, Entry_2 1345-1-2 may be associated
with and include a SKU for a second non-enumerable resource. In a
third example, Entry_3 1345-1-3 may be associated with and include
a SKU for a third non-enumerable resource. The FIT 1319 may include
any number of entries as illustrated by Entry_p 1345-1-p, where p
may be any positive integer, for any number of vendors.
[0061] In the illustrated example, each of the entries 1345
manufactured by a particular vendor may be signed by the same
vendor key 1343. For example, Entry_1 1345-1-1, Entry_2 1345-1-2,
and Entry_3 1345-1-3 may be for non-enumerable resources
manufactured and/or sold by the same vendor and signed by the same
vendor key (Vendor Key_1) 1343-1 in the FIT 1319. The vendor key
1343 may be a hash value generated from each of the entries 1345 in
the FIT 1319 for a particular vendor. Moreover, each vendor may
have a different vendor key 1343, which is based on the entries
1345 in the FIT 1319 manufactured by that particular vendor.
[0062] In embodiments, the FIT 1319 may also include a global
vendor key 1341, which may be a hash value generated and/or signed
by the manufacturer of the compute system or a sled. In some
instances, the global vendor key 1341 may not be located within the
FIT 1319, but may be located within a different secure memory. As
will be discussed in more detail below, the vendor keys 1343 may be
used to verify the entries 1345 and the global key 1341 may be used
to verify the vendor keys 1343.
[0063] FIG. 14 illustrates an example of a processing flow 1400 to
determine non-enumerable resources of a compute system, such as a
sled or rack system, discussed herein. In the illustrated example,
a number of elements may communicate with each other via one or
more interconnects and signaling to determine the non-enumerable
resources that may be stored or identified in a firmware device
1417. As will be discussed in more detail, the processing circuitry
1413 may execute microcode to determine the non-enumerable
resources. The processing circuitry 1413 may be part of a computer
processing unit (CPU), a special processor, and so forth to process
instructions during boot-up. Embodiments may not be limited to the
elements illustrated in FIG. 14 and one or more additional elements
may be presented or utilized and still be consistent with
embodiments discussed herein.
[0064] In embodiments, processing circuitry 1413 may receive an
indication or signal to perform a detection or determination of one
or more non-enumerable resources that are present on a platform,
such as a sled discussed herein. The indication or signal may be
based on one or more registers being set and caused by power being
applied to the platform or sled as part of a startup routine or
during a restart routine. The indication or signal may occur prior
to many of the components or elements initializing during a
pre-boot initialization, and may occur prior to or during a power
on self-test (POST) routine. In some instances, the indication or
signal may occur prior to execution of instruction of the BIOS and
the identification information may be provided to the BIOS for use
during execution of the BIOS instructions. In some instances, the
indication or signal may include receiving instructions from
microcode 1411. However, embodiments are not limited in this
manner.
[0065] At line 1452, the processing circuitry 1413 may receive or
retrieve one or more instructions from microcode 1411 to perform as
part of the pre-boot initialization and to determine one or more
non-enumerable resources included in a platform or sled. The one or
more instructions and microcode 1411 may be stored in a
non-volatile memory and/or a read-only memory that may have been
programmed at the time of manufacturer by the manufacturer. In some
instances, the microcode 1411 may be stored in a secure memory such
that it may not be changed or corrupted. However, embodiments are
not limited in this manner and in some instances, the microcode
1411 may be updatable or reprogrammable.
[0066] At line 1454, the processing circuitry 1413 may retrieve or
receive identification information from the firmware device 1417
and in particular the FIT 1419. The identification information may
include one or more entries 1445 identifying non-enumerable
resources of the platform or sled. For example, each entry 1445 may
indicate an identifier or be a SKU for a particular non-enumerable
resource. The processing circuitry 1413 may also receive or
retrieve one or more keys from the FIT 1419. The one or more keys
may include vendor keys 1443 and a global key 1441. A vendor key
1443 may be a hash value generated and based on each of the entries
1443 developed or manufactured by a particular vendor. For example,
a first vendor may generate a first key, e.g. vendor key 1443-1,
based on entries 1445 associated with non-enumerable resources
manufactured by the first vendor. In another example, a second
vendor may generate a second key, e.g. a vendor key 1443-2, based
on entries 1445 associated with non-Docket enumerable resources
manufactured by the second vendor. In these examples, the first key
and the second key will be different keys. Any number of vendor
keys 1443-m, where m may be any positive integer, may be generated
and equal the total number of vendors manufacturing non-enumerable
resources that are part of the platform or sled. Further, the
vendor keys 1443 may be signed or a global key 1441 may be
generated based on the vendor keys 1443. For example, a hash value
may be generated using the vendor keys 1443. In some instances, the
global key 1441 may be stored in the FIT 1419. In other instances,
the global 1441 may be generated by the processing circuitry 1413
in real-time, while processing instructions of the microcode 1411.
For example, the processing circuitry 1413 may use the vendor keys
1443 to generate a hash value, which may be a global 1441, and for
use in verification.
[0067] The processing circuitry 1413 may utilize the global key
1441 (or a generated global key) to verify the vendor keys 1443 in
the FIT 1419. For example, the processing circuitry 1413, at line
1456, may receive or retrieve a validated global key 1421 from a
secure device 1414 for comparison with the global key 1441 of the
FIT 1419. In some instances, the processing circuitry 1413 may
generate the global key, e.g. a hash value, using the vendor keys
1443 stored in the FIT 1419 in real-time. If the global key 1441 or
generated global key matches the validated global key 1421, the
vendor keys 1443 of the FIT 1419 may be validated. If the global
key 1441 or generated global key does not match the validated
global key 1421, the vendor keys 1443 may not be validated and a
corrective action may be taken. The validated global key 1421 may
be generated at the time of manufacturer by the manufacturer and
stored in the secure device 1414, which may be non-volatile and/or
read-only memory.
[0068] Similarly, the processing circuitry 1413 may also validate
each of the entries 1445 may comparing each of the one or more
vendor keys 1443 with a corresponding validated vendor key 1423 in
the secure device 1414. If a vendor key 1443 matches a
corresponding validated vendor key 1423, the entries 1445 for that
vendor may be validated. If a vendor key 1443 does not match a
corresponding validated vendor key 1423, the entries 1445 for that
vendor may not be validated and a corrective action may be
taken.
[0069] At line 1458, the processing circuitry 1413 may provide the
identification information, including the one or more entries
(SKUs) associated with the non-enumerable resources to one or more
other components of the platform or sled. For example, the
processing circuitry 1413 may provide the identification to the
BIOS 1412 and management controller 1462 to perform other pre-boot
operations and to boot the platform or sled. The identification
information may be utilized by the BIOS 1412, the management
controller 1462, and other components, such as management engine
(not shown), to configure other components for the platform or
sled. In some embodiments, the entries 1445 in the FIT 1419 may be
in particular such that one or more non-enumerable resources are
configured in a particular order. Further, entries and
non-enumerable resource information may be provided to the pod
management controller, such that these devices may be utilized and
managed in the data center. Embodiments are not limited in this
manner.
[0070] FIG. 15 illustrates an embodiment of logic flow 1500. The
logic flow 1500 may be representative of some or all of the
operations executed by one or more embodiments described herein.
For example, the logic flow 1500 may illustrate operations
performed by circuitry to determine non-enumerable resources during
a pre-boot operation, as discussed herein. However, embodiments are
not limited in this, and one or more operations may be performed by
other components or systems discussed herein.
[0071] At block 1502, the logic flow 1500 includes circuitry
receiving one or more signals or indications to perform pre-boot
operations to determine one or more non-enumerable resources that
are present on a platform or a sled. The circuitry may execute one
or more instructions based on the signals or indications, the
instructions may be part of microcode that may be stored in a
memory or firmware. Moreover, the microcode may have been generated
during the time of manufacturer of the platform or sled or may be
updateable. Embodiments are not limited in this manner.
[0072] At block 1504, the logic flow 1500 includes circuitry to
gather identification information for one or more non-enumerable
resources. More specifically, the circuitry may receive or retrieve
identification information, such as SKUs, associated with
non-enumerable resources from a FIT. Each identifier or entry in
the FIT may be associated with a particular non-enumerable resource
and with a particular vendor. Moreover, each vendor may have a
number of non-enumerable resources as part of the platform or
sled.
[0073] In embodiments, the circuitry may also gather vendor keys
associated with the entries (SKUs) in the FIT that may be used to
verify or validate the entries. Each vendor may have its own vendor
key that may be generated from the entries in the FIT. A vendor key
may be compared with to a validated vendor key in a secure device
to determine whether entries associated with that vendor key are
valid. The circuitry may also gather or generate a global key based
on the vendor keys that may be used to validate the vendor keys.
The global key may be compared with a validated global key to
validate the vendor keys. Embodiments are not limited in this
manner.
[0074] At decision block 1508, the logic flow 1500 may include
circuitry to determine whether one or more of the vendor keys and
the global key are valid. If at least one of the vendor keys or
global keys are not valid, the logic flow 1500 may include causing
a corrective action at block 1510. The corrective action may
include notify a system administrator of the invalidity.
Embodiments are not limited in this manner.
[0075] If at block 1508, the vendor keys and global key are valid,
the logic flow 1500 may include providing the identification
information including the SKUs to one or more other components of
the platform or sled. For example, the identification information
may be provided to a BIOS or a management controller to perform
additional startup operations.
[0076] FIG. 16 illustrates an embodiment of logic flow 1600. The
logic flow 1600 may be representative of some or all of the
operations executed by one or more embodiments described herein.
For example, the logic flow 1600 may illustrate operations
performed by circuitry to detect non-enumerable resources, as
discussed herein. However, embodiments are not limited in this, and
one or more operations may be performed by other components or
systems discussed herein.
[0077] At block 1605, the logic flow 1600 includes storing a
firmware interface table (FIT) in a firmware device coupled to
processing circuitry, the firmware interface table comprising an
entry to identify a non-enumerable resource. The entry includes
identification information, such as a SKU, that may be used to
identify the non-enumerable resource, for example.
[0078] At block 1610, the logic flow 1600 includes accessing, by
the processing circuitry, the firmware interface table to identify
the non-enumerable resource. For example, processing circuitry may
read or retrieve entries in the FIT, which include the
identification to identify the non-enumerable resource. In some
instances, one or more entries associated with a vendor may be
signed by a vendor key (or hash value) and used to validate the one
or more entries. Further, each of the vendor keys may be signed by
a manufacturer of the platform or sled, e.g. Intel.RTM. Corp., for
use in validating the vendor keys. Embodiments are not limited in
this manner.
[0079] The detailed disclosure now turns to providing examples that
pertain to further embodiments. Examples one through twenty-five
(1-25) provided below are intended to be exemplary and
non-limiting.
[0080] In a first example, a system, a device, an apparatus, and so
forth may include processing circuitry, processing circuitry, and a
firmware device coupled to the processing circuitry, the firmware
device comprising a firmware interface table, the firmware
interface table comprising an entry to identify a non-enumerable
resource. The processing circuitry to access the firmware interface
table to identify the non-enumerable resource.
[0081] In a second example and in furtherance of the first example,
a system, a device, an apparatus, and so forth including the entry
signed by a key and the processing circuitry to validate the entry
based on a comparison between the key and a validated key stored in
a secure device
[0082] In a third example and in furtherance of any of the previous
examples, a system, a device, an apparatus, and so forth including
the firmware interface table comprising a plurality of entries
including the entry, the plurality of entries associated with a
vendor, each of the entries associated with different
non-enumerable resources, and the plurality of entries signed by a
key, and the processing circuitry to validate the plurality of
entries based on a comparison between the key and a validated key
stored in a secure device.
[0083] In a fourth example and in furtherance of any of the
previous examples, a system, a device, an apparatus, and so forth
including the firmware interface table comprising a plurality of
entries including the entry, a first portion of the plurality of
entries associated with a first vendor and a second portion of the
plurality of entries associated with a second vendor, the first
portion signed by a first key and the second portion signed by a
second key.
[0084] In a fifth example and in furtherance of any of the previous
examples, a system, a device, an apparatus, and so forth including
the processing circuitry to validate the first portion based on a
comparison between the first key and a first validated key, and
validate the second portion based on a comparison between the
second key and a second validated key.
[0085] In a sixth example and in furtherance of any of the previous
examples, a system, a device, an apparatus, and so forth including
the first key and the second key signed by a third key, and the
processing circuitry to validate the first key and the second key
based on a comparison between the third key and a third validated
key.
[0086] In a seventh example and in furtherance of any of the
previous examples, a system, a device, an apparatus, and so forth
including the entry comprising a stock keeping unit (SKU)
identification code to identify the non-enumerable resource.
[0087] In an eighth example and in furtherance of any of the
previous examples, a system, a device, an apparatus, and so forth
including the processing circuitry to process one or more
instructions of microcode to validate the entry and provide the
entry to one or more of a Basic Input/Output System (BIOS), a
baseboard management controller (BMC), and a management engine
(ME).
[0088] In a ninth example and in furtherance of any of the previous
examples, a system, a device, an apparatus, and so forth including
the non-enumerable resource comprising a device coupled via one of
a system management bus (SMBus), a general purpose input/output
(GPIO) bus, serial peripheral interface (SPI) bus, enhanced SPI
(eSPI) bus, low pin count (LPC) bus, flash/non-volatile memory
interfaces such as Common Flash Memory Interface (CFI), Open NAND
Flash Interface (ONFI), and so forth.
[0089] In a tenth example and in furtherance of any of the previous
examples, a non-transitory computer-readable storage medium,
comprising a plurality of instructions, that when executed, enable
processing circuitry to access a firmware interface table of a
firmware device to identify a non-enumerable resource, the firmware
interface table comprising an entry to identify the non-enumerable
resource.
[0090] In an eleventh example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to validate the entry based on a
comparison between the key and a validated key stored in a secure
device.
[0091] In a twelfth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to validate a plurality of entries
including the entry based on a comparison between a key and a
validated key stored in a secure device, the plurality of entries
associated with a vendor, each of the entries associated with
different non-enumerable resources, and the plurality of entries
signed by the key.
[0092] In a thirteenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to process the firmware interface table
comprising a plurality of entries including the entry, a first
portion of the plurality of entries associated with a first vendor
and a second portion of the plurality of entries associated with a
second vendor, the first portion signed by a first key and the
second portion signed by a second key.
[0093] In a fourteenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to validate the first portion based on
a comparison between the first key and a first validated key, and
validate the second portion based on a comparison between the
second key and a second validated key.
[0094] In a fifteenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to process the first key and the second
key signed by a third key, and the processing circuitry to validate
the first key and the second key based on a comparison between the
third key and the third validated key.
[0095] In a sixteenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to process the entry comprising a stock
keeping unit (SKU) identification code to identify the
non-enumerable resource.
[0096] In a seventeenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to process one or more instructions of
microcode to validate the entry and provide the entry to one or
more of a Basic Input/Output System (BIOS), a baseboard management
controller (BMC), and a management engine (ME).
[0097] In an eighteenth example and in furtherance of any of the
previous examples, a non-transitory computer-readable storage
medium, comprising a plurality of instructions, that when executed,
enable processing circuitry to determine the non-enumerable
resource comprising a device coupled via one of a system management
bus (SMBus) and a general purpose input/output (GPIO) bus.
[0098] In a nineteenth example and in furtherance of any of the
previous examples, a computer-implemented method may include
accessing a firmware interface table of a firmware device to
identify a non-enumerable resource, the firmware interface table
comprising an entry to identify the non-enumerable resource, and
identifying the non-enumerable resource based on the entry in the
firmware interface table.
[0099] In a twentieth example and in furtherance of any of the
previous examples, a computer-implemented method may include
validating the entry based on a comparison between the key and a
validated key stored in a secure device.
[0100] In a twenty-first example and in furtherance of any of the
previous examples, a computer-implemented method may include
validating a plurality of entries including the entry based on a
comparison between a key and a validated key stored in a secure
device, the plurality of entries associated with a vendor, each of
the entries associated with different non-enumerable resources, and
the plurality of entries signed by the key.
[0101] In a twenty-second example and in furtherance of any of the
previous examples, a computer-implemented method may include
processing the firmware interface table comprising a plurality of
entries including the entry, a first portion of the plurality of
entries associated with a first vendor and a second portion of the
plurality of entries associated with a second vendor, the first
portion signed by a first key and the second portion signed by a
second key.
[0102] In a twenty-third example and in furtherance of any of the
previous examples, a computer-implemented method may include
validating the first portion based on a comparison between the
first key and a first validated key, and validate the second
portion based on a comparison between the second key and a second
validated key.
[0103] In a twenty-fourth example and in furtherance of any of the
previous examples, a computer-implemented method may include
validating the first key and the second key based on a comparison
between a third key and a third validated key, the third key
signing the first and second keys.
[0104] In a twenty-fifth example and in furtherance of any of the
previous examples, a computer-implemented method may include the
non-enumerable resource comprising a device coupled via one of a
system management bus (SMBus) and a general purpose input/output
(GPIO) bus.
[0105] Some embodiments may be described using the expression "one
embodiment" or "an embodiment" along with their derivatives. These
terms mean that a particular feature, structure, or characteristic
described in connection with the embodiment is included in at least
one embodiment. The appearances of the phrase "in one embodiment"
in various places in the specification are not necessarily all
referring to the same embodiment. Further, some embodiments may be
described using the expression "coupled" and "connected" along with
their derivatives. These terms are not necessarily intended as
synonyms for each other. For example, some embodiments may be
described using the terms "connected" and "coupled" to indicate
that two or more elements are in direct physical or electrical
contact with each other. The term "coupled," however, may also mean
that two or more elements are not in direct contact with each
other, but yet still co-operate or interact with each other.
[0106] It is emphasized that the Abstract of the Disclosure is
provided to allow a reader to quickly ascertain the nature of the
technical disclosure. It is submitted with the understanding that
it will not be used to interpret or limit the scope or meaning of
the claims. Also, in the preceding Detailed Description, it can be
seen that various features are grouped together in a single
embodiment for the purpose of streamlining the disclosure. This
method of disclosure is not to be interpreted as reflecting an
intention that the claimed embodiments require more features than
are expressly recited in each claim. Rather, as the following
claims reflect, inventive subject matter lies in less than all
features of a single disclosed embodiment. Thus the following
claims are at this moment incorporated into the Detailed
Description, with each claim standing on its own as a separate
embodiment. In the appended claims, the terms "including" and "in
which" are used as the plain-English equivalents of the respective
terms "comprising" and "wherein," respectively. Moreover, the terms
"first," "second," "third," and so forth, are used merely as labels
and are not intended to impose numerical requirements on their
objects.
[0107] What has been described above includes examples of the
disclosed architecture? It is, of course, not possible to describe
every conceivable combination of components and methodologies, but
one of ordinary skill in the art may recognize that many further
combinations and permutations are possible. Accordingly, the novel
architecture is intended to embrace all such alterations,
modifications, and variations that fall within the spirit and scope
of the appended claims.
* * * * *